|
|
|
|
Strumenti |
05-02-2006, 09:36 | #1141 | |
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
Ultima modifica di andorra24 : 05-02-2006 alle 09:42. |
|
05-02-2006, 13:00 | #1142 |
Member
Iscritto dal: Aug 2004
Città: udine
Messaggi: 88
|
vi incollo il log del pc dove ho Adware Punisher che mi salta fuori di continuo, sostituisce i banner con il suo e negli iper testi fa comparire la sua pubblicità.
Ewido dice che è un adware.cashdeluxe però non riesce a toglierlo perchè compare sempre in un file intxt.exe. Logfile of HijackThis v1.99.1 Scan saved at 13.54.13, on 05/02/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\system32\svchost.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\Programmi\ewido anti-malware\ewidoguard.exe C:\WINNT\system32\hidserv.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Programmi\UltraVNC\WinVNC.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe C:\Programmi\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\7453_UPD_Utility\Programmi\CheckLAN.exe C:\WINNT\system32\cmd.exe C:\WINNT\system32\ntvdm.exe C:\SERVER\bin\Srvdemon.exe C:\WINNT\system32\shell386.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programmi\Softwin\BitDefender8\bdnagent.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe c:\programmi\softwin\bitdefender8\bdmcon.exe C:\WINNT\system32\cmd.exe C:\WINNT\system32\ntvdm.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Administrator\Impostazioni locali\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.it R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll (file missing) O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINNT\system32\winapi32.dll O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll (file missing) O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe O4 - HKLM\..\Run: [REGRUN] C:\listen.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Win32.Virus.Smart32] C:\WINNT\system32\adsmart.exe O4 - HKLM\..\Run: [Win32.Exploit.A] C:\WINNT\system32\exa32.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programmi\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\RunServices: [Messenger 7] msn7.exe O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000234.exe O4 - Startup: CheckLAN.lnk = C:\7453_UPD_Utility\Programmi\CheckLAN.exe O4 - Startup: Mtx-Server.lnk = C:\Server\Sh\Srv_loop.bat O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/1058972.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{A3421FA6-A884-4036-A708-6666BDBE2254}: NameServer = 151.99.125.3,212.131.30.43 O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Servizio host di pcAnywhere (awhost32) - Symantec Corporation - C:\Programmi\Symantec\pcAnywhere\awhost32.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\UltraVNC\WinVNC.exe" -service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) ciao grazie
__________________
respect!! |
05-02-2006, 13:09 | #1143 |
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34262
|
in attesa che arrivi andorra questi dovrebbero
O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll (file missing) O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll (file missing) O4 - HKLM\..\Run: [REGRUN] C:\listen.exe O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/1058972.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\UltraVNC\WinVNC.exe" -service (file missing) oltre a: O4 - HKLM\..\Run: [Win32.Virus.Smart32] C:\WINNT\system32\adsmart.exe O4 - HKLM\..\Run: [Win32.Exploit.A] C:\WINNT\system32\exa32.exe comuni\Windows\mc-110-12-0000234.exe (se hai idea di cosa sia altrim via) O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK Ultima modifica di Stev-O : 05-02-2006 alle 13:18. |
05-02-2006, 13:35 | #1144 | |
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
C:\SERVER\bin\Srvdemon.exe C:\WINNT\system32\shell386.exe O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINNT\system32\winapi32.dll O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000234.exe O4 - HKLM\..\RunServices: [Messenger 7] msn7.exe Ultima modifica di andorra24 : 05-02-2006 alle 13:45. |
|
05-02-2006, 14:01 | #1145 |
Member
Iscritto dal: Aug 2004
Città: udine
Messaggi: 88
|
grassie è finalmente scomparso
__________________
respect!! |
05-02-2006, 14:18 | #1146 | |
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
|
|
05-02-2006, 16:54 | #1147 |
Member
Iscritto dal: Jun 2004
Città: reggio emilia
Messaggi: 186
|
una controllata
credo di avere qualcosa di strano Da un paio di gg Kerio mi segnala un tentativo di intrusione da parte di un indirizzo ip Mi dareste una controllata please ?
