|
|
|
|
Strumenti |
12-09-2004, 16:40 | #21 | |
Senior Member
Iscritto dal: Jun 2003
Città: "Mantua me genuit" Trattative concluse: 1 fracco!!! Devianze: MacTard iMac 27" i5 2,8Ghz 4GB IPHONE 5 32GB Black Iscritto dal: Nov 2002
Messaggi: 4425
|
Quote:
Aprite un 3D nuovo, specificando + informazioni possibili. Grazie. |
|
12-09-2004, 16:45 | #22 |
Senior Member
Iscritto dal: Mar 2002
Messaggi: 309
|
ok, grazie
pensavo ci fosse un trhead specifico, e non avendolo trovato... cmq, lo ho analizzato in rete, ma non riuscendo a togliere il trojan, ho formattato ciao
__________________
l'abito non fa il monaco, ma la scarpa si... |
29-09-2004, 18:00 | #23 |
Senior Member
Iscritto dal: Jul 2001
Messaggi: 9947
|
Bisogna che il risultato siano tutte V verdi oppure sono ammesse anche le icone gialle?!
Rosse ovviamente no giusto?!
__________________
Aiuta la ricerca col tuo PC: >>Calcolo distribuito BOINC.Italy: unisciti anche tu<< Più largo è il sorriso, più affilato è il coltello. |
29-09-2004, 22:29 | #24 |
Senior Member
Iscritto dal: Sep 2004
Città: Firenze
Messaggi: 375
|
ma che file è ???
scusate ma hijackthis definisce il file Mqeuwxsrgbzo [c:\windows\system32\zdablpu.exe] (presente nella lista di startup) come sospetto,
ma a me sembra chiaramente un trojan per di più all'avvio di windows xp si apre la connessione remota che faccio ... posso rimuovere questo file con regcleaner oppure è un file di windows????? |
29-09-2004, 23:19 | #25 | |
Senior Member
Iscritto dal: Jul 2001
Messaggi: 9947
|
Re: ma che file è ???
Quote:
Prova con tutti gli antispyware consigliati dal forum (Lavasoft & co). Prova con ewido o The Cleaner per vedere se è un trojan. Inoltre regcleaner dovrebbe servire solo a pulire il registro e non i file dal PC, almeno il nome già suggerisce quello ... e poi non mi ricordo facce faville ...
__________________
Aiuta la ricerca col tuo PC: >>Calcolo distribuito BOINC.Italy: unisciti anche tu<< Più largo è il sorriso, più affilato è il coltello. |
|
30-09-2004, 07:34 | #26 | |
Senior Member
Iscritto dal: Mar 2004
Città: Rimini
Messaggi: 10291
|
Quote:
bè... il motore di analisi per hijackthis è molto utile per fornire una traccia ma non va considerato la bibbia. Le icone verdi normalmente sono file legittimi, quelle arancio dovrebbero essere controllate manualmente (si mette il nome del file in Google e si cerca di capire cos'è) a volte sono files di sistema o di programmi che non vengono riconosciuti a volte sono schifezze. Anche per quanto riguarda le icone rosse è meglio fare un controllino prima di cancellarle, non è infrequente che il motore consideri infetti file che invece sono regolari. Uno per tutti, viene considerato pericoloso questo: R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti Si tratta invece del pulsante "collegamenti" sulla barra di Explorer che sarà sicuramente inutile ma non certo pericoloso In conclusione: quel motore è molto utile però conviene fare anche un controllo incrociato con google perchè non è infallibile
__________________
sometimes they come back *** Life Happens! - (Professionista I.T. - Tecnico Telecomunicazioni) Latitude E6420 I7 2760QM SSD Crucial M4-512GB --- Tecra R840 I5 2520M SSD Samsung 830-256GB --- Macbook Pro 13,3" I5 2435M SSD Samsung 830-256GB |
|
20-11-2004, 19:12 | #27 |
Senior Member
Iscritto dal: Dec 2002
Messaggi: 2373
|
volevo dire grazie a chi ha inventato questo software ....
