Aiutatemi con hijackThis v1.9

alessandroemme · 09-08-2005, 16:23

Buonasera a tutti, chiedo gentilmente il vostro aiuto, sto utilizzando questo programma ma penso proprio che una mano da voi è ben gradita

Grazie!

alessandroemme · 09-08-2005, 16:25

vi posto la scansione da me effettuata pochi minuti fà:
se mi potete cosigliare i file che devo cancellare, grazie

Logfile of HijackThis v1.99.1
Scan saved at 17.14.05, on 09/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\AVPersonal\AVWIN.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\gianluca\IMPOST~1\Temp\Rar$EX00.781\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\gianluca\IMPOST~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\gianluca\IMPOST~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E7CF770F-70C3-4D49-A883-6320C17605EA} - C:\WINDOWS\system32\bcon.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Filter: text/html - {69FE42C4-51BD-4265-953D-7013AEEF388A} - C:\WINDOWS\system32\bcon.dll
O18 - Filter: text/plain - {69FE42C4-51BD-4265-953D-7013AEEF388A} - C:\WINDOWS\system32\bcon.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

andorra24 · 09-08-2005, 16:34

Fixa:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\gianluca\IMPOST~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\gianluca\IMPOST~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {E7CF770F-70C3-4D49-A883-6320C17605EA} - C:\WINDOWS\system32\bcon.dll (file missing)
O18 - Filter: text/html - {69FE42C4-51BD-4265-953D-7013AEEF388A} - C:\WINDOWS\system32\bcon.dll
O18 - Filter: text/plain - {69FE42C4-51BD-4265-953D-7013AEEF388A} - C:\WINDOWS\system32\bcon.dll

PS:ti consiglio una scansione con ewido:http://download.ewido.net/ewido-setup.exe
anche questo puo' esserti utile:http://news.swzone.it/swznews-14856.php

alessandroemme · 09-08-2005, 16:37

quindi tutti quelli devo cancellare??

andorra24 · 09-08-2005, 16:42

Si vanno fixati (a browser chiuso). Fai anche le scansioni che ti ho consigliato.

alessandroemme · 09-08-2005, 16:55

ok ti ringrazio x i consigli, ma perchè va' fatto con internet chiuso??

andorra24 · 09-08-2005, 17:10

Quote:

Originariamente inviato da alessandroemme

ok ti ringrazio x i consigli, ma perchè va' fatto con internet chiuso??

Prima di lanciare la scansione è importante chiudere tutti i programmi aperti e tutte le finestre del browser e anche quando fixi.

halduemilauno · 09-08-2005, 18:28

Quote:

Originariamente inviato da andorra24

Fixa:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\gianluca\IMPOST~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\gianluca\IMPOST~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {E7CF770F-70C3-4D49-A883-6320C17605EA} - C:\WINDOWS\system32\bcon.dll (file missing)
O18 - Filter: text/html - {69FE42C4-51BD-4265-953D-7013AEEF388A} - C:\WINDOWS\system32\bcon.dll
O18 - Filter: text/plain - {69FE42C4-51BD-4265-953D-7013AEEF388A} - C:\WINDOWS\system32\bcon.dll

PS:ti consiglio una scansione con ewido:http://download.ewido.net/ewido-setup.exe
anche questo puo' esserti utile:http://news.swzone.it/swznews-14856.php

oltre a quelli butta i più insidiosi. norton/symantec. metti un AV vero.

reymisterio · 09-08-2005, 18:49

potreste dirmi perfavore se c'è qualcosa da fixare qui please.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\rey\IMPOST~1\Temp\Rar$EX00.543\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123095748270
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DBC7FF-EF08-4EEA-B3A6-2AE8E5AEFB5D}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

halduemilauno · 09-08-2005, 18:56

complimenti solo questo

O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DBC7FF-EF08-4EEA-B3A6-2AE8E5AEFB5D}: NameServer = 193.70.152.15 193.70.152.25

e i norton/symantec.

andorra24 · 09-08-2005, 18:58

Quote:

Originariamente inviato da reymisterio

potreste dirmi perfavore se c'è qualcosa da fixare qui please.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\rey\IMPOST~1\Temp\Rar$EX00.543\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123095748270
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DBC7FF-EF08-4EEA-B3A6-2AE8E5AEFB5D}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

Tutto pulito.

alessandroemme · 19-08-2005, 15:58

c'e' qualcosa da fixare in questo?????Grazie!