Logfile of HijackThis v1.99.1 Scan saved at 17.47.14, on 05/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avast4\aswUpdSv.exe C:\Programmi\Avast4\ashServ.exe C:\Programmi\cFosSpeed\spd.exe C:\Programmi\Diskeeper\DkService.exe C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\Avast4\ashMaiSv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe C:\Programmi\cFosSpeed\cFos_Speed.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\OpenOffice.org 2.0\program\soffice.exe C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\paolo\Desktop\sicurezza\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe O4 - HKLM\..\Run: [cFosSpeed] C:\Programmi\cFosSpeed\cFos_Speed.exe O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Programmi\Diskeeper\ESIRegister.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/ado...nailFrame.html O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120289686937 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: MsgPlusLoader.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Programmi\cFosSpeed\spd.exe" -service (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe |
05-02-2006, 16:59 | #1148 | |
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28808
|
Quote:
|
|
05-02-2006, 17:29 | #1149 | |
Member
Iscritto dal: Jun 2004
Città: reggio emilia
Messaggi: 186
|
Quote:
piu' veloce della luce Grazie |
|
05-02-2006, 17:30 | #1150 |
Senior Member
Iscritto dal: Oct 2005
Città: Milano - Pavia ....... Auto: BMW 335i MSport ....... In Arrivo Z4 3.0si Coupè
Messaggi: 6641
|
una controllatina anche a me.. è la prima volta che uso questo prog.:
Logfile of HijackThis v1.99.1 Scan saved at 18.25.42, on 05/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe G:\Programmi\Ahead\InCD\InCDsrv.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE G:\Programmi\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\WINDOWS\system32\nvraidservice.exe G:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE G:\Programmi\Ahead\InCD\InCD.exe C:\WINDOWS\system32\ctfmon.exe G:\Programmi\Logitech\SetPoint\SetPoint.exe I:\Programmi\Stardock\ObjectDock\ObjectDock.exe G:\Programmi\Norton SystemWorks\Norton Antivirus\SAVScan.exe G:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\spupdsvc.exe G:\Programmi\Raxco\PerfectDisk\PDSched.exe C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\spnpinst.exe C:\WINDOWS\system32\Sysocmgr.exe C:\WINDOWS\System32\wbem\unsecapp.exe G:\Programmi\Raxco\PerfectDisk\PerfectDisk.exe G:\Programmi\Raxco\PerfectDisk\PDEngine.exe G:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\TIBERI~1\IMPOST~1\Temp\Rar$EX06.500\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Programmi\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Programmi\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [BootSkin Startup Jobs] "I:\Programmi\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Stardock ObjectDock.lnk = I:\Programmi\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = G:\Programmi\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1137674634671 O17 - HKLM\System\CCS\Services\Tcpip\..\{C0AEC34C-4E83-41FF-8120-A30EFC09F583}: NameServer = 151.99.125.2,151.99.125.3 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - G:\Programmi\Ahead\InCD\InCDsrv.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - G:\Programmi\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: PDEngine - Raxco Software, Inc. - G:\Programmi\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - G:\Programmi\Raxco\PerfectDisk\PDSched.exe O23 - Service: SAVScan - Symantec Corporation - G:\Programmi\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe |
05-02-2006, 17:30 | #1151 |
Member
Iscritto dal: Jul 2004
Messaggi: 203
|
ecco ke mi si ripresentano i problemi con gli spyware.... mi potete aiutare spyware strike non mi da tregua
Logfile of HijackThis v1.99.1 Scan saved at 18.29.16, on 05/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\ewido\security suite\ewidoctrl.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RunDll32.exe C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\Softwin\BitDefender8\bdnagent.exe C:\Programmi\SpywareStrike\SpywareStrike.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\SpywareStrike\SpywareStrike.exe C:\Programmi\Ares\Ares.exe C:\Programmi\Microsoft Encarta\Encarta Enciclopedia Plus\EDICT.EXE C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe c:\programmi\softwin\bitdefender8\bdmcon.exe C:\DOCUME~1\med\IMPOST~1\Temp\Directory temporanea 2 per hijackthis_199.