HiJackThis - Analisi Log - leggere Regole di Sezione - Pagina 30

juninho85 · 13-11-2005, 12:37

Quote:

Originariamente inviato da Carlo colombo

ovvero???

ovvero vai su start/esegui,digiti "regedit" e piggi invio,dopodichè vai al percorso della chiave che non riesci a editare,anche se penso che il problma sia dovuto a qualche file che ti ripristina quella impostazione

Carlo colombo · 13-11-2005, 13:24

Quote:

Originariamente inviato da juninho85

ovvero vai su start/esegui,digiti "regedit" e piggi invio,dopodichè vai al percorso della chiave che non riesci a editare,anche se penso che il problma sia dovuto a qualche file che ti ripristina quella impostazione

Ok, seguendo l'indirizzo nelle chiavi di registro non c'è: http://www.newgenlook.info/ad/ad0411/
ma questo (penso che sia l'indirizzo giusto)
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

Non capisco perchè e non so cosa fare!!!!!

andorra24 · 13-11-2005, 13:44

Quote:

Originariamente inviato da Carlo colombo

Ok, seguendo l'indirizzo nelle chiavi di registro non c'è: http://www.newgenlook.info/ad/ad0411/
ma questo (penso che sia l'indirizzo giusto)
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

Non capisco perchè e non so cosa fare!!!!!

Fai una scansione con spybot.

Ambr0 · 14-11-2005, 17:47

Me la date una controllatina, grazie...

Logfile of HijackThis v1.99.1
Scan saved at 18.45.18, on 14/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\dede\IMPOST~1\Temp\Rar$EX00.833\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe

andorra24 · 14-11-2005, 17:51

Il log e' pulito.

BravoGT83 · 14-11-2005, 18:39

mi sa che ti manca il firewall? o usi il router o quello di Xp^?

howitzer · 14-11-2005, 20:41

Questo è il mio log chi di voi è così gentile da farmi capire cosa devo eliminare dal mio log?

Logfile of HijackThis v1.99.1
Scan saved at 21.33.55, on 14/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CAP3RSK.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\tuneplayer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\msmedia32.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\frankosho\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\System32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sqlREG] C:\tuneplayer.exe
O4 - Global Startup: Finestra di stato di Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126387304784
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MssengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WinMedia - Unknown owner - C:\WINDOWS\msmedia32.exe

BravoGT83 · 14-11-2005, 20:50

installa subito Service PAck 2

poi installa ewido www.filehippo.com

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares...ysb_regular.cab

andorra24 · 14-11-2005, 21:45

Da fixare anche queste:
C:\tuneplayer.exe
C:\WINDOWS\msmedia32.exe
O4 - HKLM\..\Run: [sqlREG] C:\tuneplayer.exe
O23 - Service: WinMedia - Unknown owner - C:\WINDOWS\msmedia32.exe

