|
|||||||
|
|
|
 |
|
|
Strumenti |
29-09-2006, 19:16
|
#3481 |
|
Senior Member
Iscritto dal: Jan 2006
Città: più Africa che Italia
Messaggi: 2060
|
Sembra proprio la stessa schifezza che ho trovato su uno dei PC aziendali ieri pomeriggio e che ho segnalato in questo thread:
http://www.hwupgrade.it/forum/showthread.php?t=1294554 Io considererei sospetto anche il file sumsw32.exe (su cui non ho trovato la minima informazione su google).
__________________
...Anima mia, ricordi la cosa che vedemmo quella magnifica dolce mattina d'estate alla svolta di un sentiero,
una carogna infame adagiata su un giaciglio di sassi con le gambe all'aria come una donna impudica bruciando e sudando i suoi veleni...(Baudelaire) |
|
|
|
29-09-2006, 19:32
|
#3482 | |
|
Member
Iscritto dal: May 2004
Messaggi: 81
|
Quote:
__________________
-WiSP!- |
|
|
|
|
|
29-09-2006, 19:34
|
#3483 | |
|
Senior Member
Iscritto dal: Feb 2002
Città: Discovery
Messaggi: 34710
|
Quote:
__________________
Good afternoon, gentlemen, I'm a H.A.L. computer. |
|
|
|
|
|
29-09-2006, 19:36
|
#3484 | |
|
Member
Iscritto dal: May 2004
Messaggi: 81
|
Quote:
__________________
-WiSP!- |
|
|
|
|
|
29-09-2006, 19:43
|
#3485 |
|
Member
Iscritto dal: May 2004
Messaggi: 81
|
niente non funziona...la stringa R3 e la O16 non ci sono più ma le due applicazioni della O4 si rigenerano....help! :<
__________________
-WiSP!- |
|
|
|
|
29-09-2006, 19:44
|
#3486 |
|
Senior Member
Iscritto dal: Jan 2006
Città: più Africa che Italia
Messaggi: 2060
|
Okkio all'eseguibile che vi ho indicato prima: sumsw32.exe
__________________
...Anima mia, ricordi la cosa che vedemmo quella magnifica dolce mattina d'estate alla svolta di un sentiero,
una carogna infame adagiata su un giaciglio di sassi con le gambe all'aria come una donna impudica bruciando e sudando i suoi veleni...(Baudelaire) |
|
|
|
|
29-09-2006, 19:46
|
#3487 | |
|
Member
Iscritto dal: May 2004
Messaggi: 81
|
Quote:
__________________
-WiSP!- |
|
|
|
|
|
29-09-2006, 19:47
|
#3488 | |
|
Senior Member
Iscritto dal: Feb 2002
Città: Discovery
Messaggi: 34710
|
Quote:
__________________
Good afternoon, gentlemen, I'm a H.A.L. computer. |
|
|
|
|
|
29-09-2006, 19:49
|
#3489 | |
|
Member
Iscritto dal: May 2004
Messaggi: 81
|
Quote:
__________________
-WiSP!- |
|
|
|
|
|
29-09-2006, 19:52
|
#3490 | |
|
Senior Member
Iscritto dal: Feb 2002
Città: Discovery
Messaggi: 34710
|
Quote:
http://www.filehippo.com/download_ccleaner/
__________________
Good afternoon, gentlemen, I'm a H.A.L. computer. |
|
|
|
|
|
29-09-2006, 20:01
|
#3491 |
|
Member
Iscritto dal: May 2004
Messaggi: 81
|
grazie! nel frattempo sono riuscito a rimuovere il virus, la cosa che mancava era l'eliminazione del file sumsw.exe che ricreava ogni volta i due file susp e l'altro di cui non ricordo il nome...grazie mille ancora di tutto! :>
__________________
-WiSP!- |
|
|
|
|
29-09-2006, 23:32
|
#3492 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28899
|
Quote:
|
|
|
|
|
|
01-10-2006, 01:50
|
#3493 |
|
Member
Iscritto dal: Jan 2006
Messaggi: 116
|
log hijackthis dopo scansione ewido e spy-bot
Ciao a tutti!
