HiJackThis - Analisi Log - leggere Regole di Sezione - Pagina 54

andorra24 · 29-01-2006, 13:15

Quote:

Originariamente inviato da kan3malato

Ho guardato ....Quelle opzioni non sono spuntate..

E allora fixale.

kan3malato · 29-01-2006, 13:23

Quote:

Originariamente inviato da andorra24

E allora fixale.

Ok!
ciao "bbella"

subbywrc · 29-01-2006, 16:33

ciao, mi potreste analizzare questo log?
grazie

Logfile of HijackThis v1.99.1
Scan saved at 17.28.43, on 29/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiscali.it/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ansa.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: MSX - {037CE595-57CB-4EB5-9775-97BC112F3BB3} - C:\WINDOWS\System32\msx.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Active sync - {25E1A054-1262-459F-9F14-BF06148F4253} - C:\WINDOWS\System32\kaboom.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Site Update Watcher - {A853979C-2A9A-4ACB-8975-5740A7E26CB4} - C:\WINDOWS\System32\kaboom.dll (file missing)
O2 - BHO: IE Agent - {CC56A1F3-9B83-45FF-8CB6-D58959492F0F} - C:\WINDOWS\System32\kaboom.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [rusto] "C:\DOCUME~1\Sandra\IMPOST~1\Temp\s16c.4.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124535312187
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECC8715B-4CFA-4E78-AE3D-DBCFC1E72F4B}: NameServer = 62.211.69.150,212.48.4.15
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

andorra24 · 29-01-2006, 16:46

Fixa queste:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1 (se non usi proxy fixala)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> (se non usi proxy fixala)
O2 - BHO: MSX - {037CE595-57CB-4EB5-9775-97BC112F3BB3} - C:\WINDOWS\System32\msx.dll
O2 - BHO: Active sync - {25E1A054-1262-459F-9F14-BF06148F4253} - C:\WINDOWS\System32\kaboom.dll (file missing)
O2 - BHO: Site Update Watcher - {A853979C-2A9A-4ACB-8975-5740A7E26CB4} - C:\WINDOWS\System32\kaboom.dll (file missing)
O2 - BHO: IE Agent - {CC56A1F3-9B83-45FF-8CB6-D58959492F0F} - C:\WINDOWS\System32\kaboom.dll (file missing)
O4 - HKLM\..\Run: [rusto] "C:\DOCUME~1\Sandra\IMPOST~1\Temp\s16c.4.exe"

Aggiorna java sun e metti l'ultima versione 06.

subbywrc · 29-01-2006, 16:54

Quote:

Originariamente inviato da andorra24

Fixa queste:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1 (se non usi proxy fixala)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> (se non usi proxy fixala)

non uso proxy, però il computer è un client, posso fixarle comunque?

andorra24 · 29-01-2006, 17:07

Quote:

Originariamente inviato da subbywrc

non uso proxy, però il computer è un client, posso fixarle comunque?

Fixa queste:
O2 - BHO: MSX - {037CE595-57CB-4EB5-9775-97BC112F3BB3} - C:\WINDOWS\System32\msx.dll
O2 - BHO: Active sync - {25E1A054-1262-459F-9F14-BF06148F4253} - C:\WINDOWS\System32\kaboom.dll (file missing)
O2 - BHO: Site Update Watcher - {A853979C-2A9A-4ACB-8975-5740A7E26CB4} - C:\WINDOWS\System32\kaboom.dll (file missing)
O2 - BHO: IE Agent - {CC56A1F3-9B83-45FF-8CB6-D58959492F0F} - C:\WINDOWS\System32\kaboom.dll (file missing)
O4 - HKLM\..\Run: [rusto] "C:\DOCUME~1\Sandra\IMPOST~1\Temp\s16c.4.exe"

e aggiorna java sun mi raccomando.

subbywrc · 29-01-2006, 17:25

ho fixato tutto tranne i primi 2 (quelli del proxy), il problema che aveva il pc è sparito.
grazie mille

andorra24 · 29-01-2006, 17:26

Quote:

Originariamente inviato da subbywrc

ho fixato tutto tranne i primi 2 (quelli del proxy), il problema che aveva il pc è sparito.
grazie mille

Ottimo

Valnir · 31-01-2006, 13:09

allora ragazzi, mi servirebbe una mano per questo log...ho dato una letta alle varie guide e un po' l'ho ripulito ma alcuni punti non mi sono chiari...
Ho messo in grassetto le voci che maggiormente non capisco
secondo voi è tutto apposto?

