|
|||||||
|
|
|
 |
|
|
Strumenti |
07-04-2007, 19:15
|
#1 |
|
Utente sospeso
Iscritto dal: Jul 2002
Città: Ostia/Roma
Messaggi: 1191
|
Log di Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 20.14.53, on 07/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programmi\Logitech\MouseWare\system\em_exec.exe C:\Programmi\IEInspector\HTTPAnalyzerStdV2\InjectWinSockServiceV2.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\GetRight\getright.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\Xterm\smcss.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\MSN Messenger\livecall.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Winamp\winamp.exe D:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\siemensstorage.exe", O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Class - {B6903F66-D7A6-EBC0-2760-3DDEB0F2CDB9} - C:\WINDOWS\diimm1.dll (file missing) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [kav] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{571BFD64-5A78-4A73-BACA-CED5E497131D}: NameServer = 80.20.6.36,212.216.112.112 O17 - HKLM\System\CCS\Services\Tcpip\..\{93941AE2-F65F-42DF-BABE-AF012813E8BB}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: FireDaemon Service: dll32 (dll32) - Unknown owner - C:\WINDOWS\system32\Xterm\FireDaemon.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HttpAnalyzer CodeHook service (HttpAnalyzer DllInjectService) - Unknown owner - C:\Programmi\IEInspector\HTTPAnalyzerStdV2\InjectWinSockServiceV2.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: FireDaemon Service: smcss (smcss) - Unknown owner - C:\WINDOWS\system32\Xterm\FireDaemon.EXE O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Vorrei fixare le voci riguardanti Firedaemon service che il mio antivirus ha rilevato come virus. Ogni avvio di windows mi da il messaggio di errore che non è stato possibile avviare il programma in questione : come lo levo dall'avvio automatico? Con hijackthis non riesco 
__________________
Codice:
Ho concluso affari con : 8310(1,2),luxo,weather65,gokou,Zara,LotharInt,Mammabell,cionci,omerook,nathbigga,V0r[T3X],FatMas,3N20,smickys,CICUS,Dreamland,morpheus89,AMDman,Andi89,drive97,mich25,killerbox,abc3d,Sclergio,saint80,mazä,MR_GINO,OdinEidolon,ezekiel22 |
|
|
|
07-04-2007, 19:36
|
#2 |
|
Member
Iscritto dal: Jan 2006
Messaggi: 144
|
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Class - {B6903F66-D7A6-EBC0-2760-3DDEB0F2CDB9} - C:\WINDOWS\diimm1.dll (file missing) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) dovresti fixare questi (a tuo riskio...) |
|
|
|
|
07-04-2007, 19:46
|
#3 | |
|
Utente sospeso
Iscritto dal: Jul 2002
Città: Ostia/Roma
Messaggi: 1191
|
Quote:
Io li fixo ma restano li  Edit : l'ho tolto da msconfig 
__________________
Codice:
Ho concluso affari con : 8310(1,2),luxo,weather65,gokou,Zara,LotharInt,Mammabell,cionci,omerook,nathbigga,V0r[T3X],FatMas,3N20,smickys,CICUS,Dreamland,morpheus89,AMDman,Andi89,drive97,mich25,killerbox,abc3d,Sclergio,saint80,mazä,MR_GINO,OdinEidolon,ezekiel22 Ultima modifica di Galotar : 07-04-2007 alle 19:59. |
|
|
|
|
|
07-04-2007, 20:27
|
#4 |
|
Senior Member
Iscritto dal: Mar 2006
Messaggi: 22114
|
__________________
Questa opera è distribuita secondo le regole di licenza Creative Commons salvo diversa indicazione. Chiunque volesse citare il contenuto di questo post deve necessariamente riportare il link originario. |
|
|
|
|
07-04-2007, 20:29
|
#5 | |
|
Utente sospeso
Iscritto dal: Jul 2002
Città: Ostia/Roma
Messaggi: 1191
|
Quote:
__________________
Codice:
Ho concluso affari con : 8310(1,2),luxo,weather65,gokou,Zara,LotharInt,Mammabell,cionci,omerook,nathbigga,V0r[T3X],FatMas,3N20,smickys,CICUS,Dreamland,morpheus89,AMDman,Andi89,drive97,mich25,killerbox,abc3d,Sclergio,saint80,mazä,MR_GINO,OdinEidolon,ezekiel22 |
|
|
|
|
|
07-04-2007, 20:33
|
#6 | |
|
Senior Member
Iscritto dal: Mar 2006
Messaggi: 22114
|
Quote:
__________________
Questa opera è distribuita secondo le regole di licenza Creative Commons salvo diversa indicazione. Chiunque volesse citare il contenuto di questo post deve necessariamente riportare il link originario. |
|
|
|
|
|
08-04-2007, 18:43
|
#7 |
|
Member
Iscritto dal: Jan 2006
Messaggi: 144
|
allora io ti consiglio di scaricare spybot ed usarlo, se ti trova il software dannoso ti elimina tutto (kiavi di registrazione, esegubili tmp ect)
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 08:45.