Preoccupato dal continuo e ripetuto traffico internet del mio pc nonostante la scansione con ewido e spybot e la chiusura di qualsivoglia programma che utilizzi la rete dalla tray bar(msn,emule ecc.), vorrei chiedere agli utenti del forum (che stimo moltissimo) se possono controllare il mio log di hijackthis... Oltretutto l'avvio del S.O. è diventato inspiegabilmente più lungo di quasi 10 sec. Grazie! Logfile of HijackThis v1.99.1 Scan saved at 16.43.03, on 26/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\Programmi\MessengerPlus! 3\MsgPlus.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Light Screen Media\Mtss\mtssmngr.exe C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\slserv.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\eMule Acronik\emule.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programmi\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programmi\File comuni\ReGet Shared\Catcher.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programmi\ReGet\iebar.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Movie Trailer Screensaver Manager] C:\Programmi\Light Screen Media\Mtss\mtssmngr.exe O4 - HKLM\..\Run: [MTSS Tray] C:\Programmi\Light Screen Media\Mtss\mtsstray.exe /check O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O4 - Global Startup: Microsoft Office.lnk.disabled O8 - Extra context menu item: Scarica con Re&Get Deluxe - C:\Programmi\File comuni\ReGet Shared\CC_Link.htm O8 - Extra context menu item: Scarica tutto con &ReGet Deluxe - C:\Programmi\File comuni\ReGet Shared\CC_All.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...kr.cab31267.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pr...canner37240.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4DE4660C-E75A-494C-8F2E-F824B520386B}: NameServer = 80.87.16.1,80.87.16.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{B252650B-11F1-418E-8903-6145A9D6AD20}: NameServer = 80.87.16.1,80.87.16.2 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe P.S. Spero di essere nella sez. giusta! 
|
|
|
|
|
01-10-2006, 06:52
|
#3494 |
|
Senior Member
Iscritto dal: Aug 2006
Messaggi: 4350
|
Per il traffico internet devi fare riferimento alle voci 017.
Gli esperti ti diranno ovviamente di fixare anche altre voci. Io vorrei consigliarti una migliore strategia per il futuro. Vedo che hai Avast come antivirus. Io lo disinstallerei e metterei (se vuoi temporaneamente) ANTIVIR che in questo momento è il miglior antivirus su scansione. Inoltre se vuoi invece continuare ad usare AVAST ti consiglio di impostare Firefox, se non l'hai già fatto, come browser predefinito. Ultima modifica di sampei.nihira : 01-10-2006 alle 09:04. |
|
|
|
|
01-10-2006, 09:43
|
#3495 |
|
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
@geachi86
Io disinstallerei messenger plus, perchè è un programma a rischio http://www.salvatore-aranzulla.com/?p=565 nel tuo log fixa queste voci O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe Verifica se in C:\Programmi\File comuni è presente la relativa cartella ed eliminala. personalmente eliminerei anche queste che mi sembrano del tutto inutili O4 - HKLM\..\Run: [Movie Trailer Screensaver Manager] C:\Programmi\Light Screen Media\Mtss\mtssmngr.exe O4 - HKLM\..\Run: [MTSS Tray] C:\Programmi\Light Screen Media\Mtss\mtsstray.exe /check dovrebbero essere relative ad uno screensaver che hai installato, ma non capisco perchè debbano essere in avvio automatico, inoltre questi programmini free spesso contengono spyware. Ciao
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
|
|
|
|
01-10-2006, 09:54
|
#3496 | |
|
Senior Member
Iscritto dal: Jan 2006
Città: messina-milano
Messaggi: 15987
|
Quote:
messenger plus lo puoi tenere,occhio durante l'installazione......... |
|
|
|
|
|
01-10-2006, 11:06
|
#3497 |
|
Junior Member
Iscritto dal: Sep 2006
Messaggi: 4
|
aiuto per eliminare virus
ciao ho bisogno di una mano.non riesco ad eliminare:
trojan-downloader.win32.small.dkt packed.win32.tibs.a uso avs come antivirus che li riconosce ma non riesce ad eliminarli. allego log di hijackthis grazie a tutti Logfile of HijackThis v1.99.1 Scan saved at 12.02.59, on 01/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\Documents and Settings\Calabrese\Documenti\avp.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Programmi\ewido anti-spyware 4.0\guard.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe D:\Documents and Settings\Calabrese\Documenti\Outpost Firewall\outpost.exe C:\WINDOWS\system32\slserv.exe C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\apps\ABoard\AOSD.