matty85 · 15-11-2005, 23:46

come da info posto il mio log

Logfile of HijackThis v1.99.1
Scan saved at 0.41.08, on 16/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\PestPatrol\PPControl.exe
C:\Programmi\PestPatrol\PPMemCheck.exe
C:\Programmi\PestPatrol\CookiePatrol.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Yahoo!\Messenger\ypager.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\Programmi\Winamp\winamp.exe
C:\mIRC\mirc.exe
C:\Programmi\ABC\ABC.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\Sports Interactive\Football Manager 2006\fm.exe
C:\DOCUME~1\Matteo\IMPOST~1\Temp\~e5.0001
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.file-webber.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.file-webber.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazzetta.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 195.158.172.121 www.file-webber.de
O1 - Hosts: 195.158.172.121 file-webber.de
O1 - Hosts: 195.158.172.121 www-google.ae
O1 - Hosts: 195.158.172.121 www-google.as
O1 - Hosts: 195.158.172.121 www-google.at
O1 - Hosts: 195.158.172.121 www-google.au
O1 - Hosts: 195.158.172.121 www-google.bi
O1 - Hosts: 195.158.172.121 www-google.br
O1 - Hosts: 195.158.172.121 www-google.ca
O1 - Hosts: 195.158.172.121 www-google.cc
O1 - Hosts: 195.158.172.121 www-google.cd
O1 - Hosts: 195.158.172.121 www-google.cg
O1 - Hosts: 195.158.172.121 www-google.ch
O1 - Hosts: 195.158.172.121 www-google.cl
O1 - Hosts: 195.158.172.121 www-google.co.cr
O1 - Hosts: 195.158.172.121 www-google.co.gg
O1 - Hosts: 195.158.172.121 www-google.co.hu
O1 - Hosts: 195.158.172.121 www-google.co.il
O1 - Hosts: 195.158.172.121 www-google.co.in
O1 - Hosts: 195.158.172.121 www-google.co.je
O1 - Hosts: 195.158.172.121 www-google.co.jp
O1 - Hosts: 195.158.172.121 www-google.co.kr
O1 - Hosts: 195.158.172.121 www-google.co.ls
O1 - Hosts: 195.158.172.121 www-google.co.nz
O1 - Hosts: 195.158.172.121 www-google.com
O1 - Hosts: 195.158.172.121 www-google.com.ae
O1 - Hosts: 195.158.172.121 www-google.com.au
O1 - Hosts: 195.158.172.121 www-google.com.ca
O1 - Hosts: 195.158.172.121 www-google.com.do
O1 - Hosts: 195.158.172.121 www-google.com.fj
O1 - Hosts: 195.158.172.121 www-google.com.gr
O1 - Hosts: 195.158.172.121 www-google.com.ly
O1 - Hosts: 195.158.172.121 www-google.com.mt
O1 - Hosts: 195.158.172.121 www-google.com.my
O1 - Hosts: 195.158.172.121 www-google.com.nf
O1 - Hosts: 195.158.172.121 www-google.com.ni
O1 - Hosts: 195.158.172.121 www-google.com.pa
O1 - Hosts: 195.158.172.121 www-google.com.pe
O1 - Hosts: 195.158.172.121 www-google.com.pk
O1 - Hosts: 195.158.172.121 www-google.com.pr
O1 - Hosts: 195.158.172.121 www-google.com.py
O1 - Hosts: 195.158.172.121 www-google.com.ru
O1 - Hosts: 195.158.172.121 www-google.com.sg
O1 - Hosts: 195.158.172.121 www-google.com.sv
O1 - Hosts: 195.158.172.121 www-google.com.tr
O1 - Hosts: 195.158.172.121 www-google.com.tw
O1 - Hosts: 195.158.172.121 www-google.com.vc
O1 - Hosts: 195.158.172.121 www-google.com.vn
O1 - Hosts: 195.158.172.121 www-google.cr
O1 - Hosts: 195.158.172.121 www-google.de
O1 - Hosts: 195.158.172.121 www-google.dj
O1 - Hosts: 195.158.172.121 www-google.do
O1 - Hosts: 195.158.172.121 www-google.es
O1 - Hosts: 195.158.172.121 www-google.fj
O1 - Hosts: 195.158.172.121 www-google.fr
O1 - Hosts: 195.158.172.121 www-google.gg
O1 - Hosts: 195.158.172.121 www-google.gl
O1 - Hosts: 195.158.172.121 www-google.gm
O1 - Hosts: 195.158.172.121 www-google.gr
O1 - Hosts: 195.158.172.121 www-google.hn
O1 - Hosts: 195.158.172.121 www-google.hu
O1 - Hosts: 195.158.172.121 www-google.ie
O1 - Hosts: 195.158.172.121 www-google.il
O1 - Hosts: 195.158.172.121 www-google.in
O1 - Hosts: 195.158.172.121 www-google.it
O1 - Hosts: 195.158.172.121 www-google.je
O1 - Hosts: 195.158.172.121 www-google.jp
O1 - Hosts: 195.158.172.121 www-google.kr
O1 - Hosts: 195.158.172.121 www-google.kz
O1 - Hosts: 195.158.172.121 www-google.ls
O1 - Hosts: 195.158.172.121 www-google.lt
O1 - Hosts: 195.158.172.121 www-google.lu
O1 - Hosts: 195.158.172.121 www-google.lv
O1 - Hosts: 195.158.172.121 www-google.ly
O1 - Hosts: 195.158.172.121 www-google.mt
O1 - Hosts: 195.158.172.121 www-google.mu
O1 - Hosts: 195.158.172.121 www-google.mw
O1 - Hosts: 195.158.172.121 www-google.my
O1 - Hosts: 195.158.172.121 www-google.nf
O1 - Hosts: 195.158.172.121 www-google.ni
O1 - Hosts: 195.158.172.121 www-google.nl
O1 - Hosts: 195.158.172.121 www-google.nz
O1 - Hosts: 195.158.172.121 www-google.pa
O1 - Hosts: 195.158.172.121 www-google.pe
O1 - Hosts: 195.158.172.121 www-google.pk
O1 - Hosts: 195.158.172.121 www-google.pl
O1 - Hosts: 195.158.172.121 www-google.pn
O1 - Hosts: 195.158.172.121 www-google.pr
O1 - Hosts: 195.158.172.121 www-google.pt
O1 - Hosts: 195.158.172.121 www-google.py
O1 - Hosts: 195.158.172.121 www-google.ru
O1 - Hosts: 195.158.172.121 www-google.rw
O1 - Hosts: 195.158.172.121 www-google.se
O1 - Hosts: 195.158.172.121 www-google.sg
O1 - Hosts: 195.158.172.121 www-google.sh
O1 - Hosts: 195.158.172.121 www-google.sk
O1 - Hosts: 195.158.172.121 www-google.sm
O1 - Hosts: 195.158.172.121 www-google.sv
O1 - Hosts: 195.158.172.121 www-google.td
O1 - Hosts: 195.158.172.121 www-google.tr
O1 - Hosts: 195.158.172.121 www-google.tw
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Programmi\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKLM\..\Run: [Logitechs] Logitechs.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmi\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programmi\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKLM\..\RunServices: [Logitechs] Logitechs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmi\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - C:\Programmi\crazyvegasMPP\MPPoker.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Avvio\Programmi\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Avvio\Programmi\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.venkplay.ro
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00000000-0023-0000-5400-320020040070} - http://66.240.181.129/gs/gsa0691.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/We...bridge-c18.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.riverbelle.com/download_helper/Nyoko.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1115558842335
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c3.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhel...7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dia...ex_1325_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{56240682-BC8E-45D8-8CBB-C1840C453842}: NameServer = 62.211.69.150 212.48.4.15
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe

juninho85 · 15-11-2005, 23:52

C:\Programmi\ABC\ABC.exe (mi è sconosciuto)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.file-webber.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.file-webber.de
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 195.158.172.121 www.file-webber.de
O1 - Hosts: 195.158.172.121 file-webber.de
O1 - Hosts: 195.158.172.121 www-google.ae
O1 - Hosts: 195.158.172.121 www-google.as
O1 - Hosts: 195.158.172.121 www-google.at
O1 - Hosts: 195.158.172.121 www-google.au
O1 - Hosts: 195.158.172.121 www-google.bi
O1 - Hosts: 195.158.172.121 www-google.br
O1 - Hosts: 195.158.172.121 www-google.ca
O1 - Hosts: 195.158.172.121 www-google.cc
O1 - Hosts: 195.158.172.121 www-google.cd
O1 - Hosts: 195.158.172.121 www-google.cg
O1 - Hosts: 195.158.172.121 www-google.ch
O1 - Hosts: 195.158.172.121 www-google.cl
O1 - Hosts: 195.158.172.121 www-google.co.cr
O1 - Hosts: 195.158.172.121 www-google.co.gg
O1 - Hosts: 195.158.172.121 www-google.co.hu
O1 - Hosts: 195.158.172.121 www-google.co.il
O1 - Hosts: 195.158.172.121 www-google.co.in
O1 - Hosts: 195.158.172.121 www-google.co.je
O1 - Hosts: 195.158.172.121 www-google.co.jp
O1 - Hosts: 195.158.172.121 www-google.co.kr
O1 - Hosts: 195.158.172.121 www-google.co.ls
O1 - Hosts: 195.158.172.121 www-google.co.nz
O1 - Hosts: 195.158.172.121 www-google.com
O1 - Hosts: 195.158.172.121 www-google.com.ae
O1 - Hosts: 195.158.172.121 www-google.com.au
O1 - Hosts: 195.158.172.121 www-google.com.ca
O1 - Hosts: 195.158.172.121 www-google.com.do
O1 - Hosts: 195.158.172.121 www-google.com.fj
O1 - Hosts: 195.158.172.121 www-google.com.gr
O1 - Hosts: 195.158.172.121 www-google.com.ly
O1 - Hosts: 195.158.172.121 www-google.com.mt
O1 - Hosts: 195.158.172.121 www-google.com.my
O1 - Hosts: 195.158.172.121 www-google.com.nf
O1 - Hosts: 195.158.172.121 www-google.com.ni
O1 - Hosts: 195.158.172.121 www-google.com.pa
O1 - Hosts: 195.158.172.121 www-google.com.pe
O1 - Hosts: 195.158.172.121 www-google.com.pk
O1 - Hosts: 195.158.172.121 www-google.com.pr
O1 - Hosts: 195.158.172.121 www-google.com.py
O1 - Hosts: 195.158.172.121 www-google.com.ru
O1 - Hosts: 195.158.172.121 www-google.com.sg
O1 - Hosts: 195.158.172.121 www-google.com.sv
O1 - Hosts: 195.158.172.121 www-google.com.tr
O1 - Hosts: 195.158.172.121 www-google.com.tw
O1 - Hosts: 195.158.172.121 www-google.com.vc
O1 - Hosts: 195.158.172.121 www-google.com.vn
O1 - Hosts: 195.158.172.121 www-google.cr
O1 - Hosts: 195.158.172.121 www-google.de
O1 - Hosts: 195.158.172.121 www-google.dj
O1 - Hosts: 195.158.172.121 www-google.do
O1 - Hosts: 195.158.172.121 www-google.es
O1 - Hosts: 195.158.172.121 www-google.fj
O1 - Hosts: 195.158.172.121 www-google.fr
O1 - Hosts: 195.158.172.121 www-google.gg
O1 - Hosts: 195.158.172.121 www-google.gl
O1 - Hosts: 195.158.172.121 www-google.gm
O1 - Hosts: 195.158.172.121 www-google.gr
O1 - Hosts: 195.158.172.121 www-google.hn
O1 - Hosts: 195.158.172.121 www-google.hu
O1 - Hosts: 195.158.172.121 www-google.ie
O1 - Hosts: 195.158.172.121 www-google.il
O1 - Hosts: 195.158.172.121 www-google.in
O1 - Hosts: 195.158.172.121 www-google.it
O1 - Hosts: 195.158.172.121 www-google.je
O1 - Hosts: 195.158.172.121 www-google.jp
O1 - Hosts: 195.158.172.121 www-google.kr
O1 - Hosts: 195.158.172.121 www-google.kz
O1 - Hosts: 195.158.172.121 www-google.ls
O1 - Hosts: 195.158.172.121 www-google.lt
O1 - Hosts: 195.158.172.121 www-google.lu
O1 - Hosts: 195.158.172.121 www-google.lv
O1 - Hosts: 195.158.172.121 www-google.ly
O1 - Hosts: 195.158.172.121 www-google.mt
O1 - Hosts: 195.158.172.121 www-google.mu
O1 - Hosts: 195.158.172.121 www-google.mw
O1 - Hosts: 195.158.172.121 www-google.my
O1 - Hosts: 195.158.172.121 www-google.nf
O1 - Hosts: 195.158.172.121 www-google.ni
O1 - Hosts: 195.158.172.121 www-google.nl
O1 - Hosts: 195.158.172.121 www-google.nz
O1 - Hosts: 195.158.172.121 www-google.pa
O1 - Hosts: 195.158.172.121 www-google.pe
O1 - Hosts: 195.158.172.121 www-google.pk
O1 - Hosts: 195.158.172.121 www-google.pl
O1 - Hosts: 195.158.172.121 www-google.pn
O1 - Hosts: 195.158.172.121 www-google.pr
O1 - Hosts: 195.158.172.121 www-google.pt
O1 - Hosts: 195.158.172.121 www-google.py
O1 - Hosts: 195.158.172.121 www-google.ru
O1 - Hosts: 195.158.172.121 www-google.rw
O1 - Hosts: 195.158.172.121 www-google.se
O1 - Hosts: 195.158.172.121 www-google.sg
O1 - Hosts: 195.158.172.121 www-google.sh
O1 - Hosts: 195.158.172.121 www-google.sk
O1 - Hosts: 195.158.172.121 www-google.sm
O1 - Hosts: 195.158.172.121 www-google.sv
O1 - Hosts: 195.158.172.121 www-google.td
O1 - Hosts: 195.158.172.121 www-google.tr
O1 - Hosts: 195.158.172.121 www-google.tw
O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - C:\Programmi\crazyvegasMPP\MPPoker.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Avvio\Programmi\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Avvio\Programmi\Absolute Poker\Absolute Poker.lnk
O15 - Trusted Zone: http://www.venkplay.ro
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00000000-0023-0000-5400-320020040070} - http://66.240.181.129/gs/gsa0691.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/We...bridge-c18.cab
http://www.riverbelle.com/download_helper/Nyoko.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c3.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhel...7/dlhelper.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dia...ex_1325_it.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

Jaguar64bit · 15-11-2005, 23:56

vedo che ha provveduto juninho ad analizzare il log che velocità...

però digli che deve fixare quello che gli hai segnato.

pifitalia · 16-11-2005, 01:36

ho un pc che dopo una, due ore di utilizzo, specie se collegato a internet, comincia paurosamente a rallentare. questo è il log di hijackthis con pc in piena crisi. non so se sia in realtà un problema hardware. grazie.

Logfile of HijackThis v1.99.1
Scan saved at 0.33.55, on 16/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\winjava.exe
C:\WINNT\System32\pnpmgr.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\MSN Apps\Updater\01.03.0000.1005\it\msnappau.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\C6 Messenger\c6Messenger.exe
C:\antivirus\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/...arch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/...arch.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/...arch.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe
O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\Run: [svcdata.exe] svcdata.exe
O4 - HKLM\..\Run: [MICROSFT RAMA UPDATE SUPPORT] MSED32.EXE
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\System32\winIogon.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.03.0000.1005\it\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [svcdata.exe] svcdata.exe
O4 - HKLM\..\RunServices: [MICROSFT RAMA UPDATE SUPPORT] MSED32.EXE
O4 - HKCU\..\Run: [svcdata.exe] svcdata.exe
O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Alice - {86B6D531-EED9-424F-82F7-8E41F7EAE5EB} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1131303853730
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/down...derActiveX.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINNT\System32\dfrgfat32.exe (file missing)
O23 - Service: Enables Java Support (Java) - Unknown owner - C:\WINNT\System32\winjava.exe
O23 - Service: Universal Plug and Play Manager (PnP Manager) - Unknown owner - C:\WINNT\System32\pnpmgr.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Remote Procedure Call (RPC) Monitoring (RpcMon) - Unknown owner - C:\WINNT\System32\Rpcmon.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE

juninho85 · 16-11-2005, 07:24

C:\WINNT\System32\winjava.exe
C:\WINNT\System32\pnpmgr.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O4 - HKLM\..\Run: [svcdata.exe] svcdata.exe
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [svcdata.exe] svcdata.exe
O4 - HKLM\..\RunServices: [MICROSFT RAMA UPDATE SUPPORT] MSED32.EXE
O4 - HKCU\..\Run: [svcdata.exe] svcdata.exe
O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Alice - {86B6D531-EED9-424F-82F7-8E41F7EAE5EB} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINNT\System32\dfrgfat32.exe (file missing)
O23 - Service: Enables Java Support (Java) - Unknown owner - C:\WINNT\System32\winjava.exe
O23 - Service: Remote Procedure Call (RPC) Monitoring (RpcMon) - Unknown owner - C:\WINNT\System32\Rpcmon.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE

per me tutte queste sono di dubbia provenienza...voi che dite?

juninho85 · 16-11-2005, 07:26

Quote:

Originariamente inviato da Jaguar64bit

vedo che ha provveduto juninho ad analizzare il log che velocità...

però digli che deve fixare quello che gli hai segnato.

quello è sottointeso

gianlucar · 17-11-2005, 08:37

vi sottopongo il mio log di hijackthis, ho già provato una marea di programmi antispyware e suit come kaspersky o pc cillin 12 ma continuo ad avere spywares che mi presentano finestre di popup, sia con IE che con Firefox.
Se lascio il pc collegato ad internet ma fermo immobile al desktop, pian piano mi appaiono popup su popup, sia in IE che Firefox.
Se da task manager chiudo svariati processi e lascio solo quelli di sistema (che non mi fa terminare) il problema continua.......

Potete darmi una mano o inizio a cantare un "de prufundis" a questo win?

Logfile of HijackThis v1.99.1
Scan saved at 9.12.24, on 17/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\ewido\security suite\ewidoctrl.exe
D:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
D:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
D:\Programmi\QuickTime\qttask.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Programmi\Microsoft AntiSpyware\gcasServ.exe
D:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
D:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
D:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Everest Labs\Spydefense\sdc.exe
C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programmi\PDF-XChangeSDKEU\PDFSaver.exe
D:\Programmi\Wacom\TabUserW.exe
D:\Programmi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - D:\PROGRA~1\COPERN~2\COPERN~1.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\PROGRA~1\COPERN~2\COPERN~1.DLL
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [gcasServ] "D:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NBJ] "D:\Programmi\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpyDefense] C:\Programmi\Everest Labs\Spydefense\sdc.exe /service
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = D:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: PDF-Capture.lnk = C:\Programmi\PDF-XChangeSDKEU\PDFSaver.exe
O4 - Global Startup: TabUserW.lnk = D:\Programmi\Wacom\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://D:\Programmi\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.flcgil.it
O15 - Trusted Zone: http://www.istruzione.it
O15 - Trusted Zone: http://www.trenitalia.it
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...b?1123057265750
O17 - HKLM\System\CCS\Services\Tcpip\..\{A42C95D7-0904-4BD1-81E6-CF7CE5A34E3A}: NameServer = 151.99.125.2,217.22.228.131
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\clmctl32.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\irj2l51o1.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\kmdazel.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

MadebyN · 17-11-2005, 09:03

"La formattazione salverà le nostre anime."

(Terzo Testamento)

In ogni caso anch'io utilizzo Kasper ma non ho questo file (utilizzo Kaspersky Anti-Virus Personal Pro 5.0):

C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
EDIT: Solo ora vedo che tu hai l'anti-hacker...

BravoGT83 · 17-11-2005, 09:06

O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\clmctl32.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\irj2l51o1.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\kmdazel.dll (file missing)
O15 - Trusted Zone: http://www.flcgil.it
O15 - Trusted Zone: http://www.istruzione.it
O15 - Trusted Zone: http://www.trenitalia.it

juninho85 · 17-11-2005, 09:14

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\irj2l51o1.dll

disabilita il servizio di sistema di windows "messenger"

gianlucar · 17-11-2005, 11:18

Fixate le righe da Voi citate.....
Terminato il servizio di messenger in background
Il problema si presenta acora.