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\eMule46c\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
E:\Documenti\File Installazione\cwshredder.exe
C:\Programmi\Messenger\msmsgs.exe
C:\DOCUME~1\Valnir\IMPOST~1\Temp\Directory temporanea 3 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AWMON] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\games\valve\steam\steam.ex" -silent
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1138547004968
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/down...derActiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80449C6C-3E37-4910-89FE-75358AC244D2}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

andorra24 · 31-01-2006, 13:17

Il log e' pulito.

Valnir · 31-01-2006, 13:28

ok grazie mille par la risposta velocissima....ma quel "NameServer = 85.37.17.55 85.38.28.93" a che si riferisce??

cosa indica quel numero?
ciao e grazie, a approposito, io uso zoneallarm, norton antivirus e ad-watch
va bene come combinazione o ci sono software migliori e magari piu leggeri?
grazie

andorra24 · 31-01-2006, 13:32

Quote:

Originariamente inviato da Valnir

ok grazie mille par la risposta velocissima....ma quel "NameServer = 85.37.17.55 85.38.28.93" a che si riferisce??

cosa indica quel numero?
ciao e grazie, a approposito, io uso zoneallarm, norton antivirus e ad-watch
va bene come combinazione o ci sono software migliori e magari piu leggeri?
grazie

Quei numeri sono i DNS di Alice. Per quanto riguarda la tua seconda domanda potrei consigliarti di leggerti i threads in rilievo su antivirus,firewall e antispyware e sicuramente troverai molte info utili ed interessanti. Come antispyware potresti aggiungere ewido che e' molto valido:http://www.ewido.net/en/

Valnir · 31-01-2006, 13:39

perfetto grazie mille, ci darò un'occhiata...

g_b · 31-01-2006, 14:11

grazie a chi mi da una mano,,, visto che,,, ci capisco ben poco....

devo fixare qualcosa?

Logfile of HijackThis v1.99.1
Scan saved at 15.06.54, on 31/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\AutoCAD 2004\acad.exe
C:\DOCUME~1\GIANCA~1\IMPOST~1\Temp\~e5d141.tmp
C:\Programmi\File comuni\Autodesk Shared\WSCommCntr1.exe
C:\Programmi\Yahoo!\Messenger\YPager.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\giancarlo\Documenti\programmini\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...35/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96523739-B10B-45E4-8136-D5BFF42753F2}: NameServer = 62.211.69.150 212.48.4.15
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe

grazie in anticipo

andorra24 · 31-01-2006, 15:00

Fixa:
C:\DOCUME~1\GIANCA~1\IMPOST~1\Temp\~e5d141.tmp

g_b · 31-01-2006, 16:10

Quote:

Originariamente inviato da andorra24

Fixa:
C:\DOCUME~1\GIANCA~1\IMPOST~1\Temp\~e5d141.tmp

scusa ma,,,,, dalla schermata del programma non mi compare questa riga

C:\DOCUME~1\GIANCA~1\IMPOST~1\Temp\~e5d141.tmp

compare solo nel file .log

!!!!posso fixare solo le voci che partono da

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9..................e via così

andorra24 · 31-01-2006, 16:35

Non preoccuparti, quel file temp non e' una cosa particolarmente importante, riguarda la licenza dei prodotti macromedia. Il log e' ok.

g_b · 31-01-2006, 16:52

Quote:

Originariamente inviato da andorra24

Non preoccuparti, quel file temp non e' una cosa particolarmente importante, riguarda la licenza dei prodotti macromedia. Il log e' ok.

grazie mille

andorra24 · 31-01-2006, 17:39

Quote:

Originariamente inviato da g_b

grazie mille

Di nulla

whiteshark · 01-02-2006, 20:44

ciao a tutti avrei un log da analizzare più o meno ho capito quelle da eliminare ma visto che il pc non è il mio voglio essere sicuro...mi potete aiutare? GRAZIE!!!