oggi grazie a lui sono riuscito a recuperare un pc che non voleva saperne di connettersi ad internet dopo avergli estirpato (con Kaspersky) 97 virus di almeno 30 tipi diversi, 250 (tra processi, chiavi di registro e files) elementi negativi con ad aware ed un paio di fix dal CWSrhedder. Mi aveva fatto impazzire perchè la rete locale funzionava poi dopo aver fatto la prova del 9 con un "modem" adsl usb diretto quando ho visto che non si connetteva neanche in quel modo sono ricorso appunto al Hijackthis ed ho scoperto la causa semplicemente leggendo la scansione (cioè senza nemmeno allegare il log sul sito).... la causa era il lsp.dll e relativo winsock stack, il programma mi ha indirizzato su un sito a cui devo dire veramente grazie (www.cexx.org/lspfix.htm) da cui appunto ho scaricato il fix riparando win xp. Certo che questo pc è di una società, e conteneva troppi dati importanti per essere tenuto in quelle condizioni.... no comment va.... Un grazie, ovviamente, anche a questo forum ed a MrOZ che diverso tempo addietro aveva segnalato questo programma, che a mia volta avevo pensato bene di mettere sulla mia Memory usb per i soccorsi di emergenza. Ciao Ultima modifica di High Speed : 21-11-2004 alle 21:03. |
23-03-2005, 17:19 | #28 |
Member
Iscritto dal: Feb 2005
Città: Pero (MI)
Messaggi: 201
|
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
i due 04 ..... linux.exe mi puzzano come anche O4 - Startup: Collegamento a html2pop3.lnk = D:\Service Disk\html2pop3117betawin32\html2pop3.exe e gli ultimi 2 dipendono dal tuo provider |
11-05-2005, 20:57 | #29 |
Senior Member
Iscritto dal: Sep 2004
Messaggi: 6386
|
cacchio c'era già un 3d per hijackthis
|
18-05-2005, 13:38 | #30 | |
Senior Member
Iscritto dal: Nov 2001
Città: Varese
Messaggi: 1461
|
Quote:
__________________
Quando l'agnello aprì il quarto sigillo udì una voce che diceva vieni e apparve a lui un cavallo pallido il suo cavaliere si chiamava morte dietro di lui l'inferno... Le uniche donne che vengono sedotte sono quelle che non hanno desiderio di offrirsi |
|
21-08-2005, 16:58 | #31 |
Senior Member
Iscritto dal: Jul 2004
Messaggi: 1387
|
Ottimo link... ora ne capisco un po' di più!
|
30-07-2006, 17:32 | #32 |
Member
Iscritto dal: Jul 2006
Messaggi: 38
|
io ho cominciato ad usarlo adesso vedo che dall'ultimo post è passato un'anno è ancora utile come programma?
__________________
|
30-07-2006, 21:35 | #33 | |
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28864
|
Quote:
|
|
31-07-2006, 17:45 | #34 | |
Member
Iscritto dal: Jul 2006
Messaggi: 38
|
Quote:
__________________
|
|
08-09-2006, 18:11 | #35 |
Member
Iscritto dal: May 2005
Città: dove il mare tocca i monti..............
Messaggi: 176
|
Ciao a tutti
vorrei sapere una volta analizzato il log come devo procedere per eliminare i files infetti grazie. Questo è il risultato dell'analisi del log. Entry Kind (Safe, Nasty, Unknown) Description Tip Logfile of HijackThis v1.99.1 Safe. Shows the version of HijackThis an. The newest version is: v1.99.1! This should be the newest version. (v1.99.1) Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2900.2180! This should be the newest version. (6.00.2900.2180) C:\WINDOWS\System32\smss.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\winlogon.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\services.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\lsass.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\Ati2evxx.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\svchost.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\System32\svchost.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\spoolsv.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\Programmi\ewido anti-spyware 4.0\guard.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE Safe. running process. (MDM.EXE) Machine Debug Manager. Used by developers. C:\Programmi\Eset\nod32krn.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\slmdmsr.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\svchost.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\system32\Ati2evxx.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\Explorer.EXE Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\WINDOWS\SOUNDMAN.EXE Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\Programmi\HP\HP Software Update\HPWuSchd2.exe Safe. running process. (HPWuSchd2.exe) Part of Hewlett-Packard Possibly nasty! According to our database this process runs normally in c:\programme\hewlett-packard\hp software update\! Check if you know this process and arrange a viruscheck where required. C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe Safe. running process. (DataLayer.exe) Nokia DataLayer C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe Safe. running process. (LaunchApplication.exe) Nokia PC Suite 6 C:\Programmi\Eset\nod32kui.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE Safe. running process. (SERVIC~1.EXE) Nokia PC Suite, F-Secure Backweb Client C:\Programmi\ewido anti-spyware 4.0\ewido.exe Safe. running process. (ewido.exe) ewido anti-malware Possibly nasty! According to our database this process runs normally in c:\programme\ewido anti-malware 4.0\! Check if you know this process and arrange a viruscheck where required. C:\WINDOWS\system32\ctfmon.