Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

c:WINDOWS/System32/cmd.exe

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

c:WINDOWS/System32/cmd.exe

Postdi elisd » 06/02/08 09:14

Ciao a tutti.
Quando avvio il pc, mi compare una finestrella tipo dos, che ha come intestazione: c:WINDOWS/System32/cmd.exe.
Dopo poco scompare da sola, ma non capisco cosa sia, ho fatto l'analisi con HiJackThis_v2, ma non ci capisco granché, quindi vi posto anche il risultato, se qualcuno mi può dare una mano,
Grazie.
Aspetto info.
Elisa

Ecco il risultato dell'analisi:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9.08.59, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\service32.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HD-C\Desktop\Manutenzione pc\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 210.14.129.6 http://www.myfilmcodeclive.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\winlogon32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: jiamfg.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: byiyyyp.bat
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: yulpkhs.bat
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.inforiviera.it/new_webcam/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96D6A1EF-05F8-4B5D-B191-E1D625AAFD65}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LogIhc - Unknown owner - \\?\C:\Programmi\File comuni\Services\prn.exe (file missing)
O23 - Service: NetEgn - Unknown owner - \\?\C:\Programmi\File comuni\Services\lpt7.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SrvAwl - Unknown owner - \\?\C:\Programmi\File comuni\Microsoft Shared\lpt2.exe (file missing)
O23 - Service: SysCqq - Unknown owner - \\?\C:\Programmi\File comuni\Services\lpt4.exe (file missing)
O23 - Service: UpdTau - Unknown owner - \\?\C:\Programmi\File comuni\System\con.exe (file missing)
O23 - Service: WinWve - Unknown owner - \\?\C:\Programmi\File comuni\System\aux.exe (file missing)

--
End of file - 8477 bytes
elisd
Utente Junior
 
Post: 12
Iscritto il: 15/10/07 10:49

Sponsor
 

Re: c:WINDOWS/System32/cmd.exe

Postdi Luke57 » 06/02/08 10:00

Ciao, hai il compter abbastanza infetto, per adesso scarica SDFix:
http://downloads.andymanchesta.com/Remo ... /SDFix.exe

Doppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix
- avvia il sistema in modalità provvisoria (premi ripetutamente il tasto f8 al boot, prima che si carichi windows. Nella schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette e confermando con invio).
- Apri la cartella SDFix situata in C:\ e fai un doppio click su RunThis.bat per lanciare lo script
- seleziona Y per avviare la pulizia
- Quando te lo chiederà premi un tasto per riavviare(il sistema sarà piu lungo nell'avviarsi perchè lo script eseguirà l'eliminazione dei file trovati)
- Quando apparirà il desktop il tool terminerà il suo lavoro e visualizzerà il messaggio "Finished"
- Premi un tasto per terminare lo script e ricaricare le icone del desktop
- Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt
Incollalo in un post, insieme a un altro log di hijacktihis.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: c:WINDOWS/System32/cmd.exe

Postdi elisd » 06/02/08 10:43

Ciao, ecco i due file log:

quello di SDFix:


SDFix: Version 1.137

Run by HD-C on 06/02/2008 at 10.26

Microsoft Windows XP [Versione 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\SSPRS.DLL - Deleted
C:\42.TMP - Deleted
C:\WINDOWS\service32.exe - Deleted
C:\WINDOWS\svchost.dll - Deleted
C:\WINDOWS\sysnet32.exe - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 10:32:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:f63518fa
"s1"=dword:e4598d5a
"s2"=dword:b576e0b9
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmi\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:02,3d,2a,73,d5,ca,29,85,43,d2,14,8c,75,bf,4e,65,77,50,86,cf,de,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,18,2a,e6,a1,49,05,52,86,c0,64,70,65,9c,fa,8d,8e,3e,..
"khjeh"=hex:2b,fc,50,be,e2,78,05,c7,23,f0,ef,bd,07,05,9c,d2,90,28,c4,41,8b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:05,e1,dc,d5,22,68,88,03,e5,69,b1,cd,39,5e,95,70,06,03,b2,5b,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmi\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:02,3d,2a,73,d5,ca,29,85,43,d2,14,8c,75,bf,4e,65,77,50,86,cf,de,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,18,2a,e6,a1,49,05,52,86,c0,64,70,65,9c,fa,8d,8e,3e,..
"khjeh"=hex:2b,fc,50,be,e2,78,05,c7,23,f0,ef,bd,07,05,9c,d2,90,28,c4,41,8b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:05,e1,dc,d5,22,68,88,03,e5,69,b1,cd,39,5e,95,70,06,03,b2,5b,74,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\IncrediMail\\bin\\IMApp.exe"="C:\\Programmi\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Programmi\\IncrediMail\\bin\\IncMail.exe"="C:\\Programmi\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Programmi\\Messenger\\msmsgs.exe"="C:\\Programmi\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programmi\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Programmi\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 25 May 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 23 Jan 2003 65,952 ..SHR --- "C:\Programmi\Autodesk\Autodesk Express Viewer\Setup.exe"
Thu 22 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\42240f0e0835cbb61b7f5567bf62437b\BIT4A.tmp"
Thu 12 May 2005 56,832 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0004.tmp"
Sat 3 Dec 2005 30,208 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0005.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0043.tmp"
Sat 3 Dec 2005 100,864 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0121.tmp"
Sun 4 Dec 2005 283,136 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0254.tmp"
Sun 4 Dec 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0402.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0424.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0486.tmp"
Thu 12 May 2005 56,832 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0516.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0527.tmp"
Thu 12 May 2005 19,968 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0592.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0701.tmp"
Sun 4 Dec 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0800.tmp"
Sun 4 Dec 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL0982.tmp"
Thu 12 May 2005 19,968 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL1007.tmp"
Sat 29 Oct 2005 217,600 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL1154.tmp"
Thu 12 May 2005 19,968 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL1165.tmp"
Sun 4 Dec 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL1383.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL1412.tmp"
Sat 3 Dec 2005 26,624 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL1466.tmp"
Thu 12 May 2005 20,480 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL1536.tmp"
Sun 4 Dec 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL1637.tmp"
Thu 12 May 2005 56,832 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL1665.tmp"
Sun 4 Dec 2005 283,648 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL1707.tmp"
Thu 12 May 2005 19,968 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL1798.tmp"
Sun 4 Dec 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL1852.tmp"
Thu 12 May 2005 19,968 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL1891.tmp"
Thu 12 May 2005 19,968 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL2073.tmp"
Sun 4 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL2124.tmp"
Sat 29 Oct 2005 231,424 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL2126.tmp"
Mon 4 Dec 2006 23,040 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL2243.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL2260.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL2305.tmp"
Sat 3 Dec 2005 26,624 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL2680.tmp"
Sun 4 Dec 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL2871.tmp"
Sat 3 Dec 2005 30,208 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL2897.tmp"
Thu 12 May 2005 21,504 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3054.tmp"
Sat 29 Oct 2005 217,600 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3079.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3121.tmp"
Tue 11 Sep 2007 1,256,448 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3123.tmp"
Sat 3 Dec 2005 26,624 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3134.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3136.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3138.tmp"
Thu 12 May 2005 19,968 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3150.tmp"
Sun 4 Dec 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3261.tmp"
Sat 3 Dec 2005 26,624 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3317.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3386.tmp"
Mon 30 Jan 2006 87,040 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3468.tmp"
Sun 4 Dec 2005 31,232 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3488.tmp"
Sun 4 Dec 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3815.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3829.tmp"
Thu 12 May 2005 56,832 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3865.tmp"
Thu 12 May 2005 19,456 ...H. --- "C:\Documents and Settings\HD-C\Dati applicazioni\Microsoft\Word\~WRL3947.tmp"
Sat 26 Jan 2008 888 ...HR --- "C:\Documents and Settings\HD-C\Dati applicazioni\SecuROM\UserData\securom_v7_01.bak"

Finished!




e quello di HiJackThis_v2:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10.39.45, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\HD-C\Desktop\Manutenzione pc\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: jiamfg.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: byiyyyp.bat
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: yulpkhs.bat
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.inforiviera.it/new_webcam/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96D6A1EF-05F8-4B5D-B191-E1D625AAFD65}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LogIhc - Unknown owner - \\?\C:\Programmi\File comuni\Services\prn.exe (file missing)
O23 - Service: NetEgn - Unknown owner - \\?\C:\Programmi\File comuni\Services\lpt7.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SrvAwl - Unknown owner - \\?\C:\Programmi\File comuni\Microsoft Shared\lpt2.exe (file missing)
O23 - Service: SysCqq - Unknown owner - \\?\C:\Programmi\File comuni\Services\lpt4.exe (file missing)
O23 - Service: UpdTau - Unknown owner - \\?\C:\Programmi\File comuni\System\con.exe (file missing)
O23 - Service: WinWve - Unknown owner - \\?\C:\Programmi\File comuni\System\aux.exe (file missing)

