Condividi:        

Controllo log sospetti

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Controllo log sospetti

Postdi claudioc » 12/12/05 10:55

Salve, allego il mio log, vorrei sapere se c'è qualcosa di sospetto e cosa devo fare, mi scuso se è un po' lungo, grazie:


Logfile of HijackThis v1.99.1
Scan saved at 10.49.04, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RssReader\RssReader.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utente1\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 205.238.40.2 http://www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Programmi\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RssReader] C:\Programmi\RssReader\RssReader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://rtc3.webresponse.one.microsoft. ... EFlash.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C79113B-3958-422C-9FBF-E25F59E7A8C8}: NameServer = 85.37.17.55 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C79113B-3958-422C-9FBF-E25F59E7A8C8}: NameServer = 85.37.17.55 151.99.125.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Programmi\File comuni\WinTools\WToolsS.exe (file missing)
claudioc
Utente Senior
 
Post: 210
Iscritto il: 08/01/04 21:19

Sponsor
 

Postdi Heba » 12/12/05 12:33

Da eliminare:

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE


questi assolutamente, pericolosi...

R3 - Default URLSearchHook is missing

O1 - Hosts: 205.238.40.2 http://www.winmx.com

O1 - Hosts: 205.238.40.2 err.winmx.com

O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com

O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com

O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com

O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com

O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com

O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com

O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com

O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com

O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com

O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com

O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com

O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com

O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com

O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com

O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com

O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com

O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com

O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com

O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com

O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com

O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com

O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com

O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com

O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com

O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com

O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com

O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com

O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com

O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com

O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com

O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com

O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com

O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com

O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com

O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com

O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com

O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com

O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com

O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com

O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com

O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com

O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com

O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com

O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com

O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com

O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com

O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com

O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com

O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com

O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com

O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com

O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com

O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com

O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com

O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com

O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com

O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com

O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com

O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com

O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com

O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com

O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com

O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com

O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com

O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com

O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com

O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com

O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com

O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com

O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com

O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com

O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com

O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com

O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com

O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com

O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com

O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com

O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com

O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com

O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com

O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com

O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com

O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com

O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com

O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com

O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com

O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com

O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com

O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com

O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com

O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com

O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com

O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com

O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com

O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com

O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com

O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com

O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com

O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{0C79113B-3958-422C-9FBF-E25F59E7A8C8}: NameServer = 85.37.17.55 151.99.125.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{0C79113B-3958-422C-9FBF-E25F59E7A8C8}: NameServer = 85.37.17.55 151.99.125.1

O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe


questo è inutile:

O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Programmi\File comuni\WinTools\WToolsS.exe (file missing)

quando hai eliminato tutto dalla modalità provvisoria, riposta un log di hijackthis che controllo se ho dimenticato qualcosa, mi spiace ma ce ne sono talmente tanti che sono sicura di essermi dimenticata qualcosa, penso...
In internet il saper leggere equivale al saper ascoltare nella realtà.
Chi sa ascoltare possiede le chiavi di molte porte.
Heba
Utente Senior
 
Post: 509
Iscritto il: 16/06/05 15:09
Località: Cremona

Postdi Tiseria » 12/12/05 14:22

Heba ha scritto:Da eliminare:

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE


O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com


O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe

quando hai eliminato tutto dalla modalità provvisoria, riposta un log di hijackthis che controllo se ho dimenticato qualcosa, mi spiace ma ce ne sono talmente tanti che sono sicura di essermi dimenticata qualcosa, penso...


:o :o :o

Anzi stai cancellando i driver delle stampandi Epson e HP....
Tiseria
Utente Junior
 
Post: 97
Iscritto il: 09/03/05 15:23

Postdi claudioc » 12/12/05 15:31

Scusate ma posso sapere cosa devo cancellare precisamente?

Oppure cancello drivers essenziali?

Aiutatemi
claudioc
Utente Senior
 
Post: 210
Iscritto il: 08/01/04 21:19

Postdi claudioc » 12/12/05 15:36

.... e come faccio a cancellare quelli che devono essere veramente cancellati?
claudioc
Utente Senior
 
Post: 210
Iscritto il: 08/01/04 21:19

Postdi Luke57 » 12/12/05 16:30

Ciao, scarica e installa Ewido . Aggiornalo. Disattiva ripristino configurazione di sistema in questo modo, riavvia in modalità provvisoria, fai una scansione con il programma suddetto e con l'antivirus aggiornato. Riparti in modalità normale, riattiva ripristino configurazione di sistema, metti l'eseguibile di hijackthis in una cartella permanente del disco fisso, tipo C\HJT, riposta nuovamente il log.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Heba » 13/12/05 08:15

Tiseria ha scritto:
Heba ha scritto:Da eliminare:

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE


O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com


O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe

quando hai eliminato tutto dalla modalità provvisoria, riposta un log di hijackthis che controllo se ho dimenticato qualcosa, mi spiace ma ce ne sono talmente tanti che sono sicura di essermi dimenticata qualcosa, penso...


:o :o :o

Anzi stai cancellando i driver delle stampandi Epson e HP....


quelli li dava con il pallino rosso, da eliminare sicuramente, forse sono stati infettati quando ha fatto lo scarico p2p da winmx. Li ho inseriti per questo, aveva il pc un po' intasato, penso che se fossero con il pallino rosso, dovevano essere eliminati per forza...penso... :undecided:
In internet il saper leggere equivale al saper ascoltare nella realtà.
Chi sa ascoltare possiede le chiavi di molte porte.
Heba
Utente Senior
 
Post: 509
Iscritto il: 16/06/05 15:09
Località: Cremona

LOG DA CONTROLLARE

Postdi claudioc » 30/01/06 19:42

Ecco il report del log, se è corretto ho fatto così: ho fatto la scansione in modalità provvisoria con Ewido e poi in modalità normale l'ho fatto con Hijackthis, è giusto fare così? Allego il report:



Logfile of HijackThis v1.99.1
Scan saved at 19.38.02, on 30/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmi\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utente1\Desktop\Programmi Vari\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 205.238.40.2 http://www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Programmi\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RssReader] C:\Programmi\RssReader\RssReader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://rtc3.webresponse.one.microsoft. ... EFlash.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C79113B-3958-422C-9FBF-E25F59E7A8C8}: NameServer = 85.37.17.55 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C79113B-3958-422C-9FBF-E25F59E7A8C8}: NameServer = 85.37.17.55 151.99.125.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Aspetto consigli, grazie.[/url]
claudioc
Utente Senior
 
Post: 210
Iscritto il: 08/01/04 21:19

Postdi Luke57 » 31/01/06 10:42

Ciao, a parte la presenza delle voci 01 relative all'uso di winmix, la voce da fixare con hijakthis è questa:
R3 - Default URLSearchHook is missing
premi "do a system scan only", cerchi e spunti la suddetta voce, premi "fixchecked".
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi claudioc » 31/01/06 11:10

per quanto riguarda win mx cosa devo fare? c'è qualcos'altro? grazie
claudioc
Utente Senior
 
Post: 210
Iscritto il: 08/01/04 21:19

Postdi Luke57 » 31/01/06 11:56

Ciao, li puoi lasciare dove sono, io non ho trovato altro ;)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "Controllo log sospetti":


Chi c’è in linea

Visitano il forum: Nessuno e 34 ospiti