|
|||||||
|
|
|
 |
|
|
Strumenti |
18-05-2010, 10:04
|
#1 |
|
Member
Iscritto dal: Sep 2007
Messaggi: 58
|
15 Minuti per avviare Xp
Da qualche giorno il mio pc ha un problema strano. Carica xp normalmente fino a quando compare il desktop e relative icone, ma da lì rimane in "stallo" per 10-15 minuti senza essere operativo. Poi appaiono le icone anche sulla barra delle applicazioni (tipo quella dell'antivirus) e inizia a funzionare. Ho provato a fare scansioni di ogni tipo e ho già tolto tutti i virus malware e trojan che potevo avere, anche in safe mode.
Ho un netbook Compaq mini. |
|
|
|
18-05-2010, 16:53
|
#2 |
|
Senior Member
Iscritto dal: Nov 2008
Città: Brindisi
Messaggi: 4048
|
Credo tu sia ancora infettato,fai questi passaggi:
- Fixa tutto il superfluo con HijackThis lascia solo gli antivirus - Pulizia globale con CCleaner - Scansione con Malwarebytes Anti-Malware prima dell'uso aggiornalo - Scansiona il sistema con Combofix
__________________
Dove l'ho sentita questa canzone ? www.plagimusicali.net AROS One Home Site  amiganews.it eab.abime.net Aros-Exec Arosworld
|
|
|
|
|
18-05-2010, 21:35
|
#3 |
|
Member
Iscritto dal: Sep 2007
Messaggi: 58
|
Questa è la scansione con COMBO FIX
ComboFix 10-05-16.06 - xxx 18/05/2010 21.06.49.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.627 [GMT 2:00] Eseguito da: D:\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000000-0000-0000-0000-000000000000} AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !! . ((((((((((((((((((((((((( Files Creati Da 2010-04-18 al 2010-05-18 ))))))))))))))))))))))))))))))))))) . 2010-05-18 18:51 . 2010-05-18 18:51 388096 ----a-r- c:\documents and settings\xxx\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-05-18 18:51 . 2010-05-18 18:51 -------- d-----w- c:\programmi\Trend Micro 2010-05-18 18:05 . 2010-05-18 18:05 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\Malwarebytes 2010-05-18 18:05 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-18 18:05 . 2010-05-18 18:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes 2010-05-18 18:05 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-18 18:05 . 2010-05-18 18:05 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware 2010-05-17 18:14 . 2010-05-17 18:15 -------- d-----w- c:\programmi\CCleaner 2010-05-17 17:22 . 2009-11-25 09:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-17 17:22 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-05-17 17:22 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-05-17 17:22 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-05-17 17:21 . 2010-05-17 17:21 -------- d-----w- c:\programmi\Avira 2010-05-17 17:21 . 2010-05-17 17:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira 2010-05-17 16:01 . 2010-05-17 16:01 63488 ----a-w- c:\documents and settings\xxx\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-05-17 16:01 . 2010-05-17 16:01 52224 ----a-w- c:\documents and settings\xxx\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-05-17 16:01 . 2010-05-17 16:01 117760 ----a-w- c:\documents and settings\xxx\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-05-17 16:01 . 2010-05-17 16:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com 2010-05-17 16:00 . 2010-05-17 18:46 -------- d-----w- c:\programmi\SUPERAntiSpyware 2010-05-17 16:00 . 2010-05-17 16:00 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\SUPERAntiSpyware.com 2010-05-17 15:59 . 2010-05-17 15:59 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard 2010-05-17 14:11 . 2010-05-17 14:21 -------- d-----w- c:\programmi\Spybot - Search & Destroy 2010-05-17 13:02 . 2010-05-17 13:02 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\CheckPoint 2010-05-17 12:59 . 2010-05-17 12:59 -------- d-----w- c:\programmi\CheckPoint 2010-05-17 12:59 . 2010-05-17 12:59 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-05-17 12:59 . 2009-12-04 14:35 46472 ----a-w- c:\windows\system32\vsutil_loc0410.dll 2010-05-17 12:59 . 2009-12-04 14:34 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2010-05-17 12:59 . 2009-12-04 14:34 69000 ----a-w- c:\windows\system32\zlcomm.dll 2010-05-17 12:58 . 2009-12-04 14:34 1238408 ----a-w- c:\windows\system32\zpeng25.dll 2010-05-17 12:58 . 2010-05-17 12:59 -------- d-----w- c:\windows\system32\ZoneLabs 2010-05-17 10:42 . 2010-05-17 10:42 -------- d-----w- c:\programmi\Zone Labs 2010-05-17 10:42 . 2010-05-18 19:15 -------- d-----w- c:\windows\Internet Logs 2010-04-23 16:36 . 2008-04-13 09:51 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys 2010-04-23 11:44 . 2008-04-13 09:46 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys 2010-04-22 12:33 . 2008-04-13 09:39 5504 ----a-w- c:\windows\system32\drivers\mstee.sys 2010-04-22 12:33 . 2008-04-13 09:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys 2010-04-22 12:18 . 2008-04-13 09:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys 2010-04-22 12:17 . 