--
End of file - 8227 bytes
elisd
Utente Junior
 
Post: 12
Iscritto il: 15/10/07 10:49

Re: c:WINDOWS/System32/cmd.exe

Postdi Luke57 » 06/02/08 10:52

Ciao, apri hijackthis, premi do a system scan only", cerca e spunta le voci seguenti:
O4 - Startup: jiamfg.exe
O4 - Global Startup: byiyyyp.bat
O4 - Global Startup: yulpkhs.bat
O23 - Service: LogIhc - Unknown owner - \\?\C:\Programmi\File comuni\Services\prn.exe (file missing)
O23 - Service: NetEgn - Unknown owner - \\?\C:\Programmi\File comuni\Services\lpt7.exe (file missing)
O23 - Service: SrvAwl - Unknown owner - \\?\C:\Programmi\File comuni\Microsoft Shared\lpt2.exe (file missing)
O23 - Service: SysCqq - Unknown owner - \\?\C:\Programmi\File comuni\Services\lpt4.exe (file missing)
O23 - Service: UpdTau - Unknown owner - \\?\C:\Programmi\File comuni\System\con.exe (file missing)
O23 - Service: WinWve - Unknown owner - \\?\C:\Programmi\File comuni\System\aux.exe (file missing)

premi fix checked.

Scarica atf cleaner da qui:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Una volta avviata l´applicazione seleziona “Select All” , premi sul pulsante “Empty selected” e attendi il messaggio “Done Cleaning!.”

Posta poi nuovo log di hjackthis.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: c:WINDOWS/System32/cmd.exe

Postdi elisd » 06/02/08 11:36

Ciao ecco il nuvo log di HiJackThis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11.34.38, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\HD-C\Desktop\Manutenzione pc\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.inforiviera.it/new_webcam/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96D6A1EF-05F8-4B5D-B191-E1D625AAFD65}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7541 bytes
elisd
Utente Junior
 
Post: 12
Iscritto il: 15/10/07 10:49

Re: c:WINDOWS/System32/cmd.exe

Postdi Luke57 » 06/02/08 12:04

Ciao, nel log non appare più niente, hai ancora problemi?
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: c:WINDOWS/System32/cmd.exe

Postdi elisd » 06/02/08 12:37

Ciao ho provato a riavviare ed in effetti non ho visto la finestra di dos, penso quindi di avere risolto, grazie, ora farò una scansione con l'antivirus.
ciao
elisd
Utente Junior
 
Post: 12
Iscritto il: 15/10/07 10:49

errore di cmd.exe

Postdi antonio.1970 » 07/02/08 08:49

Salve a tutti.
Anche io ho un problema legato a CMD.EXE.
All'avvio del PC e durante il funzionamento non mi accorgo di nulla, pero' quando spengo il PC mi compare un msg. di errore applicazione (apparentemente generato appunto da CMD.EXE)
Questo e' il mio log di hijackthis:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\FILECO~1\ILSOLE~1\lm\LMwd.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\memento\it\monoposto\common\elsstart\elsstart.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\memento\it\monoposto\common\bd_service\bin\mysqld-opt.exe
C:\Programmi\memento\it\monoposto\common\wrapper\wrapper.exe
C:\Programmi\memento\it\monoposto\common\jre\bin\java.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Antonio\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vialibera.ilsole24ore.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartupElsCdWeb] "C:\Programmi\memento\it\monoposto\common\elsstart\elsstart.exe" IT IT MONOPOSTE "C:\Documents and Settings\All Users" "C:\Programmi\memento\it\monoposto\common\scripts" 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted IP range: 127.0.0.1
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1229059562
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6613D12-E941-4E89-91D9-5F261BF51030}: NameServer = 151.99.125.1,151.99.125.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6613D12-E941-4E89-91D9-5F261BF51030}: NameServer = 151.99.125.1,151.99.125.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6613D12-E941-4E89-91D9-5F261BF51030}: NameServer = 151.99.125.1,151.99.125.2
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LMwd - Unknown owner - C:\PROGRA~1\FILECO~1\ILSOLE~1\lm\LMwd.exe

cosa posso fare ??!
grazie a tutti
ciao
antonio.1970
Newbie
 
Post: 1
Iscritto il: 07/02/08 08:37


Torna a Sicurezza e Privacy


Topic correlati a "c:WINDOWS/System32/cmd.exe":


Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti