|
|||||||
|
|
|
 |
|
|
Strumenti |
02-07-2005, 18:45
|
#1 |
|
Senior Member
Iscritto dal: May 2005
Città: La città dei sassi ....
Messaggi: 399
|
che è sta cosa????
Ciao a tuttti, ho appena finito di fare una scansione online con panda...mi ha individuato un'infezione credo..... a termine ho cercato di capire cos'è ma sinceramente non ci capisco niente
 premetto è la prima volta che uso panda qualcuno sa dire che cos'e quello che in seguito riporto?????Security Info / Encyclopedia / Search Results ExactSearchThreat Level: Damage: Distribution: Common name: ExactSearch Technical name: Adware/ExactSearch Threat level: Low Alias: eXactSearchbar Type: Spyware Subtype: Adware Effects: It collects information on Internet usage and the applications installed in the computer and uses it to display pop-up advertisements. Affected platforms: Windows XP/2000/NT/ME/98/95 First detected on: Aug. 12, 2004 Detection updated on: June 10, 2005 In circulation? No Proactive protection: Yes, using TruPrevent Technologies Brief Description ExactSearchis an adware. Adware is a license form for using programs, which offers the application at the only cost of viewing a series of advertisements. However, these programs sometimes collect data on Internet usage habits, pages viewed, inventory of the applications installed in the computer, etc. Then, this information can be sent to Internet advertising companies.
|
|
|
|
02-07-2005, 18:49
|
#2 | |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
|
|
|
|
|
|
02-07-2005, 18:58
|
#3 |
|
Senior Member
Iscritto dal: May 2005
Città: La città dei sassi ....
Messaggi: 399
|
Ho provato con AD-AWARE ma niente ti posto il log dammi un'occhiata x favore..... dimenticavo che tipo di problemi da quella schifezza chi Panda mi ha individuato??????
 Logfile of HijackThis v1.99.1 Scan saved at 18.55.39, on 02/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\Norton Internet Security\NISUM.EXE C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ASUSKBService.exe C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\RegSrvc.exe C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe C:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\Programmi\Messenger\msmsgs.exe C:\WINDOWS\system32\1XConfig.exe C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe D:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://66.249.85.99/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [ASUS Probe] C:\Programmi\ASUS\ASUS Probe\AsusProb.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\Generic\Power4 Gear\BatteryLife.exe 1 O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3AA18C6F-7023-4E20-8525-2AA57D70997C}: NameServer = 213.230.130.222 213.230.155.94 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programmi\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPxySvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmi\Norton Internet Security\NISUM.EXE O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
02-07-2005, 19:23
|
#4 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
A me il tuo log sembra abbastanza pulito. Attento che il panda e' soggetto a falsi positivi e ti consiglierei di effettuare un' altra scansione qui: http://www.bitdefender.com/scan8/ie.html
L'unica voce che mi lascia dubbiosa e' questa: O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll Ultima modifica di andorra24 : 02-07-2005 alle 19:36. |
|
|
|
|
03-07-2005, 04:45
|
#5 | |
|
Senior Member
Iscritto dal: Nov 2001
Città: Varese
Messaggi: 1461
|
Quote:
__________________
Quando l'agnello aprì il quarto sigillo udì una voce che diceva vieni e apparve a lui un cavallo pallido il suo cavaliere si chiamava morte dietro di lui l'inferno...  Le uniche donne che vengono sedotte sono quelle che non hanno desiderio di offrirsi
|
|
|
|
|
|
03-07-2005, 12:33
|
#6 |
|
Senior Member
Iscritto dal: May 2005
Città: La città dei sassi ....
Messaggi: 399
|
provato bitdefender non ha trovato nulla cmq provo anche ad eliminare quel log che mi avete consigliato...grazie ragazzi come sempre siete gentili...
|
|
|
|
|
03-07-2005, 13:57
|
#7 | |
|
Senior Member
Iscritto dal: Nov 2001
Città: Varese
Messaggi: 1461
|
Quote:
__________________
Quando l'agnello aprì il quarto sigillo udì una voce che diceva vieni e apparve a lui un cavallo pallido il suo cavaliere si chiamava morte dietro di lui l'inferno... Le uniche donne che vengono sedotte sono quelle che non hanno desiderio di offrirsi
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 01:36.