2008-04-13 09:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys 2010-04-22 12:17 . 2001-08-30 18:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-04-22 12:17 . 2008-04-13 09:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2010-04-21 20:58 . 2008-04-13 16:47 30208 ----a-w- c:\windows\system32\drivers\modem.sys 2010-04-21 20:58 . 2008-04-13 09:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-04-21 20:57 . 2008-04-13 09:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys 2010-04-21 20:57 . 2008-04-15 04:00 11264 ----a-w- c:\windows\system32\drivers\irenum.sys 2010-04-21 20:55 . 2008-04-15 04:00 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys 2010-04-21 20:55 . 2008-04-13 09:41 42112 ----a-w- c:\windows\system32\drivers\imapi.sys 2010-04-21 20:48 . 2008-04-13 09:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-04-21 20:48 . 2008-04-13 09:40 20480 ----a-w- c:\windows\system32\drivers\flpydisk.sys 2010-04-21 20:48 . 2008-04-13 09:40 27392 ----a-w- c:\windows\system32\drivers\fdc.sys 2010-04-21 20:45 . 2008-04-13 09:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2010-04-21 20:45 . 2008-04-13 09:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2010-04-21 20:45 . 2001-08-17 19:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys 2010-04-21 20:44 . 2008-04-15 04:00 59904 ----a-w- c:\windows\system32\drivers\atmarpc.sys 2010-04-21 20:44 . 2008-04-13 09:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys 2010-04-21 20:43 . 2008-04-15 04:00 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys 2010-04-21 20:43 . 2008-04-13 09:51 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys 2010-04-21 20:43 . 2008-04-13 07:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-18 18:59 . 2010-05-17 15:32 4467763 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2010-05-17 15:23 . 2010-04-04 16:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy 2010-05-17 13:47 . 2010-05-17 13:50 288768 ----a-w- c:\windows\Internet Logs\xDB1.tmp 2010-05-15 19:33 . 2010-03-26 16:21 -------- d-----w- c:\programmi\Google 2010-04-13 18:40 . 2009-09-19 16:41 -------- d-----w- c:\documents and settings\xxx\Dati applicazioni\vlc 2010-04-04 20:05 . 2008-06-26 16:00 84702 ----a-w- c:\windows\system32\perfc010.dat 2010-04-04 20:05 . 2008-06-26 16:00 489980 ----a-w- c:\windows\system32\perfh010.dat 2010-04-02 20:20 . 2009-08-01 13:55 386 ----a-w- c:\documents and settings\xxx\Dati applicazioni\wklnhst.dat 2010-03-31 12:04 . 2009-05-10 22:09 -------- d-----w- c:\programmi\Windows Media Connect 2 2010-03-31 12:04 . 2009-05-10 13:55 -------- d-----w- c:\programmi\Microsoft Works 2010-03-31 12:04 . 2009-05-10 13:39 -------- d-----w- c:\programmi\IDT 2010-03-11 12:30 . 2010-03-11 12:30 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:30 . 2010-03-11 12:30 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:30 . 2010-03-11 12:30 17408 ----a-w- c:\windows\system32\corpol.dll 2010-03-10 22:40 . 2009-12-01 14:48 79488 ----a-w- c:\documents and settings\xxx\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-09 11:09 . 2010-03-09 11:09 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-24 13:11 . 2010-04-14 19:48 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2009-12-04 1037192] "SysTrayApp"="c:\programmi\IDT\WDM\sttray.exe" [2009-03-30 483428] "SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536] "SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-10 136600] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "Microsoft Default Manager"="c:\programmi\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616] "ISW"="c:\programmi\CheckPoint\ZAForceField\ForceField.exe" [2009-10-27 730480] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "hpWirelessAssistant"="c:\programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "HP BTW Detect Program"="c:\programmi\HP\HPBTWD.exe" [2009-03-30 319488] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-12-03 00:34 35184 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-12-29 10:40 687560 ----a-w- c:\programmi\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 14:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-05-06 15:04 2017280 ----a-w- c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncables] 2009-04-01 23:51 173360 ----a-w- c:\programmi\syncables\syncables desktop\Syncables.