Logfile of HijackThis v1.97.7
Scan saved at 17.00.21, on 19/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\utente\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6536C311-84D9-49BE-99F4-113D4CE0FFA3} - blank (file missing)
O4 - HKLM\..\Run: [AVGCtrl] C:\Programmi\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Ricerche (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.hyundai.it
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5789DB9-B409-47BA-A060-1A3CC37745EE}: NameServer = 151.99.125.1

FOXYLADY · 19-08-2005, 16:03

Fixa
O2 - BHO: (no name) - {6536C311-84D9-49BE-99F4-113D4CE0FFA3} - blank (file missing)

alessandroemme · 19-08-2005, 16:14

ok grazie!!mi spieghi che cos'e'??ho questa curiosità di capire cosa sono questi file

FOXYLADY · 19-08-2005, 16:21

Non è un elemento pericoloso, il tuo log è pulito a mio parere.
Si tratta solo di un elemento inutile, che non trova più collegamenti, forse residuo di qualche oggetto extra che si era aggiunto alla barra di internet explorer e adesso non c'è più.

Ciao

alessandroemme · 19-08-2005, 17:15

ma questo programma individua i file di registro(giusto??)che cosa sono??perche è molto pericoloso utilizzare da soli questo programma??che programmi esistono simili a questo??

FOXYLADY · 19-08-2005, 19:59

Quote:

Originariamente inviato da alessandroemme

ma questo programma individua i file di registro(giusto??)che cosa sono??perche è molto pericoloso utilizzare da soli questo programma??che programmi esistono simili a questo??

Hijackthis riassume semplicemente la configurazione del sistema.
Tramite il suo log si può vedere subito se c'è qualche malaware nel sistema e farsi un idea di cosa possa aver infettato il nostro PC
Può essere pericoloso in mani inesperte perchè si rischia di fixare per errore file di sistema indispensabili.
Se vuoi capirne di più leggi qui
http://www.ilsoftware.it/articoli.asp?ID=2459

Non conosco altri programmi simili, forse questo, ma non l'ho mai provato
http://www.hijackfree.com/en/

Ciao

FOXYLADY · 19-08-2005, 20:17

Quote:

Originariamente inviato da FOXYLADY

Non conosco altri programmi simili, forse questo, ma non l'ho mai provato
http://www.hijackfree.com/en/

Ciao

Mi autoquoto per dire che ho provato ora il programma in questione.
Non è come hijackthis, ma non è veramente niente male

, fornisce un numero di informazioni veramente dettagliate sul proprio sistema, mi sento di consigliarlo a tutti.

Ciao

andorra24 · 19-08-2005, 20:21

Quote:

Originariamente inviato da FOXYLADY

Mi autoquoto per dire che ho provato ora il programma in questione.
Non è come hijackthis, ma non è veramente niente male

, fornisce un numero di informazioni veramente dettagliate sul proprio sistema, mi sento di consigliarlo a tutti.

Ciao

Si ce l'ho gia' da parecchio tempo nel mio arsenale anche se lo uso raramente.

peppecbr · 20-08-2005, 08:12

che ficso io????

Logfile of HijackThis v1.99.1
Scan saved at 9.09.07, on 20/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\NetLimiter\NetLimiter.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Creative\Surround Mixer\CTSysVol.exe
C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Motherboard Monitor 5\MBM5.EXE
C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\PROGRA~1\Miclone\NETMET~1\NetMeter.exe
C:\Programmi\CursorXP\CursorXP.exe
C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
C:\Programmi\Moony\moony.exe
C:\Programmi\GetRight\_getright.exe
C:\Programmi\GetRight\_getright.exe
C:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmi\L.I.SControlCenter\LISCC.exe
C:\Programmi\WinBar\WinBar.exe
C:\Programmi\iDC++\iDCPlusPlus.exe
C:\Programmi\eMule\eMule.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\hd prove\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rfqhbzthrttxiyxotwt.com/jx5gL...5nthxVmLQ.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aiqxmvgryheuhmhpahhuw.com...f_1YCLpYA.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmi\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NetLimiter] C:\Programmi\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Programmi\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NetMeter.exe] C:\PROGRA~1\Miclone\NETMET~1\NetMeter.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [wipe 64 flag gram] C:\Documents and Settings\All Users\Dati applicazioni\Globalclosewipe64\Roamlies.exe
O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [CursorXP] C:\Programmi\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmi\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Moony] "C:\Programmi\Moony\moony.exe"
O4 - HKCU\..\Run: [Scr load] C:\DOCUME~1\HDPROV~1\DATIAP~1\WMAGLO~1\Part plus wipe.exe
O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
O4 - Startup: L.I.S Control Center.LNK = C:\Programmi\L.I.SControlCenter\LISCC.exe
O4 - Startup: WinBar.lnk = C:\Programmi\WinBar\WinBar.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123879353072
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BE05ECE-E459-4AC0-B486-C98D44F56F94}: NameServer = 151.99.125.2 151.99.125.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BE05ECE-E459-4AC0-B486-C98D44F56F94}: NameServer = 151.99.125.2 151.99.125.3
O20 - Winlogon Notify: MCPClient - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmi\TuneUp Utilities 2004\WinStylerThemeSvc.exe

grazie

09-08-2005, 16:23	#1
alessandroemme Member Iscritto dal: Aug 2005 Messaggi: 82	Aiutatemi con hijackThis v1.9 Buonasera a tutti, chiedo gentilmente il vostro aiuto, sto utilizzando questo programma ma penso proprio che una mano da voi è ben gradita Grazie! Ultima modifica di alessandroemme : 09-08-2005 alle 16:27.