Ormai la soluzione è rimasta una......format c:

15-11-2005, 23:46	#590
matty85 Junior Member Iscritto dal: Nov 2005 Messaggi: 11	problema con l'apertura di un solo sito : google come da info posto il mio log Logfile of HijackThis v1.99.1 Scan saved at 0.41.08, on 16/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Eset\nod32kui.exe C:\Programmi\D-Tools\daemon.exe C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Programmi\PestPatrol\PPControl.exe C:\Programmi\PestPatrol\PPMemCheck.exe C:\Programmi\PestPatrol\CookiePatrol.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Nokia\Nokia PC Suite 6\Launch Application 2.exe C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\Yahoo!\Messenger\ypager.exe C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE C:\Programmi\Winamp\winamp.exe C:\mIRC\mirc.exe C:\Programmi\ABC\ABC.exe C:\Programmi\ewido\security suite\ewidoguard.exe C:\Programmi\ewido\security suite\ewidoctrl.exe C:\Programmi\Sports Interactive\Football Manager 2006\fm.exe C:\DOCUME~1\Matteo\IMPOST~1\Temp\~e5.0001 C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.file-webber.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.file-webber.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazzetta.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O1 - Hosts: 195.158.172.121 www.file-webber.de O1 - Hosts: 195.158.172.121 file-webber.de O1 - Hosts: 195.158.172.121 www-google.ae O1 - Hosts: 195.158.172.121 www-google.as O1 - Hosts: 195.158.172.121 www-google.at O1 - Hosts: 195.158.172.121 www-google.au O1 - Hosts: 195.158.172.121 www-google.bi O1 - Hosts: 195.158.172.121 www-google.br O1 - Hosts: 195.158.172.121 www-google.ca O1 - Hosts: 195.158.172.121 www-google.cc O1 - Hosts: 195.158.172.121 www-google.cd O1 - Hosts: 195.158.172.121 www-google.cg O1 - Hosts: 195.158.172.121 www-google.ch O1 - Hosts: 195.158.172.121 www-google.cl O1 - Hosts: 195.158.172.121 www-google.co.cr O1 - Hosts: 195.158.172.121 www-google.co.gg O1 - Hosts: 195.158.172.121 www-google.co.hu O1 - Hosts: 195.158.172.121 www-google.co.il O1 - Hosts: 195.158.172.121 www-google.co.in O1 - Hosts: 195.158.172.121 www-google.co.je O1 - Hosts: 195.158.172.121 www-google.co.jp O1 - Hosts: 195.158.172.121 www-google.co.kr O1 - Hosts: 195.158.172.121 www-google.co.ls O1 - Hosts: 195.158.172.121 www-google.co.nz O1 - Hosts: 195.158.172.121 www-google.com O1 - Hosts: 195.158.172.121 www-google.com.ae O1 - Hosts: 195.158.172.121 www-google.com.au O1 - Hosts: 195.158.172.121 www-google.com.ca O1 - Hosts: 195.158.172.121 www-google.com.do O1 - Hosts: 195.158.172.121 www-google.com.fj O1 - Hosts: 195.158.172.121 www-google.com.gr O1 - Hosts: 195.158.172.121 www-google.com.ly O1 - Hosts: 195.158.172.121 www-google.com.mt O1 - Hosts: 195.158.172.121 www-google.com.my O1 - Hosts: 195.158.172.121 www-google.com.nf O1 - Hosts: 195.158.172.121 www-google.com.ni O1 - Hosts: 195.158.172.121 www-google.com.pa O1 - Hosts: 195.158.172.121 www-google.com.pe O1 - Hosts: 195.158.172.121 www-google.com.pk O1 - Hosts: 195.158.172.121 www-google.com.pr O1 - Hosts: 195.158.172.121 www-google.com.py O1 - Hosts: 195.158.172.121 www-google.com.ru O1 - Hosts: 195.158.172.121 www-google.com.sg O1 - Hosts: 195.158.172.121 www-google.com.sv O1 - Hosts: 195.158.172.121 www-google.com.tr O1 - Hosts: 195.158.172.121 www-google.com.tw O1 - Hosts: 195.158.172.121 www-google.com.vc O1 - Hosts: 195.158.172.121 www-google.com.vn O1 - Hosts: 195.158.172.121 www-google.cr O1 - Hosts: 195.158.172.121 www-google.de O1 - Hosts: 195.158.172.121 www-google.dj O1 - Hosts: 195.158.172.121 www-google.do O1 - Hosts: 195.158.172.121 www-google.es O1 - Hosts: 195.158.172.121 www-google.fj O1 - Hosts: 195.158.172.121 www-google.fr O1 - Hosts: 195.158.172.121 www-google.gg O1 - Hosts: 195.158.172.121 www-google.gl O1 - Hosts: 195.158.172.121 www-google.gm O1 - Hosts: 195.158.172.121 www-google.gr O1 - Hosts: 195.158.172.121 www-google.hn O1 - Hosts: 195.158.172.121 www-google.hu O1 - Hosts: 195.158.172.121 www-google.ie O1 - Hosts: 195.158.172.121 www-google.il O1 - Hosts: 195.158.172.121 www-google.in O1 - Hosts: 195.158.172.121 www-google.it O1 - Hosts: 195.158.172.121 www-google.je O1 - Hosts: 195.158.172.121 www-google.jp O1 - Hosts: 195.158.172.121 www-google.kr O1 - Hosts: 195.158.172.121 www-google.kz O1 - Hosts: 195.158.172.121 www-google.ls O1 - Hosts: 195.158.172.121 www-google.lt O1 - Hosts: 195.158.172.121 www-google.lu O1 - Hosts: 195.158.172.121 www-google.lv O1 - Hosts: 195.158.172.121 www-google.ly O1 - Hosts: 195.158.172.121 www-google.mt O1 - Hosts: 195.158.172.121 www-google.mu O1 - Hosts: 195.158.172.121 www-google.mw O1 - Hosts: 195.158.172.121 www-google.my O1 - Hosts: 195.158.172.121 www-google.nf O1 - Hosts: 195.158.172.121 www-google.ni O1 - Hosts: 195.158.172.121 www-google.nl O1 - Hosts: 195.158.172.121 www-google.nz O1 - Hosts: 195.158.172.121 www-google.pa O1 - Hosts: 195.158.172.121 www-google.pe O1 - Hosts: 195.158.172.121 www-google.pk O1 - Hosts: 195.158.172.121 www-google.pl O1 - Hosts: 195.158.172.121 www-google.pn O1 - Hosts: 195.158.172.121 www-google.pr O1 - Hosts: 195.158.172.121 www-google.pt O1 - Hosts: 195.158.172.121 www-google.py O1 - Hosts: 195.158.172.121 www-google.ru O1 - Hosts: 195.158.172.121 www-google.rw O1 - Hosts: 195.158.172.121 www-google.se O1 - Hosts: 195.158.172.121 www-google.sg O1 - Hosts: 195.158.172.121 www-google.sh O1 - Hosts: 195.158.172.121 www-google.sk O1 - Hosts: 195.158.172.121 www-google.sm O1 - Hosts: 195.158.172.121 www-google.sv O1 - Hosts: 195.158.172.121 www-google.td O1 - Hosts: 195.158.172.121 www-google.tr O1 - Hosts: 195.158.172.121 www-google.tw O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Programmi\Yahoo!\Common\YIeTagBm.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MS MSN Menssenger 7.0] MSMSN7.exe O4 - HKLM\..\Run: [Logitechs] Logitechs.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmi\PestPatrol\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\Programmi\PestPatrol\CookiePatrol.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe O4 - HKLM\..\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe O4 - HKLM\..\RunServices: [Logitechs] Logitechs.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MS MSN Menssenger 7.0] MSMSN7.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmi\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - C:\Programmi\crazyvegasMPP\MPPoker.exe O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Avvio\Programmi\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Avvio\Programmi\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.venkplay.ro O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {00000000-0023-0000-5400-320020040070} - http://66.240.181.129/gs/gsa0691.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/We...bridge-c18.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.riverbelle.com/download_helper/Nyoko.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1115558842335 O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c3.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhel...7/dlhelper.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dia...ex_1325_it.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{56240682-BC8E-45D8-8CBB-C1840C453842}: NameServer = 62.211.69.150 212.48.4.15 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe

15-11-2005, 23:56	#592
Jaguar64bit Senior Member Iscritto dal: Oct 2002 Città: Mi Messaggi: 8046	vedo che ha provveduto juninho ad analizzare il log che velocità... però digli che deve fixare quello che gli hai segnato. Ultima modifica di Jaguar64bit : 16-11-2005 alle 00:01.

16-11-2005, 01:36	#593
pifitalia Junior Member Iscritto dal: Aug 2005 Messaggi: 1	file log anna ho un pc che dopo una, due ore di utilizzo, specie se collegato a internet, comincia paurosamente a rallentare. questo è il log di hijackthis con pc in piena crisi. non so se sia in realtà un problema hardware. grazie. Logfile of HijackThis v1.99.1 Scan saved at 0.33.55, on 16/11/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\winjava.exe C:\WINNT\System32\pnpmgr.exe C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\WLTRYSVC.EXE C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\MSN Apps\Updater\01.03.0000.1005\it\msnappau.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\WINNT\System32\bcmwltry.exe C:\WINNT\system32\wuauclt.exe C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe C:\Programmi\C6 Messenger\c6Messenger.exe C:\antivirus\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/...arch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/...arch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/...arch.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/...arch.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe O4 - HKLM\..\Run: [svcdata.exe] svcdata.exe O4 - HKLM\..\Run: [MICROSFT RAMA UPDATE SUPPORT] MSED32.EXE O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\System32\winIogon.exe O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.03.0000.1005\it\msnappau.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe O4 - HKLM\..\RunServices: [svcdata.exe] svcdata.exe O4 - HKLM\..\RunServices: [MICROSFT RAMA UPDATE SUPPORT] MSED32.EXE O4 - HKCU\..\Run: [svcdata.exe] svcdata.exe O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: Alice - {86B6D531-EED9-424F-82F7-8E41F7EAE5EB} - http://gw.aliceadsl.it/alice (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1131303853730 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/down...derActiveX.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINNT\System32\dfrgfat32.exe (file missing) O23 - Service: Enables Java Support (Java) - Unknown owner - C:\WINNT\System32\winjava.exe O23 - Service: Universal Plug and Play Manager (PnP Manager) - Unknown owner - C:\WINNT\System32\pnpmgr.exe O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe O23 - Service: Remote Procedure Call (RPC) Monitoring (RpcMon) - Unknown owner - C:\WINNT\System32\Rpcmon.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE Ultima modifica di pifitalia : 16-11-2005 alle 01:40.

17-11-2005, 09:03	#597
MadebyN Senior Member Iscritto dal: Aug 2004 Messaggi: 488	"La formattazione salverà le nostre anime." (Terzo Testamento) In ogni caso anch'io utilizzo Kasper ma non ho questo file (utilizzo Kaspersky Anti-Virus Personal Pro 5.0): C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE EDIT: Solo ora vedo che tu hai l'anti-hacker... Ultima modifica di MadebyN : 17-11-2005 alle 09:22.

14-11-2005, 17:47	#584
Ambr0 Member Iscritto dal: Sep 2005 Messaggi: 40	Me la date una controllatina, grazie... Logfile of HijackThis v1.99.1 Scan saved at 18.45.18, on 14/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programmi\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\Mixer.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\dede\IMPOST~1\Temp\Rar$EX00.833\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe

14-11-2005, 17:51	#585
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Il log e' pulito.

14-11-2005, 18:39	#586
BravoGT83 Senior Member Iscritto dal: Sep 2004 Messaggi: 6387	mi sa che ti manca il firewall? o usi il router o quello di Xp^?

