Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

cose sospette

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

cose sospette

Postdi luigiws » 13/10/06 19:38

qualcuno può controllare se devo eliminare qualcosa?


Logfile of HijackThis v1.99.1
Scan saved at 20.02.14, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\ASUS\Wireless Console\wcourier.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\Programmi\FlyNet\CnxDslTb.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\SetPoint\SetPoint.exe
C:\Programmi\Toshiba\Bluetooth Toshiba
Stack\TosBtMng1.exe
C:\Documents and
Settings\katya\Desktop\WinZip\WZQKPICK.EXE
C:\Programmi\palmOne\Hotsync.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\File comuni\DataViz\DvzIncMsgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
C:\Programmi\File comuni\Sogou PXP\p2psvr.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\DOCUME~1\KATYA\DESKTOP\WINZIP\winzip32.exe
C:\Documents and Settings\katya\Impostazioni
locali\Temp\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.tin.it/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programmi\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HControl]
C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence]
C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update]
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console]
C:\Programmi\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction
Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SynTPLpr]
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh]
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl]
C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear]
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless]
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel
PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp]
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [CnxDslTaskBar]
"C:\Programmi\FlyNet\CnxDslTb.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File
comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper]
"C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched]
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware]
"C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
/minimized
O4 - HKCU\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS]
"C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: palmOne Registration.lnk =
C:\Programmi\palmOne\register.exe
O4 - Global Startup: Logitech SetPoint.lnk =
C:\Programmi\SetPoint\SetPoint.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk =
C:\Documents and
Settings\katya\Desktop\WinZip\WZQKPICK.EXE
O4 - Global Startup: Manager HotSync.lnk =
C:\Programmi\palmOne\Hotsync.exe
O4 - Global Startup: DataViz Inc Messenger.lnk =
C:\Programmi\File comuni\DataViz\DvzIncMsgr.exe
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9}
(MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
(ewidoOnlineScan Control) -
http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79}
(KooPlayer Control) -
http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3}
(CamImage Class) -
http://axis.securestore.it/AxisCamControl.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}
(IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: igfxcui -
C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless -
C:\Programmi\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware
Development a.s. - C:\Programmi\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT,
s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EvtEng - Intel Corporation -
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT)
- Macrovision Corporation - C:\Programmi\File
comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. -
C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: OwnershipProtocol - Intel Corporation -
C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: P4P Service - Sohu.com Inc. -
C:\Programmi\File comuni\Sogou PXP\p2psvr.exe
O23 - Service: RegSrvc - Intel Corporation -
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor
(S24EventMonitor) - Intel Corporation -
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
luigiws
Utente Junior
 
Post: 49
Iscritto il: 22/09/06 18:24

Sponsor
 

Postdi andorra24 » 13/10/06 20:02

Elimina queste 2 voci che sono collegate all'adware sogou:

O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9}
(MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O23 - Service: P4P Service - Sohu.com Inc. -
C:\Programmi\File comuni\Sogou PXP\p2psvr.exe

Elimina il seguente file:
C:\Programmi\File comuni\Sogou PXP\p2psvr.exe (elimina l'intera cartella Sogou PXP).

di questo adware sogou se ne parla qua:
http://research.sunbelt-software.com/th ... atid=44419
http://www3.ca.com/securityadvisor/pest ... =453098380
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi luigiws » 13/10/06 20:17

cosa è?
cmq sul pc nn ho problemi.


il resto tutto ok?

grazie ;)
luigiws
Utente Junior
 
Post: 49
Iscritto il: 22/09/06 18:24

Postdi andorra24 » 14/10/06 01:12

Si, a parte quelle 2 voci il resto e' OK.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo


Torna a Sicurezza e Privacy


Topic correlati a "cose sospette":


Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti

cron