09-08-2005, 16:34	#3
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\gianluca\IMPOST~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\gianluca\IMPOST~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O2 - BHO: (no name) - {E7CF770F-70C3-4D49-A883-6320C17605EA} - C:\WINDOWS\system32\bcon.dll (file missing) O18 - Filter: text/html - {69FE42C4-51BD-4265-953D-7013AEEF388A} - C:\WINDOWS\system32\bcon.dll O18 - Filter: text/plain - {69FE42C4-51BD-4265-953D-7013AEEF388A} - C:\WINDOWS\system32\bcon.dll PS:ti consiglio una scansione con ewido:http://download.ewido.net/ewido-setup.exe anche questo puo' esserti utile:http://news.swzone.it/swznews-14856.php Ultima modifica di andorra24 : 09-08-2005 alle 16:40.

09-08-2005, 18:56	#10
halduemilauno Senior Member Iscritto dal: Feb 2002 Città: Discovery Messaggi: 34710	complimenti solo questo O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DBC7FF-EF08-4EEA-B3A6-2AE8E5AEFB5D}: NameServer = 193.70.152.15 193.70.152.25 e i norton/symantec. __________________ Good afternoon, gentlemen, I'm a H.A.L. computer.

19-08-2005, 16:03	#13
FOXYLADY Senior Member Iscritto dal: Oct 2004 Città: Milano Messaggi: 2641	Fixa O2 - BHO: (no name) - {6536C311-84D9-49BE-99F4-113D4CE0FFA3} - blank (file missing) __________________ FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci

19-08-2005, 16:21	#15
FOXYLADY Senior Member Iscritto dal: Oct 2004 Città: Milano Messaggi: 2641	Non è un elemento pericoloso, il tuo log è pulito a mio parere. Si tratta solo di un elemento inutile, che non trova più collegamenti, forse residuo di qualche oggetto extra che si era aggiunto alla barra di internet explorer e adesso non c'è più. Ciao __________________ FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci

09-08-2005, 16:25	#2
alessandroemme Member Iscritto dal: Aug 2005 Messaggi: 82	vi posto la scansione da me effettuata pochi minuti fà: se mi potete cosigliare i file che devo cancellare, grazie Logfile of HijackThis v1.99.1 Scan saved at 17.14.05, on 09/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe C:\Programmi\AVPersonal\AVWUPSRV.EXE C:\Programmi\AVPersonal\AVGUARD.EXE C:\Programmi\AVPersonal\AVGNT.EXE C:\Programmi\AVPersonal\AVWIN.EXE C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\gianluca\IMPOST~1\Temp\Rar$EX00.781\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\gianluca\IMPOST~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\gianluca\IMPOST~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E7CF770F-70C3-4D49-A883-6320C17605EA} - C:\WINDOWS\system32\bcon.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O18 - Filter: text/html - {69FE42C4-51BD-4265-953D-7013AEEF388A} - C:\WINDOWS\system32\bcon.dll O18 - Filter: text/plain - {69FE42C4-51BD-4265-953D-7013AEEF388A} - C:\WINDOWS\system32\bcon.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

09-08-2005, 16:37	#4
alessandroemme Member Iscritto dal: Aug 2005 Messaggi: 82	quindi tutti quelli devo cancellare??

09-08-2005, 16:42	#5
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Si vanno fixati (a browser chiuso). Fai anche le scansioni che ti ho consigliato.

09-08-2005, 16:55	#6
alessandroemme Member Iscritto dal: Aug 2005 Messaggi: 82	ok ti ringrazio x i consigli, ma perchè va' fatto con internet chiuso??