14-11-2005, 20:41	#587
howitzer Junior Member Iscritto dal: Nov 2005 Messaggi: 1	Questo è il mio log chi di voi è così gentile da farmi capire cosa devo eliminare dal mio log? Logfile of HijackThis v1.99.1 Scan saved at 21.33.55, on 14/11/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CAP3RSK.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\tuneplayer.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\msmedia32.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\frankosho\Impostazioni locali\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\System32\spool\drivers\w32x86\3\CAP3ONN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sqlREG] C:\tuneplayer.exe O4 - Global Startup: Finestra di stato di Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126387304784 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MssengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: WinMedia - Unknown owner - C:\WINDOWS\msmedia32.exe

14-11-2005, 20:50	#588
BravoGT83 Senior Member Iscritto dal: Sep 2004 Messaggi: 6387	installa subito Service PAck 2 poi installa ewido www.filehippo.com O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares...ysb_regular.cab

14-11-2005, 21:45	#589
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Da fixare anche queste: C:\tuneplayer.exe C:\WINDOWS\msmedia32.exe O4 - HKLM\..\Run: [sqlREG] C:\tuneplayer.exe O23 - Service: WinMedia - Unknown owner - C:\WINDOWS\msmedia32.exe

15-11-2005, 23:52	#591
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 28978	C:\Programmi\ABC\ABC.exe (mi è sconosciuto) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.file-webber.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.file-webber.de F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O1 - Hosts: 195.158.172.121 www.file-webber.de O1 - Hosts: 195.158.172.121 file-webber.de O1 - Hosts: 195.158.172.121 www-google.ae O1 - Hosts: 195.158.172.121 www-google.as O1 - Hosts: 195.158.172.121 www-google.at O1 - Hosts: 195.158.172.121 www-google.au O1 - Hosts: 195.158.172.121 www-google.bi O1 - Hosts: 195.158.172.121 www-google.br O1 - Hosts: 195.158.172.121 www-google.ca O1 - Hosts: 195.158.172.121 www-google.cc O1 - Hosts: 195.158.172.121 www-google.cd O1 - Hosts: 195.158.172.121 www-google.cg O1 - Hosts: 195.158.172.121 www-google.ch O1 - Hosts: 195.158.172.121 www-google.cl O1 - Hosts: 195.158.172.121 www-google.co.cr O1 - Hosts: 195.158.172.121 www-google.co.gg O1 - Hosts: 195.158.172.121 www-google.co.hu O1 - Hosts: 195.158.172.121 www-google.co.il O1 - Hosts: 195.158.172.121 www-google.co.in O1 - Hosts: 195.158.172.121 www-google.co.je O1 - Hosts: 195.158.172.121 www-google.co.jp O1 - Hosts: 195.158.172.121 www-google.co.kr O1 - Hosts: 195.158.172.121 www-google.co.ls O1 - Hosts: 195.158.172.121 www-google.co.nz O1 - Hosts: 195.158.172.121 www-google.com O1 - Hosts: 195.158.172.121 www-google.com.ae O1 - Hosts: 195.158.172.121 www-google.com.au O1 - Hosts: 195.158.172.121 www-google.com.ca O1 - Hosts: 195.158.172.121 www-google.com.do O1 - Hosts: 195.158.172.121 www-google.com.fj O1 - Hosts: 195.158.172.121 www-google.com.gr O1 - Hosts: 195.158.172.121 www-google.com.ly O1 - Hosts: 195.158.172.121 www-google.com.mt O1 - Hosts: 195.158.172.121 www-google.com.my O1 - Hosts: 195.158.172.121 www-google.com.nf O1 - Hosts: 195.158.172.121 www-google.com.ni O1 - Hosts: 195.158.172.121 www-google.com.pa O1 - Hosts: 195.158.172.121 www-google.com.pe O1 - Hosts: 195.158.172.121 www-google.com.pk O1 - Hosts: 195.158.172.121 www-google.com.pr O1 - Hosts: 195.158.172.121 www-google.com.py O1 - Hosts: 195.158.172.121 www-google.com.ru O1 - Hosts: 195.158.172.121 www-google.com.sg O1 - Hosts: 195.158.172.121 www-google.com.sv O1 - Hosts: 195.158.172.121 www-google.com.tr O1 - Hosts: 195.158.172.121 www-google.com.tw O1 - Hosts: 195.158.172.121 www-google.com.vc O1 - Hosts: 195.158.172.121 www-google.com.vn O1 - Hosts: 195.158.172.121 www-google.cr O1 - Hosts: 195.158.172.121 www-google.de O1 - Hosts: 195.158.172.121 www-google.dj O1 - Hosts: 195.158.172.121 www-google.do O1 - Hosts: 195.158.172.121 www-google.es O1 - Hosts: 195.158.172.121 www-google.fj O1 - Hosts: 195.158.172.121 www-google.fr O1 - Hosts: 195.158.172.121 www-google.gg O1 - Hosts: 195.158.172.121 www-google.gl O1 - Hosts: 195.158.172.121 www-google.gm O1 - Hosts: 195.158.172.121 www-google.gr O1 - Hosts: 195.158.172.121 www-google.hn O1 - Hosts: 195.158.172.121 www-google.hu O1 - Hosts: 195.158.172.121 www-google.ie O1 - Hosts: 195.158.172.121 www-google.il O1 - Hosts: 195.158.172.121 www-google.in O1 - Hosts: 195.158.172.121 www-google.it O1 - Hosts: 195.158.172.121 www-google.je O1 - Hosts: 195.158.172.121 www-google.jp O1 - Hosts: 195.158.172.121 www-google.kr O1 - Hosts: 195.158.172.121 www-google.kz O1 - Hosts: 195.158.172.121 www-google.ls O1 - Hosts: 195.158.172.121 www-google.lt O1 - Hosts: 195.158.172.121 www-google.lu O1 - Hosts: 195.158.172.121 www-google.lv O1 - Hosts: 195.158.172.121 www-google.ly O1 - Hosts: 195.158.172.121 www-google.mt O1 - Hosts: 195.158.172.121 www-google.mu O1 - Hosts: 195.158.172.121 www-google.mw O1 - Hosts: 195.158.172.121 www-google.my O1 - Hosts: 195.158.172.121 www-google.nf O1 - Hosts: 195.158.172.121 www-google.ni O1 - Hosts: 195.158.172.121 www-google.nl O1 - Hosts: 195.158.172.121 www-google.nz O1 - Hosts: 195.158.172.121 www-google.pa O1 - Hosts: 195.158.172.121 www-google.pe O1 - Hosts: 195.158.172.121 www-google.pk O1 - Hosts: 195.158.172.121 www-google.pl O1 - Hosts: 195.158.172.121 www-google.pn O1 - Hosts: 195.158.172.121 www-google.pr O1 - Hosts: 195.158.172.121 www-google.pt O1 - Hosts: 195.158.172.121 www-google.py O1 - Hosts: 195.158.172.121 www-google.ru O1 - Hosts: 195.158.172.121 www-google.rw O1 - Hosts: 195.158.172.121 www-google.se O1 - Hosts: 195.158.172.121 www-google.sg O1 - Hosts: 195.158.172.121 www-google.sh O1 - Hosts: 195.158.172.121 www-google.sk O1 - Hosts: 195.158.172.121 www-google.sm O1 - Hosts: 195.158.172.121 www-google.sv O1 - Hosts: 195.158.172.121 www-google.td O1 - Hosts: 195.158.172.121 www-google.tr O1 - Hosts: 195.158.172.121 www-google.tw O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - C:\Programmi\crazyvegasMPP\MPPoker.exe O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Avvio\Programmi\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Avvio\Programmi\Absolute Poker\Absolute Poker.lnk O15 - Trusted Zone: http://www.venkplay.ro O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {00000000-0023-0000-5400-320020040070} - http://66.240.181.129/gs/gsa0691.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/We...bridge-c18.cab http://www.riverbelle.com/download_helper/Nyoko.cab O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c3.cab O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhel...7/dlhelper.cab O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dia...ex_1325_it.exe O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

