|
|||||||
|
|
|
 |
|
|
Strumenti |
25-09-2007, 15:39
|
#6581 |
|
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
Non mi intendo di Avenger, quindi devi aspettare qualcun'altro che di consigli per bene!
Io posso consigliarti una scansione con PREVX 2.0 (trial 30 giorni) |
|
|
|
25-09-2007, 16:45
|
#6582 |
|
Senior Member
Iscritto dal: Aug 2002
Messaggi: 5642
|
O23 - Service: Idrssroh - Macrovision Corporation - (no file)
cosa è?
devo eliminarlo, se sì come. grazie |
|
|
|
|
25-09-2007, 17:56
|
#6583 | |
|
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
Quote:
|
|
|
|
|
|
25-09-2007, 18:24
|
#6584 | |
|
Senior Member
Iscritto dal: Aug 2002
Messaggi: 5642
|
Quote:
Scan saved at 19.22.32, on 25/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\CTHELPER.EXE C:\Programmi\Picasa2\PicasaMediaDetector.exe C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Outlook Express\msimn.exe D:\Downloads\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [Schedulatore di FinePrint v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user') O4 - Startup: Civilization Registration.lnk = I:\ATR1.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168496884000 O17 - HKLM\System\CCS\Services\Tcpip\..\{92247C5E-35F1-43B0-A6EE-4EA3B480C5E4}: NameServer = 193.70.152.15,193.70.152.25 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~3.0\adialhk.dll O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Idrssroh - Macrovision Corporation - (no file) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 6426 bytes |
|
|
|
|
|
25-09-2007, 18:58
|
#6585 |
|
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
allora questo processo:
O23 - Service: Idrssroh - Macrovision Corporation - (no file) fallo analizzare su VIRUSTOTAL (da google) e se è infetto fixalo, ovvero riavvi Hijackthis, clicci su "DO A SYSTEM SCAN" e poi selezioni la voce sulla sinistra e in fondo clicchi fix checked, ti chiederà la conferma e tu gli darai SI. se non hai apportato te la modifica seguente Fissa la voce: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present se vuoi "alleggerire" l'avvio del tuo pc (facendolo andare più velocemente) fissa queste voci: O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [Schedulatore di FinePrint v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe ciao! |
|
|
|
|
25-09-2007, 19:51
|
#6586 |
|
Senior Member
Iscritto dal: Aug 2002
Messaggi: 5642
|
[quote=Gle89;18867697]allora questo processo:
O23 - Service: Idrssroh - Macrovision Corporation - (no file) fallo analizzare su VIRUSTOTAL (da google) e se è infetto fixalo, ovvero riavvi Hijackthis, clicci su "DO A SYSTEM SCAN" e poi selezioni la voce sulla sinistra e in fondo clicchi fix checked, ti chiederà la conferma e tu gli darai SI. non è un file giusto? ho provato su fix checked ma non funziona, riappare, virus total non trova niente. |
|
|
|
|
25-09-2007, 20:29
|
#6587 | |
|
Messaggi: n/a
|
Quote:
|
|
|
|
|
25-09-2007, 21:34
|
#6588 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
Codice:
Files to move: C:\Programmi\AntiVir PersonalEdition Classic\bak\avgnt.exe | C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\MSN Messenger\bak\msnmsgr.exe | C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\Ray Adams\ATI Tray Tools\bak\atitray.exe | C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe | C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe |
|
|
|
|
|
25-09-2007, 21:51
|
#6589 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
apri una discussione in questa sezione,illustra il problema e posta,oltre al log già inserito qui,uno scan con gmer con tra le altre la spunta su "services" |
|
|
|
|
|
25-09-2007, 21:57
|
#6590 |
|
Junior Member
Iscritto dal: Sep 2007
Messaggi: 2
|
C'è QUALCHE BUON'ANIMA CHE MI CONTROLLA IL LOG ???