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "BITS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"= "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programmi\\Autodesk\\Backburner\\monitor.exe"= "c:\\Programmi\\Autodesk\\Backburner\\manager.exe"= "c:\\Programmi\\Autodesk\\Backburner\\server.exe"= "c:\\Programmi\\Autodesk\\3ds Max 2009\\3dsmax.exe"= R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [10/05/2009 15.44.14 21488] R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [10/05/2009 15.44.14 15856] R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [24/09/2008 22.09.40 103792] R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [10/05/2009 15.44.14 25584] R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872] R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [06/05/2010 17.10.20 68168] R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\programmi\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [11/12/2008 22.46.22 125424] R2 BOTService;BOTService;c:\programmi\Roxio\BackOnTrack\Instant Restore\BOTService.exe [19/03/2009 12.04.38 203248] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programmi\CheckPoint\ZAForceField\ISWKL.sys [27/10/2009 17.58.32 25208] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programmi\CheckPoint\ZAForceField\ISWSVC.exe [27/10/2009 17.58.58 476528] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10/05/2009 15.39.24 113664] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [02/03/2009 23.03.48 38912] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/11/2009 15.49.31 717296] S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [26/03/2010 18.21.15 136176] S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10/03/2008 1.04.52 65536] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] . Contenuto della cartella 'Scheduled Tasks' 2010-05-18 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job - c:\programmi\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-03-19 10:05] 2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-03-26 16:21] 2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-03-26 16:21] . . ------- Scansione supplementare ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion&pf=cnnb IE: &AOL Toolbar Cerca - c:\documents and settings\All Users\Dati applicazioni\AOL\ieToolbar\resources\it-IT\local\search.html . - - - - CHIAVI ORFANE RIMOSSE - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) MSConfigStartUp-hsf87efjhdsf87f3jfsdi7fhsujfd - c:\docume~1\GRAZIA~1\IMPOST~1\Temp\taskmgr.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-18 21:22 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . --------------------- Dlls caricate dai processi in esecuzione --------------------- - - - - - - - > 'winlogon.exe'(832) c:\programmi\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll - - - - - - - > 'lsass.exe'(888) c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . Ora fine scansione: 2010-05-18 21:27:45 ComboFix-quarantined-files.txt 2010-05-18 19:27 Pre-Run: 129.073.147.904 byte disponibili Post-Run: 129.504.137.216 byte disponibili - - End Of File - - 57BEB32901FBD7B926461569E0A8320C Ultima modifica di cr0c-1 : 18-05-2010 alle 22:50. |
|
|
|
|
18-05-2010, 21:36
|
#4 |
|
Member
Iscritto dal: Sep 2007
Messaggi: 58
|
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.53.19, on 18/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Roxio\BackOnTrack\Instant Restore\BOTService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\CheckPoint\ZAForceField\ForceField.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\Programmi\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\igfxpers.exe C:\Programmi\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxtray.exe C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Programmi\HP\HPBTWD.exe C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\hkcmd.exe C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Hewlett-Packard\Shared\HpqToaster.exe C:\WINDOWS\system32\msiexec.exe C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Programmi\MSN\Toolbar\3.0.0559.0\msneshellx.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Programmi\MSN\Toolbar\3.0.0559.0\msneshellx.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Programmi\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [ISW] "C:\Programmi\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP BTW Detect Program] C:\Programmi\HP\HPBTWD.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &AOL Toolbar Cerca - C:\Documents and Settings\All Users\Dati applicazioni\AOL\ieToolbar\resources\it-IT\local\search.html O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/Messen....cab109791.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Programmi\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: BOTService - Sonic Solutions - C:\Programmi\Roxio\BackOnTrack\Instant Restore\BOTService.exe O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\programmi\idt\wdm\STacSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10381 bytes E questa è quella di Hijackthis. Ti sarei grato se mi potessi dare un occhio perchè non ci capisco niente, o in caso contrario di consigliarmi dove poter postare. |
|
|
|
|
18-05-2010, 22:11
|
#5 |
|
Senior Member
Iscritto dal: Nov 2008
Città: Brindisi
Messaggi: 4048
|
Non ci sono infezioni,probabilmente qualche applicazione precaricata va in loop,potrebbe essere,raysat_3dsMax2009_32server.exe di 3dsMax o le funzioni lanciate per di ZoneAlarm,ma anche le esecuzioni di Roxio etc...
