Strano file...

[zak610]

BW1104.exe, qualcuno ne sa qualcosa? Si trova sotto la cartella C:winnt

[andorra24]

Quote:

Originariamente inviato da zak610

BW1104.exe, qualcuno ne sa qualcosa? Si trova sotto la cartella C:winnt

Direi che mi puzza di bruciato quel file. Prova a scansionare con hijackthis e posta il log.

[zak610]

Logfile of HijackThis v1.99.1
Scan saved at 9.26.21, on 28/06/05
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\system32\netdde.exe
C:\WINNT\LogWatNT.exe
C:\WINNT\System32\mgasc.exe
C:\WINNT\System32\mgactrl.exe
C:\OfficeScan NT\ntrtscan.exe
C:\Programmi\Citrix\ICA Client\ssonsvr.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINNT\Orbix22\bin\Orbixds.exe
C:\WINNT\system32\RpcSs.exe
C:\OfficeScan NT\tmlisten.exe
c:\winnt\system32\pstores.exe
C:\WINNT\Explorer.exe
C:\Programmi\MGA NT PowerDesk\QDesk\MGAQDESK.EXE
C:\OfficeScan NT\pccntmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\BW1104.EXE
C:\WINNT\System32\msiexec.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\WINNT\System32\CMD.exe
c:\programmi\IDEAS\MS7\gdr\drafting.exe
C:\WINNT\system32\tapisrv.exe
C:\PROGRA~1\Citrix\ICACLI~1\Wfcrun32.exe
C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE
C:\Programmi\FirstClass\Fcc32.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\WINNT\System32\ddhelp.exe
D:\Provvisorio\Downlaod\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.zigroup.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.search-msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search-msn.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-msn.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.zigroup.net:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\System32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [MGA QuickDesk] "C:\Programmi\MGA NT PowerDesk\QDesk\MGAQDESK.EXE"
O4 - HKLM\..\Run: [CA-AMagent] \\itsevfs01\amagents$\amagent.exe /silent
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O12 - Plugin for .pdf: C:\PROGRA~1\Plus!\MICROS~1\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk.com/php/hwheart...33_7773358.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/bi.../GoogleNav.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe
O23 - Service: MGACtrl - Martrox Graphics Inc. - C:\WINNT\System32\mgasc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Orbix Daemon - Unknown owner - C:\WINNT\Orbix22\bin\Orbixds.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe

[andorra24]

Mi insospettiscono molto queste 2 voci e puoi fixarle:
C:\WINNT\BW1104.EXE
c:\programmi\IDEAS\MS7\gdr\drafting.exe

Stai usando un proxy? Se non lo usi allora cancella questa:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.zigroup.net:3128

[zak610]

Quote:

Originariamente inviato da andorra24

Mi insospettiscono molto queste 2 voci e puoi fixarle:
C:\WINNT\BW1104.EXE
ok
c:\programmi\IDEAS\MS7\gdr\drafting.exe
Ideas è un prog. specifico per disegno

Stai usando un proxy? Se non lo usi allora cancella questa:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.zigroup.net:3128

Uso un proxy

[andorra24]

Allora fixa questa :
C:\WINNT\BW1104.EXE