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\QuickTime\qttask.exe C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe C:\Programmi\ewido anti-spyware 4.0\ewido.exe D:\Documents and Settings\Calabrese\Documenti\avp.exe C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\sistray.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\Programmi\Internet Explorer\iexplore.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unionesportivafoggia.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Programmi\AOL Security Toolbar\AOL_security_toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Documents and Settings\Calabrese\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Programmi\AOL Security Toolbar\AOL_security_toolbar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [Outpost Firewall] D:\Documents and Settings\Calabrese\Documenti\Outpost Firewall\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] D:\Documents and Settings\Calabrese\Documenti\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [aol] "D:\Documents and Settings\Calabrese\Documenti\avp.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Outpost Firewall Pro Regolazione rapida - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Documents and Settings\Calabrese\Documenti\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programmi\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll O20 - AppInit_DLLs: D:\DOCUME~1\CALABR~1\DOCUME~1\OUTPOS~1\wl_hook.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Documents and Settings\Calabrese\Documenti\avp.exe" -r (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - D:\Documents and Settings\Calabrese\Documenti\Outpost Firewall\outpost.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe |
|
|
|
|
01-10-2006, 11:47
|
#3498 | ||
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28899
|
elimina questa
Quote:
Quote:
|
||
|
|
|
|
02-10-2006, 10:20
|
#3499 |
|
Junior Member
Iscritto dal: Apr 2006
Messaggi: 22
|
buongiorno mi date un occhiata se è tutto a posto grazie
Logfile of HijackThis v1.99.1
Scan saved at 11.16.47, on 02/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Downlo~1\5ogvl2\keym3zy.exe C:\Programmi\Network Associates\Common Framework\FrameworkService.exe C:\Programmi\Network Associates\VirusScan\Mcshield.exe C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Ramon\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Apri immagine in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1040\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://85.41.246.218/activex/AxisCamControl.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {EB298A87-BD35-4424-9BA2-B198D2B63BBD} (WebPhoneEVT Control) - http://www.abbeyphone.com/activex/We....4.4_heavy.cab O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll (file missing) O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe |
|
|
|
|
02-10-2006, 11:55
|
#3500 |
|
Senior Member
Iscritto dal: Jul 2001
Messaggi: 9947
|
Io a tutti i nuovi boot mi ritrovo con 1 strano processo EXPLORE.EXE che mi blocca la navigazione finche non lo abbatto:
 Posso salvarmi?! Logfile of HijackThis v1.99.1 Scan saved at 12.05.07, on 02/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ASWLSVC.exe C:\WINDOWS\system32\ASWL2K.exe C:\Programmi\Logitech\iTouch\iTouch.exe C:\WINDOWS\Logi_MwX.Exe C:\Programmi\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\GEARSec.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\bob\Desktop\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O8 - Extra context menu item: Download &Flash Movies - C:\Programmi\Flash2X\Flash Hunter\save.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programmi\Flash2X\Flash Hunter\save.htm (file missing) (HKCU) O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Programmi\Flash2X\Flash Hunter\save.htm (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...lscbase969.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1142977768150 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europ...vex/hcImpl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7B7DF63F-AC0A-48CB-97DB-280EF8999414}: NameServer = 85.37.17.41 85.38.28.83 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2 - Unknown owner - C:\Programmi\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DirectX Service (DirectMofc) - Unknown owner - c:\windows\system32\directx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing) O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
__________________
Aiuta la ricerca col tuo PC: >>Calcolo distribuito BOINC.Italy: unisciti anche tu<< Più largo è il sorriso, più affilato è il coltello. |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 20:29.