Logfile of HijackThis v1.99.1
Scan saved at 18.33.06, on 01/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\hda.exe
C:\Documents and Settings\HP_Proprietario\Dati applicazioni\sgrunt\IE4321.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\ArcSoft\Software Suite\Media Card Companion\MCC Monitor.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
H:\HijackThis 1.99 Final\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://arianna.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Libero
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HDAudio] C:\WINDOWS\hda.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\HP_Proprietario\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Programmi\ArcSoft\Software Suite\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.superspots.biz
O15 - Trusted Zone: www.xbeta69.com
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.sgrunt.biz/closer/close.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

29-01-2006, 16:33	#1063
subbywrc Senior Member Iscritto dal: Jan 2005 Città: Meduno/Trieste Messaggi: 806	ciao, mi potreste analizzare questo log? grazie Logfile of HijackThis v1.99.1 Scan saved at 17.28.43, on 29/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\CACHEM~1\CachemanXP.exe C:\Programmi\ewido\security suite\ewidoctrl.exe C:\Programmi\ewido\security suite\ewidoguard.exe C:\Programmi\Ahead\InCD\InCDsrv.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\msiexec.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\Programmi\Eset\nod32kui.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Outlook Express\msimn.exe C:\Programmi\Messenger\msmsgs.exe C:\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiscali.it/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ansa.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: MSX - {037CE595-57CB-4EB5-9775-97BC112F3BB3} - C:\WINDOWS\System32\msx.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: Active sync - {25E1A054-1262-459F-9F14-BF06148F4253} - C:\WINDOWS\System32\kaboom.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Site Update Watcher - {A853979C-2A9A-4ACB-8975-5740A7E26CB4} - C:\WINDOWS\System32\kaboom.dll (file missing) O2 - BHO: IE Agent - {CC56A1F3-9B83-45FF-8CB6-D58959492F0F} - C:\WINDOWS\System32\kaboom.dll (file missing) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [rusto] "C:\DOCUME~1\Sandra\IMPOST~1\Temp\s16c.4.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124535312187 O17 - HKLM\System\CCS\Services\Tcpip\..\{ECC8715B-4CFA-4E78-AE3D-DBCFC1E72F4B}: NameServer = 62.211.69.150,212.48.4.15 O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programmi\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe __________________ MacBook Pro 13" mid 2010

29-01-2006, 17:25	#1067
subbywrc Senior Member Iscritto dal: Jan 2005 Città: Meduno/Trieste Messaggi: 806	ho fixato tutto tranne i primi 2 (quelli del proxy), il problema che aveva il pc è sparito. grazie mille __________________ MacBook Pro 13" mid 2010

31-01-2006, 14:11	#1074
g_b Member Iscritto dal: Aug 2005 Città: lago d'iseo Messaggi: 105	....log grazie a chi mi da una mano,,, visto che,,, ci capisco ben poco.... devo fixare qualcosa? Logfile of HijackThis v1.99.1 Scan saved at 15.06.54, on 31/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\TOSHIBA\Tvs\TvsTray.exe C:\Programmi\Apoint2K\Apoint.exe C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe C:\Programmi\TOSHIBA\TouchPad\TPTray.exe C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmi\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programmi\Apoint2K\Apntex.exe C:\WINDOWS\system32\TPSBattM.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\cisvc.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\cidaemon.exe C:\Programmi\AutoCAD 2004\acad.exe C:\DOCUME~1\GIANCA~1\IMPOST~1\Temp\~e5d141.tmp C:\Programmi\File comuni\Autodesk Shared\WSCommCntr1.exe C:\Programmi\Yahoo!\Messenger\YPager.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Documents and Settings\giancarlo\Documenti\programmini\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [SVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...35/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{96523739-B10B-45E4-8136-D5BFF42753F2}: NameServer = 62.211.69.150 212.48.4.15 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe grazie in anticipo