C'E' QUALCOSA DI STRANO ??? GRAZIE MILLE Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19.10.46, on 18/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE d:\Programmi\Alwil Software\Avast4\aswUpdSv.exe d:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programmi\Canon\MultiPASS4\MPSERVIC.EXE C:\WINDOWS\system32\nvsvc32.exe c:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe d:\Programmi\Alwil Software\Avast4\ashMaiSv.exe d:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\taskswitch.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ASUS\Probe\AsusProb.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmi\Anti-Blaxx\Anti-Blaxx.exe C:\Programmi\QuickTime Alternative\qttask.exe C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe D:\Programmi\TomTom HOME\TomTomHOME.exe D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe D:\Programmi\D-Tools\daemon.exe D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe C:\Programmi\PC Connectivity Solution\ServiceLayer.exe C:\Programmi\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe D:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Programmi\PC Connectivity Solution\NclBTHandler.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programmi\Anti-Blaxx\Anti-Blaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [TomTomHOME.exe] "d:\Programmi\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmi\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Utilità controllo supporti di Cyber-shot Viewer.lnk = D:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: RAID Manager.lnk = ? O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://www.google.it O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MTV Mediabar ) - http://sib1.od2.com/common/musicmana...agerPlugin.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{4D34BC3D-E72D-4079-8FA4-18B74E388CEB}: NameServer = 193.70.152.15 193.70.152.25 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - d:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programmi\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programmi\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MpService - Canon Inc. - C:\Programmi\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - c:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9558 bytes |
|
|
|
|
25-09-2007, 22:05
|
#6591 |
|
Senior Member
Iscritto dal: Aug 2005
Città: Genova
Messaggi: 3397
|
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE |
|
|
|
|
25-09-2007, 22:10
|
#6592 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
 )2)scrivere in maiuscolo in un forum equivale a mettersi a vender pesce fresco immezzo alla strada 3)prima di buttar giù il log manco fosse pasta al velo scrivi che problemi avverti sul tuo pc in maniera tale da darci un input per poterlo verificare e darti ulteriori consigli |
|
|
|
|
|
25-09-2007, 22:38
|
#6593 | |
|
Junior Member
Iscritto dal: Sep 2007
Messaggi: 2
|
Quote:
ho installato Zone Alarm e poco dopo essere entrato nella schermata di windows xp, ancora prima di connettermi a internet zone alarm mi rileva che il programma "svchost.exe" prova ad accedere e successivamente anche "explorer.exe" è normale ??? x questo volevo verificare che fosse tutto a posto nel log...svchost.exe tra l'altro compare x ben tre volte nel log, è giusto così??? grazie ancora |
|
|
|
|
|
25-09-2007, 23:46
|
#6594 |
|
Senior Member
Iscritto dal: Aug 2006
Città: AS-ROMA
Messaggi: 976
|
Ciao ragazzi ho fatto un pò di "pulizia etnica" sul mio pc, ho eliminato uno dei miei giochi preferiti, Fifa07 visto che ora esce lo 08, e programmi consequenziali, inoltre ho buttato una marea di roba nel cestino, mi date una controllatina?