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\Programmi\Messenger\msmsgs.exe Safe. running process. (msmsgs.exe) MSN Messenger C:\Programmi\Phone\Skype.exe Safe. running process. (Skype.exe) Possibly nasty! According to our database this process runs normally in c:\programme\skype\phone\! Check if you know this process and arrange a viruscheck where required. C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe Safe. running process. (PcSync2.exe) Nokia PC Suite 6 C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. C:\Programmi\Alice ti aiuta\bin\mpbtn.exe Safe. running process. (mpbtn.exe) System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required Not dangerous, but unnecessary. C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe Safe. running process. (hpqimzone.exe) Hewlett-Packard C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe Safe. running process. (hpqtra08.exe) HP Digital Imaging C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe Safe. running process. (EasyShare.exe) C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe Unknown running process. (KodakSoftwareUpdater.exe) This is a unknown process. C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe Safe. running process. (hpqSTE08.exe) Hewlett-Packard Digital Imaging C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe Safe. running process. (hprblog.exe) Hewlett-Packard Digital Imaging C:\Programmi\Internet Explorer\iexplore.exe Safe. running process. (iexplore.exe) Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox) C:\Documents and Settings\Stefano Pacini\Documenti\My Skype Received Files\hijackthis_199\HijackThis.exe Safe. running process. (HijackThis.exe) Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ Safe. This page has been identified as safe. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result: 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 100,00% O2 - BHO: (no name) - {18701B47-164D-48C2-89E7-D24D0F385585} - (no file) Unnecessarily Entries found in this registry zone are potentially nasty. This application ([18701B47-164D-48C2-89E7-D24D0F385585] - Result: ) has been checked. Hit rate: 0,00% Unknown application. Unnecessary (deactivated) entry that can be fixed. O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll Safe. Entries found in this registry zone are potentially nasty. This application ([AA58ED58-01DD-4d91-8333-CF10577473F7] - Result: AA58ED58-01DD-4d91-8333-CF10577473F7) has been checked. Hit rate: 100,00% O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll Safe. Entries found in this registry zone are potentially nasty. This application ([EF99BD32-C1FB-11D2-892F-0090271D4F88] - Result: EF99BD32-C1FB-11D2-892F-0090271D4F88) has been checked. Hit rate: 100,00% O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll Safe. Entries found in this registry zone are potentially nasty. This application ([2318C2B1-4965-11d4-9B18-009027A5CD4F] - Result: 2318C2B1-4965-11D4-9B18-009027A5CD4F) has been checked. Hit rate: 97,22% O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe Safe. HP software updates. If a shortcut doesn\'t exist create your own and run it manually Hit rate: 94,44 % (result) Not dangerous, but unnecessary. O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe Safe. Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on Hit rate: 100,00 % (result) O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray Safe. Nokia PC Suite 6 Hit rate: 100,00 % (result) O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized Safe. Ewido Anti-Malware Hit rate: 100,00 % (result) O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe Safe. CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don\'t need these features. For more info on ctfmon see here. CTFMON can be disabled from Control Panel, Text & Speech Services Hit rate: 55,00 % (result) O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background Safe. Windows Messenger utility. If you don\'t use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts" Hit rate: 100,00 % (result) O4 - HKCU\..\Run: [Skype] "C:\Programmi\Phone\Skype.exe" /nosplash /minimized Safe. "Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes" Hit rate: 100,00 % (result) Not dangerous, but unnecessary. O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog Safe. Nokia PC Suite 6 Hit rate: 100,00 % (result) O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe Safe. Part of Acrobat Reader 7 Hit rate: 72,03 % (result) O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe Safe. HP digital imaging monitor; can apparently be launched manually. Hit rate: 96,43 % (result) Not dangerous, but unnecessary. O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe Safe. Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually. Hit rate: 96,15 % (result) O4 - Global Startup: Kodak software updater.lnk = C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe Unknown Hit rate: 0,00 % (result) Unknown application. O4 - Global Startup: LG SyncManager.lnk = ? Safe. Hit rate: 66,67 % (result) The entry is unnecessary and can be fixed. O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Safe. The entry E&sporta in Microsoft Excel has been identified as safe. If the entry 'E&sporta in Microsoft Excel ' is not needed anymore, it should be fixed. O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL Safe. The entry Ricerche has been identified as safe. If the entry 'Ricerche ' is not needed anymore, it should be fixed. O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe Safe. The entry Messenger has been identified as safe. If the entry 'Messenger ' is not needed anymore, it should be fixed. O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe Safe. The entry Windows Messenger has been identified as safe. If the entry 'Windows Messenger ' is not needed anymore, it should be fixed. O15 - Trusted Zone: www.adslconnection.name Nasty This entry was classified from our visitors as bad. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O15 - Trusted Zone: www.archivio.name Safe. If you did not add these pages to your trusted pages, they should be fixed. O15 - Trusted Zone: www.archiviosex.net Nasty This entry was classified from our visitors as bad. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O15 - Trusted Zone: www.hastalavista.it Safe. If you did not add these pages to your trusted pages, they should be fixed. O15 - Trusted Zone: www.otherchance.com Nasty This entry was classified from our visitors as bad. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O15 - Trusted Zone: www.playitalia.com Safe. If you did not add these pages to your trusted pages, they should be fixed. O15 - Trusted Zone: www.pornoaccesso.com Safe. If you did not add these pages to your trusted pages, they should be fixed. O15 - Trusted Zone: www.redfunny.com Nasty This entry was classified from our visitors as bad. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O15 - Trusted Zone: www.sgrunt.biz Nasty This entry was classified from our visitors as bad. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O15 - Trusted Zone: www.skymasters.biz Nasty This entry was classified from our visitors as bad. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O15 - Trusted Zone: www.softlab.name Safe. If you did not add these pages to your trusted pages, they should be fixed. O15 - Trusted Zone: www.xxx-content.name Nasty This entry was classified from our visitors as bad. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC0EAE8-D2A4-4A73-8D03-090340EDBFA3}: NameServer = 85.37.17.55 85.38.28.93 Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain '85.37.17.55 85.38.28.93'? If not, fix this entry. O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (guard.exe) was identified as a good one. O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (KodakCCS.exe) was identified as a good one. O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. This log has been checked automatically. Check your log file automatically at www.hijackthis.de.
__________________
|
08-09-2006, 21:41 | #36 | |
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28864
|
Quote:
|
|
04-07-2007, 14:21 | #37 |
Senior Member
Iscritto dal: Feb 2007
Città: (Altopascio)
Messaggi: 1406
|
Nessun firewall attivo è stato trovato nel tuo sistema oppure stai usando un firewall a noi sconosciuto. Se non usi un firewall dovresti scaricarne uno oppure puoi attivare quello incluso in windows xp. In caso tu abbia perplessità o voglia farci inserire il firewall che usi nel nostro database, contattaci sul forum: www.hijackthis.de/forum
Possibile che non abbia attivato nessun firewall,uso quello di windows e mi risulta attivato
__________________
XP home \intel_I5_760\Asus P7P-55-D-E\Enermax Infiniti 650\RAM DDR3_Corsair_Value\Samsung sync master 245b \ati_4890 \ Antec Nine Hundred Gamer\Audio creative sound blaster audigy 2zs 5.1\APC 1000VA SMART-UPS |
04-07-2007, 18:00 | #38 |
Senior Member
Iscritto dal: Apr 2006
Messaggi: 22459
|
quello di windows non è rilevabile tramite hijackthis
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza |
15-09-2007, 14:29 | #39 |
Member
Iscritto dal: Mar 2007
Città: Bari
Messaggi: 211
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.23.23, on 15/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Programmi\Intel Audio Studio\IntelAudioStudio.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Logitech\Video\LogiTray.exe C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\Programmi\Winamp\Winampa.exe C:\Programmi\QuickTime\QTTask.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\LVComsX.exe C:\Programmi\Logitech\Video\FxSvr2.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\MSN Messenger\livecall.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\eMule\emule.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Windows Media Player\wmplayer.exe C:\Documents and Settings\utente\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\iehelper3.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Programmi\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp\Winampa.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [E07IXLRD_158781] "C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C40908A6-38C4-4035-9D11-7A7BC6C80454}: NameServer = 85.37.17.49 85.38.28.91 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 7012 bytes raga aiutatemi.....
__________________
Case:CoolMaster Centurion 534 Lite Alimentatore:Allied 450 wattMobo:Intel DG 965ss CPU: Intel Dual Core 6600 (2.4 ghz)Ram: 2x1024gb Full brand 333mhzHard Disk:Maxtor Plus 2*320gbScheda Video:Ati 1550 512 mb Cam:logitec Messanger Tastiera:logitec Mouse:Logitec UltraX Optical Mouse5.1:Philips spa2600 Lcd:Philips 190s |
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 00:12.