|
|||||||
|
|
|
 |
|
|
Strumenti |
28-06-2005, 09:20
|
#1 |
|
Member
Iscritto dal: May 2004
Città: 3VSO
Messaggi: 96
|
Strano file...
BW1104.exe, qualcuno ne sa qualcosa? Si trova sotto la cartella C:winnt
|
|
|
|
28-06-2005, 09:25
|
#2 | |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
|
|
|
|
|
|
28-06-2005, 09:27
|
#3 |
|
Member
Iscritto dal: May 2004
Città: 3VSO
Messaggi: 96
|
Logfile of HijackThis v1.99.1
Scan saved at 9.26.21, on 28/06/05 Platform: Windows NT 4 SP6 (WinNT 4.00.1381) MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\spoolss.exe C:\WINNT\system32\netdde.exe C:\WINNT\LogWatNT.exe C:\WINNT\System32\mgasc.exe C:\WINNT\System32\mgactrl.exe C:\OfficeScan NT\ntrtscan.exe C:\Programmi\Citrix\ICA Client\ssonsvr.exe C:\OfficeScan NT\OfcPfwSvc.exe C:\WINNT\Orbix22\bin\Orbixds.exe C:\WINNT\system32\RpcSs.exe C:\OfficeScan NT\tmlisten.exe c:\winnt\system32\pstores.exe C:\WINNT\Explorer.exe C:\Programmi\MGA NT PowerDesk\QDesk\MGAQDESK.EXE C:\OfficeScan NT\pccntmon.exe C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\WINNT\BW1104.EXE C:\WINNT\System32\msiexec.exe C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe C:\WINNT\System32\CMD.exe c:\programmi\IDEAS\MS7\gdr\drafting.exe C:\WINNT\system32\tapisrv.exe C:\PROGRA~1\Citrix\ICACLI~1\Wfcrun32.exe C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE C:\Programmi\FirstClass\Fcc32.exe C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe C:\WINNT\System32\ddhelp.exe D:\Provvisorio\Downlaod\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.zigroup.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.search-msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search-msn.com/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-msn.com/ie/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.zigroup.net:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F2 - REG:system.ini: UserInit=C:\WINNT\System32\userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [MGA QuickDesk] "C:\Programmi\MGA NT PowerDesk\QDesk\MGAQDESK.EXE" O4 - HKLM\..\Run: [CA-AMagent] \\itsevfs01\amagents$\amagent.exe /silent O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O12 - Plugin for .pdf: C:\PROGRA~1\Plus!\MICROS~1\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk.com/php/hwheart...33_7773358.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/bi.../GoogleNav.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0) - O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) - O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe O23 - Service: MGACtrl - Martrox Graphics Inc. - C:\WINNT\System32\mgasc.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe O23 - Service: Orbix Daemon - Unknown owner - C:\WINNT\Orbix22\bin\Orbixds.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe |
|
|
|
|
28-06-2005, 10:17
|
#4 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Mi insospettiscono molto queste 2 voci e puoi fixarle:
C:\WINNT\BW1104.EXE c:\programmi\IDEAS\MS7\gdr\drafting.exe Stai usando un proxy? Se non lo usi allora cancella questa: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.zigroup.net:3128 Ultima modifica di andorra24 : 28-06-2005 alle 10:22. |
|
|
|
|
28-06-2005, 12:20
|
#5 | |
|
Member
Iscritto dal: May 2004
Città: 3VSO
Messaggi: 96
|
Quote:
|
|
|
|
|
|
28-06-2005, 12:25
|
#6 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Allora fixa questa :
C:\WINNT\BW1104.EXE |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 17:09.