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ O1 - Hosts: 205.238.40.2 www.winmx.com O1 - Hosts: 205.238.40.2 err.winmx.com O1 - Hosts: 82.195.155.5 test3201.winmx.com test3203.winmx.com test3205.winmx.com test3207.winmx.com O1 - Hosts: 212.227.64.149 test3202.winmx.com test3204.winmx.com test3206.winmx.com test3208.winmx.com O1 - Hosts: 67.18.233.36 c3310.z1301.winmx.com c3310.z1302.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3314.z1301.winmx.com c3314.z1302.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com O1 - Hosts: 82.195.155.5 c3310.z1305.winmx.com c3310.z1306.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3312.z1301.winmx.com c3312.z1302.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3316.z1301.winmx.com c3316.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3310.z1303.winmx.com c3310.z1304.winmx.com c3311.z1301.winmx.com c3311.z1302.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3315.z1301.winmx.com c3315.z1302.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com O1 - Hosts: 212.227.64.159 c3311.z1305.winmx.com c3311.z1306.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3313.z1301.winmx.com c3313.z1302.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3317.z1301.winmx.com c3317.z1302.winmx.com O1 - Hosts: 67.18.233.36 c3520.z1301.winmx.com c3520.z1302.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3524.z1301.winmx.com c3524.z1302.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com O1 - Hosts: 82.195.155.5 c3520.z1305.winmx.com c3520.z1306.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3522.z1301.winmx.com c3522.z1302.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3526.z1301.winmx.com c3526.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3520.z1303.winmx.com c3520.z1304.winmx.com c3521.z1301.winmx.com c3521.z1302.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3525.z1301.winmx.com c3525.z1302.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com O1 - Hosts: 212.227.64.159 c3521.z1305.winmx.com c3521.z1306.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3523.z1301.winmx.com c3523.z1302.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3527.z1301.winmx.com c3527.z1302.winmx.com O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NI.UWFX5T_0001_N56M1411] "C:\Documents and Settings\ciao\Impostazioni locali\Temporary Internet Files\Content.IE5\7271P5RB\WinFixer2005ScannerInstallITA[1].exe" -nag O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Programmi\Arovax AntiSpyware\arovaxantispyware.exe /s O4 - HKLM\..\Run: [SpywareStrike] C:\Programmi\SpywareStrike\SpywareStrike.exe /h O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h O4 - Global Startup: LG SyncManager.lnk = ? O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) |
05-02-2006, 17:35 | #1152 |
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Fixa:
C:\Programmi\SpywareStrike\SpywareStrike.exe O4 - HKLM\..\Run: [NI.UWFX5T_0001_N56M1411] "C:\Documents and Settings\ciao\Impostazioni locali\Temporary Internet Files\Content.IE5\7271P5RB\WinFixer2005ScannerInstallITA[1].exe" -nag O4 - HKLM\..\Run: [SpywareStrike] C:\Programmi\SpywareStrike\SpywareStrike.exe /h |
05-02-2006, 17:35 | #1153 | |
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28808
|
Quote:
|
|
05-02-2006, 17:36 | #1154 |
Senior Member
Iscritto dal: Oct 2005
Città: Milano - Pavia ....... Auto: BMW 335i MSport ....... In Arrivo Z4 3.0si Coupè
Messaggi: 6641
|
io sono pulito?
|
05-02-2006, 17:40 | #1155 | |
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28808
|
Quote:
|
|
05-02-2006, 17:40 | #1156 | |
Member
Iscritto dal: Jul 2004
Messaggi: 203
|
Quote:
|
|
05-02-2006, 17:43 | #1157 | |
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
C:\Programmi\SpywareStrike\SpywareStrike.exe O4 - HKLM\..\Run: [NI.UWFX5T_0001_N56M1411] "C:\Documents and Settings\ciao\Impostazioni locali\Temporary Internet Files\Content.IE5\7271P5RB\WinFixer2005ScannerInstallITA[1].exe" -nag O4 - HKLM\..\Run: [SpywareStrike] C:\Programmi\SpywareStrike\SpywareStrike.exe /h |
|
05-02-2006, 17:46 | #1158 | |
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28808
|
Quote:
|
|
05-02-2006, 17:49 | #1159 | |
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
http://www.majorgeeks.com/download4950.html Ultima modifica di andorra24 : 05-02-2006 alle 17:51. |
|
05-02-2006, 17:55 | #1160 | |
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28808
|
Quote:
|
|
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 05:19.