sono infetto?

AngeL) · 18-06-2007, 11:38

ultimamente internet va molto piu' lento... prima fasterfox mi segnava 0.9 secondi circa per il caricamento di una pagina... ora ne segna 4.5 e piu' (-.-).
e il processo svchost.exe occupa un sacco di ram (50.000+ Kb).
come connessione ho alice flat, il computer è un acer aspire 5101 con un turion64 e win vista home basic.
ho provato a fare una scansione con AVG ieri e non ha trovato niente... oggi neanche. ho provato con spybod S&D e ha trovato una decina di spyware che ho cancellato, ma comunque il computer non va piu' veloce...
questo è il log di hijackthis:

Codice:

Logfile of HijackThis v1.99.1
Scan saved at 11.17.28, on 16/06/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\AngeL\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMuleAdunanzA\eMule_AdnzA.exe -AutoStart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{877A37CE-2785-4829-83BC-5B6F58D1D731}: NameServer = 192.168.1.1
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

cosa devo fare?

oasis90 · 18-06-2007, 12:17

SOSPETTI:

O4 - HKCU\..\Run: [?????????] ??????????????e

Cos'è sta roba?

AngeL) · 18-06-2007, 12:27

Quote:

Originariamente inviato da oasis90

SOSPETTI:

O4 - HKCU\..\Run: [?????????] ??????????????e

Cos'è sta roba?

uhm... boh! devo eliminarlo? è nel registro?

oasis90 · 18-06-2007, 12:29

Quote:

Originariamente inviato da AngeL)

uhm... boh! devo eliminarlo? è nel registro?

eliminalo tramite Hijackthis...fixa il quadratino alla sinistra della stringa e poi premi " Fix checked"..

AngeL) · 18-06-2007, 12:32

ho provato ad eliminarlo, ed è uscito questo messaggio:

Codice:

Unexpected error occurred!
Error #52 (Bad file name or number) in Sub GetLongPath(??????????????e.exe).

Please send a report to [email protected], mentioning what you were doing, and what version of Windows you have.

oasis90 · 18-06-2007, 12:35

Quote:

Originariamente inviato da AngeL)

ho provato ad eliminarlo, ed è uscito questo messaggio:

Codice:

Unexpected error occurred!
Error #52 (Bad file name or number) in Sub GetLongPath(??????????????e.exe).

Please send a report to [email protected], mentioning what you were doing, and what version of Windows you have.

..mai sentita una roba del genere....boh...a questo punto non saprei cosa dirti..aspetta qualcuno che sappia di cosa si tratta il messaggio..

oasis90 · 18-06-2007, 12:36

comunque credo si tratti di uno spyware a questo punto...

AngeL) · 18-06-2007, 12:37

Quote:

Originariamente inviato da oasis90

..mai sentita una roba del genere....boh...a questo punto non saprei cosa dirti..aspetta qualcuno che sappia di cosa si tratta il messaggio..

ok, grazie comunque^^

oasis90 · 18-06-2007, 12:39

Quote:

Originariamente inviato da AngeL)

ok, grazie comunque^^

di niente figurati..e buona fortuna...

AngeL) · 18-06-2007, 13:37

uhm.. per il fatto di svchost ho cercato su google e ho trovato un sito che diceva di disabilitare gli aggiornamenti automatici di windows... li ho disabilitati ma il processo occupa comunque 50.000 kb e piu' di ram

AngeL) · 19-06-2007, 11:17

up..

AngeL) · 20-06-2007, 08:32

up... nessuno?

wizard1993 · 20-06-2007, 10:55

fai una passata con gmer grazie

AngeL) · 20-06-2007, 13:05

Quote:

Originariamente inviato da wizard1993

fai una passata con gmer grazie

scaricato. devo fare rootkit > scan?

wizard1993 · 20-06-2007, 13:08

trova niente in rosso? se no è inutile fare una scan completa; prova a fare una scan con bitdefender

AngeL) · 20-06-2007, 13:12

dopo due inuti di scansione, mentre scannava (

) un file che si chiamava \cdfs (senza estensione o unita) si è bloccato tutto. ho riavviato, ho rifatto la scansione, e si è ribloccato.