Grazie in anticipo.  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0.43.03, on 26/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\a-squared Free\a2service.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programmi\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programmi\Creative\Shared Files\CTDevSrv.exe C:\Programmi\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Eset\nod32krn.exe C:\Programmi\Raxco\PerfectDisk\PDAgent.exe C:\Programmi\Prevx2\PXAgent.exe C:\WINDOWS\system32\PSIService.exe C:\Programmi\Sandboxie\SbieSvc.exe C:\PROGRA~1\SPYWAR~2\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Eset\nod32kui.exe C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Prevx2\PXConsole.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\BitTorrent_DNA\dna.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe C:\Programmi\MSN Messenger\livecall.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.prevx.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prevx.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.prevx.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.prevx.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Programmi\Foxit\tbFoxi.dll O1 - Hosts: 65.54.179.203 login.live.com O1 - Hosts: 151.7.11.137 by128w.bay128.mail.live.com O1 - Hosts: 74.86.116.240 www.soccergaming.com O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmi\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll O2 - BHO: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Programmi\Foxit\tbFoxi.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Programmi\Foxit\tbFoxi.dll O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx2\PXConsole.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [UIWatcher] C:\Programmi\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174439887796 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E8FC9E75-1AA6-4BEE-9E68-02414E15A90A}: NameServer = 213.156.54.80,213.156.54.81 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AshampooDefragService - - C:\Programmi\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programmi\Creative\Shared Files\CTDevSrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programmi\Sandboxie\SbieSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe -- End of file - 8458 bytes |
|
|
|
|
26-09-2007, 09:48
|
#6595 | |
|
Member
Iscritto dal: Mar 2007
Messaggi: 34
|
Quote:
Ciao, questo è il log di Avenger dopo il riavvio Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\xdnxvqjx ******************* Script file located at: \??\C:\sdubkqbc.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File move operation C:\Programmi\AntiVir PersonalEdition Classic\bak\avgnt.exe|C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe completed successfully. File move operation C:\Programmi\MSN Messenger\bak\msnmsgr.exe|C:\Programmi\MSN Messenger\msnmsgr.exe completed successfully. File move operation C:\Programmi\Ray Adams\ATI Tray Tools\bak\atitray.exe|C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe completed successfully. File move operation C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe|C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe completed successfully. File move operation C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe completed successfully. Completed script processing. ******************* Finished! Terminate. E' andato a buon fine? Ps:qualche precauzione per evitare che ritorni questo maledetto HEUR-DBLEXT/Crypted?  ?Grazie mille,sempre gentilissimi
__________________
Xp Professional-SP Pack2-AMD Sempron 3000+Mo.Bo Asus K8N4-E Deluxe1024 MB Memoria RamAti Radeon X1600ProMaxtor 2HD 160+160 GB |
|
|
|
|
|
26-09-2007, 10:26
|
#6596 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
@PierCC
Dal momento che utilizzi Firefox installa l'estensione NoScript ed imposta in Strumenti - Opzioni - Privacy spunta la casella Elimina sempre i dati personali alla chiusura di Firefox (clicca sul tasto Impostazioni per flaggare eventuali altre opzioni) Inizia a far girare il browser dentro una sandbox, leggi qui: http://www.sandboxie.com/ edit: si lo script è andato a buon fine, dimenticavo a che livello è settata l'euristica di Antivir?
__________________
Try again and you will be luckier.
|
|
|
|
|
26-09-2007, 11:19
|
#6597 |
|
Member
Iscritto dal: Feb 2006
Messaggi: 45
|
Salve ragazzi,
sono due giorni che noto un fatto strano: anche se il pc non sta caricando nessuna pagina e non sono in esecuzione programmi, ogni tanto, per qualche secondo, compare la clessidra affianco alla fraccia del mouse. Sapete se è il sintomo di qualche strano intruso? Avete avuto esperienze in merito? vi lascio il mio log se gli date un occhiata ve ne sono molto grato. ------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12.13.14, on 26/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\Intel\Wireless\Bin\EvtEng.exe C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe C:\Programmi\Eset\nod32krn.exe C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\service32.exe C:\WINDOWS\system32\ThpSrv.exe C:\WINDOWS\snet32.