09-08-2005, 18:49	#9
reymisterio Member Iscritto dal: Aug 2005 Città: Provincia di Modena Messaggi: 85	potreste dirmi perfavore se c'è qualcosa da fixare qui please. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\ewido\security suite\ewidoctrl.exe C:\Programmi\ewido\security suite\ewidoguard.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\rey\IMPOST~1\Temp\Rar$EX00.543\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123095748270 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DBC7FF-EF08-4EEA-B3A6-2AE8E5AEFB5D}: NameServer = 193.70.152.15 193.70.152.25 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

19-08-2005, 15:58	#12
alessandroemme Member Iscritto dal: Aug 2005 Messaggi: 82	c'e' qualcosa da fixare in questo?????Grazie! Logfile of HijackThis v1.97.7 Scan saved at 17.00.21, on 19/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\AVPersonal\AVGUARD.EXE C:\Programmi\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\Explorer.EXE C:\Programmi\AVPersonal\AVGNT.EXE C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\utente\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6536C311-84D9-49BE-99F4-113D4CE0FFA3} - blank (file missing) O4 - HKLM\..\Run: [AVGCtrl] C:\Programmi\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Ricerche (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://www.hyundai.it O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B5789DB9-B409-47BA-A060-1A3CC37745EE}: NameServer = 151.99.125.1

19-08-2005, 16:14	#14
alessandroemme Member Iscritto dal: Aug 2005 Messaggi: 82	ok grazie!!mi spieghi che cos'e'??ho questa curiosità di capire cosa sono questi file

19-08-2005, 17:15	#16
alessandroemme Member Iscritto dal: Aug 2005 Messaggi: 82	ma questo programma individua i file di registro(giusto??)che cosa sono??perche è molto pericoloso utilizzare da soli questo programma??che programmi esistono simili a questo??

20-08-2005, 08:12	#20
peppecbr Senior Member Iscritto dal: Nov 2003 Città: Udine Messaggi: 11337	che ficso io???? Logfile of HijackThis v1.99.1 Scan saved at 9.09.07, on 20/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\clipsrv.exe C:\Programmi\ewido\security suite\ewidoctrl.exe C:\Programmi\ewido\security suite\ewidoguard.exe C:\WINDOWS\System32\GEARSec.exe C:\Programmi\Eset\nod32krn.exe C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\WINDOWS\system32\nvraidservice.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\NetLimiter\NetLimiter.exe C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Programmi\Creative\Surround Mixer\CTSysVol.exe C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe C:\Programmi\Eset\nod32kui.exe C:\Programmi\Motherboard Monitor 5\MBM5.EXE C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe C:\PROGRA~1\Miclone\NETMET~1\NetMeter.exe C:\Programmi\CursorXP\CursorXP.exe C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\tlntsvr.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe C:\Programmi\Moony\moony.exe C:\Programmi\GetRight\_getright.exe C:\Programmi\GetRight\_getright.exe C:\Programmi\Logitech\SetPoint\KEM.exe C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE C:\Programmi\L.I.SControlCenter\LISCC.exe C:\Programmi\WinBar\WinBar.exe C:\Programmi\iDC++\iDCPlusPlus.exe C:\Programmi\eMule\eMule.exe C:\WINDOWS\system32\cidaemon.exe C:\Programmi\TGTSoft\StyleXP\StyleXP.exe C:\Programmi\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Documents and Settings\hd prove\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rfqhbzthrttxiyxotwt.com/jx5gL...5nthxVmLQ.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aiqxmvgryheuhmhpahhuw.com...f_1YCLpYA.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmi\TGTSoft\StyleXP\TGT_BHO.dll O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NetLimiter] C:\Programmi\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MBM 5] "C:\Programmi\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [NetMeter.exe] C:\PROGRA~1\Miclone\NETMET~1\NetMeter.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM\..\Run: [wipe 64 flag gram] C:\Documents and Settings\All Users\Dati applicazioni\Globalclosewipe64\Roamlies.exe O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcASCleaner.exe O4 - HKCU\..\Run: [CursorXP] C:\Programmi\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmi\TuneUp Utilities 2004\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [Moony] "C:\Programmi\Moony\moony.exe" O4 - HKCU\..\Run: [Scr load] C:\DOCUME~1\HDPROV~1\DATIAP~1\WMAGLO~1\Part plus wipe.exe O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart O4 - Startup: L.I.S Control Center.LNK = C:\Programmi\L.I.SControlCenter\LISCC.exe O4 - Startup: WinBar.lnk = C:\Programmi\WinBar\WinBar.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123879353072 O17 - HKLM\System\CCS\Services\Tcpip\..\{0BE05ECE-E459-4AC0-B486-C98D44F56F94}: NameServer = 151.99.125.2 151.99.125.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{0BE05ECE-E459-4AC0-B486-C98D44F56F94}: NameServer = 151.99.125.2 151.99.125.3 O20 - Winlogon Notify: MCPClient - C:\WINDOWS\ O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmi\TuneUp Utilities 2004\WinStylerThemeSvc.exe grazie __________________ Sharkoon TG5 RGB ; ryzen 2600+ ; AIO Cryorig A80 ; msi x470 gaming plus ; corsair 8x2 ddr4 3000 mhz ; sapphire radeon rx 580 nitro+ ; corsair rm850i

Strumenti
Mostra una versione stampabile Invia questa pagina per email