?

AngeL) · 20-06-2007, 14:21

Quote:

Originariamente inviato da AngeL)

dopo due inuti di scansione, mentre scannava (

) un file che si chiamava \cdfs (senza estensione o unita) si è bloccato tutto. ho riavviato, ho rifatto la scansione, e si è ribloccato.

?

che faccio? non posso fare la scansione con gmer

wizard1993 · 20-06-2007, 17:48

posta un log di hijackthis con la versione 2 del prog

AngeL) · 20-06-2007, 17:52

ecco qua..

Codice:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.01.49, on 20/06/2007
Platform: Windows Vista  (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\AngeL\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.emurayden.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule0.47c\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{877A37CE-2785-4829-83BC-5B6F58D1D731}: NameServer = 192.168.1.1
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squared Free\a2service.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8279 bytes

Tidus Strife · 20-06-2007, 17:57

Ma non è Hijackthis quello

18-06-2007, 12:17	#2
oasis90 Senior Member Iscritto dal: Aug 2006 Città: Treviso Messaggi: 13366	SOSPETTI: O4 - HKCU\..\Run: [?????????] ??????????????e Cos'è sta roba? __________________ MSI MAG PANO 100R PZ \| RM1000e \| ASUS PRIME X670E-PRO WiFi \| Ryzen 7 7800X3D \| ARCTIC Liquid Freezer III Pro 360 \| Corsair Vengeance CL36 DDR5 2x16 Gb 6000Mhz \| RTX 5080 Gaming OC \| Logitech G502 \| Logitech G410 \| ASUS ROG Swift OLED PG32UCDP \| MacBook Pro M4 \| Meta Quest 3 PS5 \| Nintendo Switch 2 \| STEAM \| Vodafone FTTH 1000/200

18-06-2007, 12:36	#7
oasis90 Senior Member Iscritto dal: Aug 2006 Città: Treviso Messaggi: 13366	comunque credo si tratti di uno spyware a questo punto... __________________ MSI MAG PANO 100R PZ \| RM1000e \| ASUS PRIME X670E-PRO WiFi \| Ryzen 7 7800X3D \| ARCTIC Liquid Freezer III Pro 360 \| Corsair Vengeance CL36 DDR5 2x16 Gb 6000Mhz \| RTX 5080 Gaming OC \| Logitech G502 \| Logitech G410 \| ASUS ROG Swift OLED PG32UCDP \| MacBook Pro M4 \| Meta Quest 3 PS5 \| Nintendo Switch 2 \| STEAM \| Vodafone FTTH 1000/200

20-06-2007, 10:55	#13
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	fai una passata con gmer grazie __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

20-06-2007, 13:08	#15
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	trova niente in rosso? se no è inutile fare una scan completa; prova a fare una scan con bitdefender __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

20-06-2007, 13:12	#16
AngeL) Senior Member Iscritto dal: May 2006 Città: Salerno Messaggi: 936	dopo due inuti di scansione, mentre scannava () un file che si chiamava \cdfs (senza estensione o unita) si è bloccato tutto. ho riavviato, ho rifatto la scansione, e si è ribloccato. ?

18-06-2007, 13:37	#10
AngeL) Senior Member Iscritto dal: May 2006 Città: Salerno Messaggi: 936	uhm.. per il fatto di svchost ho cercato su google e ho trovato un sito che diceva di disabilitare gli aggiornamenti automatici di windows... li ho disabilitati ma il processo occupa comunque 50.000 kb e piu' di ram

19-06-2007, 11:17	#11
AngeL) Senior Member Iscritto dal: May 2006 Città: Salerno Messaggi: 936	up..

20-06-2007, 08:32	#12
AngeL) Senior Member Iscritto dal: May 2006 Città: Salerno Messaggi: 936	up... nessuno?

20-06-2007, 17:48	#18
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	posta un log di hijackthis con la versione 2 del prog __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

20-06-2007, 17:57	#20
Tidus Strife Senior Member Iscritto dal: Feb 2007 Città: Spira, Zanarkand Messaggi: 394	Ma non è Hijackthis quello

Strumenti
Mostra una versione stampabile Invia questa pagina per email