16-11-2005, 07:24	#594
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 28978	C:\WINNT\System32\winjava.exe C:\WINNT\System32\pnpmgr.exe C:\WINNT\System32\WLTRYSVC.EXE C:\WINNT\System32\bcmwltry.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> O4 - HKLM\..\Run: [svcdata.exe] svcdata.exe O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe O4 - HKLM\..\RunServices: [svcdata.exe] svcdata.exe O4 - HKLM\..\RunServices: [MICROSFT RAMA UPDATE SUPPORT] MSED32.EXE O4 - HKCU\..\Run: [svcdata.exe] svcdata.exe O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: Alice - {86B6D531-EED9-424F-82F7-8E41F7EAE5EB} - http://gw.aliceadsl.it/alice (file missing) (HKCU) O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINNT\System32\dfrgfat32.exe (file missing) O23 - Service: Enables Java Support (Java) - Unknown owner - C:\WINNT\System32\winjava.exe O23 - Service: Remote Procedure Call (RPC) Monitoring (RpcMon) - Unknown owner - C:\WINNT\System32\Rpcmon.exe (file missing) O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE per me tutte queste sono di dubbia provenienza...voi che dite?

17-11-2005, 08:37	#596
gianlucar Member Iscritto dal: Nov 2005 Messaggi: 35	vi sottopongo il mio log di hijackthis, ho già provato una marea di programmi antispyware e suit come kaspersky o pc cillin 12 ma continuo ad avere spywares che mi presentano finestre di popup, sia con IE che con Firefox. Se lascio il pc collegato ad internet ma fermo immobile al desktop, pian piano mi appaiono popup su popup, sia in IE che Firefox. Se da task manager chiudo svariati processi e lascio solo quelli di sistema (che non mi fa terminare) il problema continua....... Potete darmi una mano o inizio a cantare un "de prufundis" a questo win? Logfile of HijackThis v1.99.1 Scan saved at 9.12.24, on 17/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Programmi\ewido\security suite\ewidoctrl.exe D:\Programmi\ewido\security suite\ewidoguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\mgabg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\Tablet.exe C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe D:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe D:\Programmi\QuickTime\qttask.exe C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe D:\Programmi\Microsoft AntiSpyware\gcasServ.exe D:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe D:\Programmi\SlySoft\AnyDVD\AnyDVD.exe D:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE C:\WINDOWS\System32\svchost.exe C:\Programmi\Everest Labs\Spydefense\sdc.exe C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe C:\Programmi\PDF-XChangeSDKEU\PDFSaver.exe D:\Programmi\Wacom\TabUserW.exe D:\Programmi\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - D:\PROGRA~1\COPERN~2\COPERN~1.DLL O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\PROGRA~1\COPERN~2\COPERN~1.DLL O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [gcasServ] "D:\Programmi\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [NBJ] "D:\Programmi\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [SpyDefense] C:\Programmi\Everest Labs\Spydefense\sdc.exe /service O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = D:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe O4 - Global Startup: PDF-Capture.lnk = C:\Programmi\PDF-XChangeSDKEU\PDFSaver.exe O4 - Global Startup: TabUserW.lnk = D:\Programmi\Wacom\TabUserW.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Search Using Copernic Agent - res://D:\Programmi\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~2\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~2\COPERN~1.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~2\COPERN~1.EXE O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.flcgil.it O15 - Trusted Zone: http://www.istruzione.it O15 - Trusted Zone: http://www.trenitalia.it O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...b?1123057265750 O17 - HKLM\System\CCS\Services\Tcpip\..\{A42C95D7-0904-4BD1-81E6-CF7CE5A34E3A}: NameServer = 151.99.125.2,217.22.228.131 O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\clmctl32.dll (file missing) O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\irj2l51o1.dll O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\kmdazel.dll (file missing) O23 - Service: ewido security suite control - ewido networks - D:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

17-11-2005, 09:06	#598
BravoGT83 Senior Member Iscritto dal: Sep 2004 Messaggi: 6387	O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\clmctl32.dll (file missing) O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\irj2l51o1.dll O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\kmdazel.dll (file missing) O15 - Trusted Zone: http://www.flcgil.it O15 - Trusted Zone: http://www.istruzione.it O15 - Trusted Zone: http://www.trenitalia.it

17-11-2005, 09:14	#599
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 28978	R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\irj2l51o1.dll disabilita il servizio di sistema di windows "messenger"

17-11-2005, 11:18	#600
gianlucar Member Iscritto dal: Nov 2005 Messaggi: 35	Fixate le righe da Voi citate..... Terminato il servizio di messenger in background Il problema si presenta acora. Ormai la soluzione è rimasta una......format c:

Strumenti
Mostra una versione stampabile Invia questa pagina per email