Se hai dubbi sulle eliminazione,crea un nuovo utente e con HijackThis fixa le voci una alla volta per capire quale esecuzione dorme.Le esecuzione che elimini con HijackThis,non "toccheranno" quelle del tuo utente,ogni utente ha il suo avvio.
__________________
Dove l'ho sentita questa canzone ? www.plagimusicali.net AROS One Home Site amiganews.it eab.abime.net Aros-Exec Arosworld
Ultima modifica di AMIGASYSTEM : 18-05-2010 alle 22:15. |
|
|
|
|
18-05-2010, 22:48
|
#6 |
|
Member
Iscritto dal: Sep 2007
Messaggi: 58
|
sicuramente non è zone alarm perchè l'ho installato solo dopo che è comparso il problema. farò così, grazie per l'aiuto.
|
|
|
|
|
19-05-2010, 00:20
|
#7 | |
|
Senior Member
Iscritto dal: Nov 2008
Città: Brindisi
Messaggi: 4048
|
Quote:
Visto che sei appassionato di grafica 3D,cosa ne pensi di questo fatto da mio figlio: La voce nel primo Trailer è del famoso doppiatore Ivo De Palma. Trailer 1 Trailer 2 Tutti le parti che compongono il film: Saint Seiya the movie parte 1 Saint Seiya the movie parte 2 Saint Seiya the movie parte 3 Saint Seiya the movie parte 4 Saint Seiya the movie parte 5
__________________
Dove l'ho sentita questa canzone ? www.plagimusicali.net AROS One Home Site amiganews.it eab.abime.net Aros-Exec Arosworld
Ultima modifica di AMIGASYSTEM : 19-05-2010 alle 00:28. |
|
|
|
|
|
19-05-2010, 17:33
|
#8 |
|
Member
Iscritto dal: Sep 2007
Messaggi: 58
|
mi scuso ma il computer è della mia donna e io non me ne intendo assolutamente di queste cose
 chiederò a lei di darci un occhio visto che sta studiando questo ambito
|
|
|
|
|
19-05-2010, 19:13
|
#9 | |
|
Senior Member
Iscritto dal: Nov 2008
Città: Brindisi
Messaggi: 4048
|
Quote:
__________________
Dove l'ho sentita questa canzone ? www.plagimusicali.net AROS One Home Site amiganews.it eab.abime.net Aros-Exec Arosworld
Ultima modifica di AMIGASYSTEM : 19-05-2010 alle 19:16. |
|
|
|
|
|
20-05-2010, 20:03
|
#10 |
|
Senior Member
Iscritto dal: Feb 2002
Città: Este (PD)
Messaggi: 2922
|
esegui msconfig.exe
disabilita tutto da avvio automatico e dai servizi (spuntando prima di nascondere quelli microsoft) cosi' vedi se e' qualcosa in avvio a dare fastidio. Ovviamente poi ci sta una bella scansione del disco fisso per vedere che non abbia bad-cluster. ...ti conviene usare il tool del produttore. Infine pure un checkdisk /r non e' una brutta idea.
__________________
<<La Verità non richiede fede.>> |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 21:36.
