strano processo

DrZoidberg · 22-06-2006, 21:26

salve ragazzi,
da poco mi è apparso uno strano processo:

HIMENSYST.EXE

cos'è ? mi devo preoccupare o è normale? perchè a volte usa una bella percentuale di CPU !

gomax · 22-06-2006, 21:39

Per i processi che non si conoscono basta usare Google. In questo caso, ti sei beccato una gran schifezza: http://fileinfo.prevx.com/spyware/qq...NSYST.EXE.html
Posta un log di HijackThis nel thread ufficiale.

Ciao

DrZoidberg · 22-06-2006, 22:09

Logfile of HijackThis v1.99.1
Scan saved at 23.04.57, on 22/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Prevx1\PXAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\HIMENSYST.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Documents and Settings\Simone\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKLM\..\RunServices: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AWMON] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Programmi\Apache Software Foundation\Tomcat 5.0\bin\tomcat.exe

merut82 · 22-06-2006, 22:18

Quote:

Originariamente inviato da gomax

Posta un log di HijackThis nel thread ufficiale.

Eppure te lo avevano detto

Il Thread ufficiale lo trovi qui

DrZoidberg · 22-06-2006, 22:49

opss.....scusate

22-06-2006, 21:26	#1
DrZoidberg Senior Member Iscritto dal: Jan 2006 Messaggi: 326	strano processo salve ragazzi, da poco mi è apparso uno strano processo: HIMENSYST.EXE cos'è ? mi devo preoccupare o è normale? perchè a volte usa una bella percentuale di CPU !

22-06-2006, 21:39	#2
gomax Senior Member Iscritto dal: Jul 2005 Messaggi: 4912	Per i processi che non si conoscono basta usare Google. In questo caso, ti sei beccato una gran schifezza: http://fileinfo.prevx.com/spyware/qq...NSYST.EXE.html Posta un log di HijackThis nel thread ufficiale. Ciao

22-06-2006, 22:09	#3
DrZoidberg Senior Member Iscritto dal: Jan 2006 Messaggi: 326	Logfile of HijackThis v1.99.1 Scan saved at 23.04.57, on 22/06/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\mysql\bin\mysqld-nt.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programmi\Prevx1\PXAgent.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\HIMENSYST.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Documents and Settings\Simone\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB" O4 - HKLM\..\Run: [Windows File Migration Wizard] HIMENSYST.EXE O4 - HKLM\..\RunServices: [Windows File Migration Wizard] HIMENSYST.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AWMON] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing) O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Programmi\Apache Software Foundation\Tomcat 5.0\bin\tomcat.exe

22-06-2006, 22:49	#5
DrZoidberg Senior Member Iscritto dal: Jan 2006 Messaggi: 326	opss.....scusate

Strumenti
Mostra una versione stampabile Invia questa pagina per email