01-02-2006, 20:44	#1080
whiteshark Member Iscritto dal: Oct 2004 Messaggi: 237	ciao a tutti avrei un log da analizzare più o meno ho capito quelle da eliminare ma visto che il pc non è il mio voglio essere sicuro...mi potete aiutare? GRAZIE!!! Logfile of HijackThis v1.99.1 Scan saved at 18.33.06, on 01/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Programmi\iTunes\iTunesHelper.exe C:\WINDOWS\system32\keyhook.exe C:\WINDOWS\AGRSMMSG.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ALCXMNTR.EXE C:\Programmi\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\WINDOWS\hda.exe C:\Documents and Settings\HP_Proprietario\Dati applicazioni\sgrunt\IE4321.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmi\ArcSoft\Software Suite\Media Card Companion\MCC Monitor.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\Programmi\Alice ti aiuta\bin\mad.exe C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe H:\HijackThis 1.99 Final\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://arianna.libero.it R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Libero R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [HDAudio] C:\WINDOWS\hda.exe O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\HP_Proprietario\Dati applicazioni\sgrunt\IE4321.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Programmi\ArcSoft\Software Suite\Media Card Companion\MCC Monitor.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it O15 - Trusted Zone: www.archiviosex.net O15 - Trusted Zone: www.linkautomatici.com O15 - Trusted Zone: www.redfunny.com O15 - Trusted Zone: www.sgrunt.biz O15 - Trusted Zone: www.skymasters.biz O15 - Trusted Zone: www.superspots.biz O15 - Trusted Zone: www.xbeta69.com O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.sgrunt.biz/closer/close.exe O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe __________________ Acer 1694WLMi Centrino 760, Ati X700 256MB, 100GB 5400 RPM, 1GB ram

29-01-2006, 16:46	#1064
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa queste: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1 (se non usi proxy fixala) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> (se non usi proxy fixala) O2 - BHO: MSX - {037CE595-57CB-4EB5-9775-97BC112F3BB3} - C:\WINDOWS\System32\msx.dll O2 - BHO: Active sync - {25E1A054-1262-459F-9F14-BF06148F4253} - C:\WINDOWS\System32\kaboom.dll (file missing) O2 - BHO: Site Update Watcher - {A853979C-2A9A-4ACB-8975-5740A7E26CB4} - C:\WINDOWS\System32\kaboom.dll (file missing) O2 - BHO: IE Agent - {CC56A1F3-9B83-45FF-8CB6-D58959492F0F} - C:\WINDOWS\System32\kaboom.dll (file missing) O4 - HKLM\..\Run: [rusto] "C:\DOCUME~1\Sandra\IMPOST~1\Temp\s16c.4.exe" Aggiorna java sun e metti l'ultima versione 06.

31-01-2006, 13:09	#1069
Valnir Senior Member Iscritto dal: Aug 2005 Città: Massa (MS) Messaggi: 1992	allora ragazzi, mi servirebbe una mano per questo log...ho dato una letta alle varie guide e un po' l'ho ripulito ma alcuni punti non mi sono chiari... Ho messo in grassetto le voci che maggiormente non capisco secondo voi è tutto apposto? Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Norton AntiVirus\SAVScan.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe C:\WINDOWS\system32\taskmgr.exe C:\Programmi\eMule46c\emule.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe E:\Documenti\File Installazione\cwshredder.exe C:\Programmi\Messenger\msmsgs.exe C:\DOCUME~1\Valnir\IMPOST~1\Temp\Directory temporanea 3 per hijackthis_199.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [AWMON] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\games\valve\steam\steam.ex" -silent O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1138547004968 O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/down...derActiveX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{80449C6C-3E37-4910-89FE-75358AC244D2}: NameServer = 85.37.17.55 85.38.28.93 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

31-01-2006, 13:17	#1070
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Il log e' pulito.

31-01-2006, 13:28	#1071
Valnir Senior Member Iscritto dal: Aug 2005 Città: Massa (MS) Messaggi: 1992	ok grazie mille par la risposta velocissima....ma quel "NameServer = 85.37.17.55 85.38.28.93" a che si riferisce?? cosa indica quel numero? ciao e grazie, a approposito, io uso zoneallarm, norton antivirus e ad-watch va bene come combinazione o ci sono software migliori e magari piu leggeri? grazie

31-01-2006, 13:39	#1073
Valnir Senior Member Iscritto dal: Aug 2005 Città: Massa (MS) Messaggi: 1992	perfetto grazie mille, ci darò un'occhiata...

31-01-2006, 15:00	#1075
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa: C:\DOCUME~1\GIANCA~1\IMPOST~1\Temp\~e5d141.tmp

31-01-2006, 16:35	#1077
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Non preoccuparti, quel file temp non e' una cosa particolarmente importante, riguarda la licenza dei prodotti macromedia. Il log e' ok.

Strumenti
Mostra una versione stampabile Invia questa pagina per email