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\TPSMain.exe C:\Programmi\Synaptics\SynTP\Toshiba.exe C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Programmi\TOSHIBA\TME3\TMERzCtl.EXE C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\thpsrv.exe C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe C:\Programmi\Eset\nod32kui.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE C:\Programmi\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Outlook Express\msimn.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ansa.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TMESRV.EXE] C:\Programmi\TOSHIBA\TME3\TMESRV31.EXE /Logon O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Programmi\TOSHIBA\TME3\TMERzCtl.EXE /Service O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\snet32.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1189090100406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189090090671 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Programmi\TOSHIBA\TME3\Tmesrv31.exe -- End of file - 7771 bytes |
|
|
|
|
26-09-2007, 13:35
|
#6598 |
|
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
pierpaolo_5
Intanto spiegati meglio,questa cosa della clessidra è subito dopo l'avvio del pc? o quando? 1° consiglio: aggiorna Internet Explorer alla versione 7 Passiamo al log: vai su VIRUSTOTAL da goggle e fai analizzare questo processo: C:\WINDOWS\service32.exe se ti dice che è infetto FISSALO SUBITO (selezionalo e poi premi fix cheked) fai scansionare anche questo percorso, ma credo che questo sia sicuro: O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon fissa sicuramente questa voce: O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\snet32.exe e se vuoi alleggerire l'avvio (consiglio vivamente!) del tuo sistema operativo fissa queste cose (non disinstallarai nessun programma): O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background 2° consiglio: aggiorna Acrobat Reader 3° consiglio: aggiorna MSN adesso c'è la versione 8.1 Adesso fai una scansione con il programma A-SQUARED che dalla mia firma puoi scaricare in modalità DEEP SCAN, alla fine dopo aver riavviato riposta un nuovo log di Hijackthis. 99 su 100 il tuo problema è C:\WINDOWS\service32.exe <--- segui le istruzioni passo passo e poi si vedrà! |
|
|
|
|
26-09-2007, 13:47
|
#6599 |
|
Senior Member
Iscritto dal: Aug 2006
Città: AS-ROMA
Messaggi: 976
|
Ragazzi sto notando che alcuni programmi vanno lentissimi e quando faccio il task manager mi risulta che la memoria allocata a volte arriva quasi al 100% impedendomi qualunque cosa.
Da log che ho postato ieri si evince qualcosa di strano? Ciao  p.s. l'ho notato proprio ieri notte quando provavo ad installare la demo di PES2008, ora lo vedo quando provo a fixare il registro di sistema e a ottimizzare con auslogics boost-speed..... p.s. 2 io oggi ho solo aggiornato i dirvers della scheda video. ops, intendevo non la memoria allocata ma l'utilizzo della cpu p.s. 3 ho trovato 3 giga in documents and settings-applicazioni locali-temp, forse è questo il problema? Ho cancellato tutto e sembra rifunzionare tutto ok..... Ultima modifica di paolo-fcb : 26-09-2007 alle 14:52. |
|
|
|
|
26-09-2007, 14:35
|
#6600 | |
|
Member
Iscritto dal: Feb 2006
Messaggi: 45
|
Quote:
Credo che tu abbia colto nel segno. Prima di leggere la tua risposta ho fatto una scansione con Prevx 2.0 (che non conoscevo prima d'ora, ma mi sembra veramente potente,se lo conosci vorrei anche un tuo parere a riguardo), dicevo, ho fatto la scansione con Prevx e mi ha trovato ed eliminato esattamente il file service32.exe classificato come "generic malware". ho fatto cmq le cose che mi hai suggerito e credo di aver risolto il problema della "clessidra", il quale si manifestava dopo l'avvio del pc ad intervalli irregolari. ti riposto il mio nuovo log: ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15.27.32, on 26/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\Intel\Wireless\Bin\EvtEng.exe C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe C:\Programmi\Eset\nod32krn.exe C:\Programmi\Prevx2\PXAgent.exe C:\WINDOWS\snet32.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\TPSMain.exe C:\Programmi\Synaptics\SynTP\Toshiba.exe C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Programmi\TOSHIBA\TME3\TMERzCtl.EXE C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\ThpSrv.exe C:\WINDOWS\system32\thpsrv.exe C:\Programmi\TOSHIBA\TME3\Tmesrv31.exe C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe C:\Programmi\TOSHIBA\TME3\TMEEJME.EXE C:\Programmi\Eset\nod32kui.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Prevx2\PXConsole.exe C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\a-squared Free\a2service.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ansa.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TMESRV.EXE] C:\Programmi\TOSHIBA\TME3\TMESRV31.EXE /Logon O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Programmi\TOSHIBA\TME3\TMERzCtl.EXE /Service O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx2\PXConsole.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\snet32.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1189090100406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189090090671 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Programmi\TOSHIBA\TME3\Tmesrv31.exe -- End of file - 7938 bytes |
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 19:49.
