Condividi:        

problema con symantec (ai livelli di esaurimento di nervi)

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

problema con symantec (ai livelli di esaurimento di nervi)

Postdi Capitan Barbossa » 21/02/08 17:10

salve a tutti,
oltre a un problema di connessione che in questi giorni il router mi impazzisce è sopraggiunto un altro problema: quando accendo il computer per i primi 10 minuti (oppure per tutto il tempo in cui il pc rimane acceso) mi appaiono avvisi di symantec (norton) che fa la scansione di vari messaggi email e poi dopo la suddetta scansione mi appare un messaggio che non ho potuto inviare il messaggio di posta, cosa che non ho mai ordinato di fare (e inoltre sono messaggi del tipo spam da quanto ho capito)
ho fatto la scansione di hijackthis, me la potreste controllare?
dopodiche credo che utilizzero smitfraufix.
grazie mille

Logfile of HijackThis v1.99.1
Scan saved at 16.57.37, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\taskmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Norton Internet Security\ccEmFlSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Flavio\hijackthis & smitfraudfix\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nerooogle.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fastweb.it/welcome
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\taskmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~2\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~2\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Capitan Barbossa
Utente Junior
 
Post: 19
Iscritto il: 27/05/06 19:34

Sponsor
 

Re: problema con symantec (ai livelli di esaurimento di nervi)

Postdi Luke57 » 21/02/08 21:08

Ciao, scarica SDFIX:
http://downloads.andymanchesta.com/Remo ... /SDFix.exe

- Doppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix
- avvia il sistema in modalità provvisoria, premendo ripetutamente il tasto f8 al boot prima che si carichi windows; nella schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette.
- Apri la cartella SDFix situata in C:\ e fai un doppio click su RunThis.bat per lanciare lo script
- seleziona Y per avviare la pulizia
- Quando te lo chiederà premi un tasto per riavviare(il sistema sarà piu lungo nell'avviarsi perchè lo script eseguirà l'eliminazione dei file trovati)
- Quando apparirà il desktop il tool terminerà il suo lavoro e visualizzerà il messaggio "Finished"
- Premi un tasto per terminare lo script e ricaricare le icone del desktop
- Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt
Copialo e incollalo in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: problema con symantec (ai livelli di esaurimento di nervi)

Postdi Capitan Barbossa » 22/02/08 15:33

ecco il log del programma


SDFix: Version 1.144

Run by Amministratore on 22/02/2008 at 14.50

Microsoft Windows XP [Versione 5.1.2600]
Running From: C:\SDFix

Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service asc3550p - Deleted after Reboot

Checking Files:

Trojan Files Found:

C:\WINDOWS\taskmon.exe - Deleted
C:\WINDOWS\system32\drivers\asc3550p.sys - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 15:13:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a7111e]
"00119fbd8562"=hex:94,22,96,ec,8d,71,a2,6b,32,dc,f3,83,47,fd,ef,a4
"001262a404b6"=hex:24,ed,9c,05,88,04,82,70,19,60,05,23,f5,48,15,ea
"0012c8002ca6"=hex:27,67,e4,9e,08,66,72,9b,d9,1c,c6,66,43,bc,b9,87
"001262e7d1d0"=hex:b9,2e,e9,56,c9,47,91,35,6a,93,98,cb,fa,57,1e,22
"0015a0875a49"=hex:6e,2a,08,c8,7c,93,c0,4b,99,a6,74,f4,a5,eb,2b,f2
"0018c5f711a1"=hex:76,4c,41,3c,15,35,07,a8,07,46,28,dd,68,1b,04,90
"0012d27e5e4a"=hex:c5,e7,11,86,26,d7,6e,f3,64,95,2c,fd,b4,2b,9c,d8
"000a288ddaf5"=hex:7a,93,e8,4f,e0,3f,14,6d,c7,a7,4d,ae,2e,90,26,46
"001a1b3df2df"=hex:d9,30,50,e7,77,70,00,99,49,cd,01,6d,51,42,79,5a
"0012d13cfa2b"=hex:88,5c,d4,c6,b4,a6,4d,12,7a,51,c3,84,2b,2f,48,56
"0019e3ec6ca9"=hex:a0,c7,86,12,de,82,26,67,94,96,44,71,5f,4f,fb,63
"001a169f1e4c"=hex:46,db,13,56,ae,e8,3c,0a,4d,47,40,e1,11,41,7e,dc
"0018c5d86054"=hex:d6,4f,da,f0,64,22,d2,d8,12,3f,46,43,b8,c7,f1,11
"0017e3bf1318"=hex:f1,18,94,4b,e3,d7,21,20,89,59,eb,ba,42,dc,26,b2
"001d6eb82d97"=hex:f5,2b,2e,dc,6d,0a,0b,47,f7,2c,14,56,0c,5f,06,b5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,b4,e8,95,28,31,a6,2a,07,a4,6b,79,b4,6c,9f,23,5b,74,..
"hj34z0"=hex:c4,e1,e3,6f,1b,37,6f,c0,73,c3,34,2f,e0,1d,38,a5,48,e0,de,7a,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
"khjeh"=hex:20,02,00,00,b4,e8,95,28,32,7c,8c,33,a4,6b,79,b4,6c,9f,23,5b,74,..
"hj34z0"=hex:c4,e1,e3,6f,1b,37,6f,c0,73,c3,34,2f,e0,1d,38,a5,48,e0,de,7a,73,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42]
"khjeh"=hex:20,02,00,00,b4,e8,95,28,33,ca,11,20,a4,6b,79,b4,6c,9f,23,5b,74,..
"hj34z0"=hex:c4,e1,e3,6f,1b,37,6f,c0,73,c3,34,2f,e0,1d,38,a5,48,e0,de,7a,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060a7111e]
"00119fbd8562"=hex:94,22,96,ec,8d,71,a2,6b,32,dc,f3,83,47,fd,ef,a4
"001262a404b6"=hex:24,ed,9c,05,88,04,82,70,19,60,05,23,f5,48,15,ea
"0012c8002ca6"=hex:27,67,e4,9e,08,66,72,9b,d9,1c,c6,66,43,bc,b9,87
"001262e7d1d0"=hex:b9,2e,e9,56,c9,47,91,35,6a,93,98,cb,fa,57,1e,22
"0015a0875a49"=hex:6e,2a,08,c8,7c,93,c0,4b,99,a6,74,f4,a5,eb,2b,f2
"0018c5f711a1"=hex:76,4c,41,3c,15,35,07,a8,07,46,28,dd,68,1b,04,90
"0012d27e5e4a"=hex:c5,e7,11,86,26,d7,6e,f3,64,95,2c,fd,b4,2b,9c,d8
"000a288ddaf5"=hex:7a,93,e8,4f,e0,3f,14,6d,c7,a7,4d,ae,2e,90,26,46
"001a1b3df2df"=hex:d9,30,50,e7,77,70,00,99,49,cd,01,6d,51,42,79,5a
"0012d13cfa2b"=hex:88,5c,d4,c6,b4,a6,4d,12,7a,51,c3,84,2b,2f,48,56
"0019e3ec6ca9"=hex:a0,c7,86,12,de,82,26,67,94,96,44,71,5f,4f,fb,63
"001a169f1e4c"=hex:46,db,13,56,ae,e8,3c,0a,4d,47,40,e1,11,41,7e,dc
"0018c5d86054"=hex:d6,4f,da,f0,64,22,d2,d8,12,3f,46,43,b8,c7,f1,11
"0017e3bf1318"=hex:f1,18,94,4b,e3,d7,21,20,89,59,eb,ba,42,dc,26,b2
"001d6eb82d97"=hex:f5,2b,2e,dc,6d,0a,0b,47,f7,2c,14,56,0c,5f,06,b5

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 889


Remaining Services:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\EA GAMES\\La Battaglia per la Terra di Mezzo(tm)\\game.dat"="C:\\Programmi\\EA GAMES\\La Battaglia per la Terra di Mezzo(tm)\\game.dat:*:Enabled:La Battaglia per la Terra di MezzoT"
"C:\\Programmi\\Messenger\\msmsgs.exe"="C:\\Programmi\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\Amministratore\\Desktop\\MagicHogwarts_client3.0\\Client\\MagicHogwarts.exe"="C:\\Documents and Settings\\Amministratore\\Desktop\\MagicHogwarts_client3.0\\Client\\MagicHogwarts.exe:*:Enabled:MagicHogwarts"
"C:\\Programmi\\Electronic Arts\\La Battaglia per la Terra di Mezzo II\\game.dat"="C:\\Programmi\\Electronic Arts\\La Battaglia per la Terra di Mezzo II\\game.dat:*:Enabled:La Battaglia per la Terra di MezzoT II"
"C:\\Programmi\\LimeWire\\LimeWire.exe"="C:\\Programmi\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\taskmon.exe"="C:\\WINDOWS\\taskmon.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 2 Apr 2005 56 ..SHR --- "C:\WINDOWS\system32\CA26C58C5E.sys"
Mon 15 Aug 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 14 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Programmi\File comuni\Motorola Shared\MotPCSDrivers\difxapi.dll"
Wed 24 May 2006 22,016 A..H. --- "C:\Documents and Settings\Amministratore\Desktop\TURNI LOCALI\MAGGIO 2006\~WRL2749.tmp"
Mon 15 Aug 2005 4,348 ...H. --- "C:\Documents and Settings\Amministratore\Documenti\Musica\Backup licenza\drmv1key.bak"
Fri 6 Jan 2006 20 A..H. --- "C:\Documents and Settings\Amministratore\Documenti\Musica\Backup licenza\drmv1lic.bak"
Wed 30 Mar 2005 312 A.SH. --- "C:\Documents and Settings\Amministratore\Documenti\Musica\Backup licenza\drmv2key.bak"
Wed 24 May 2006 22,016 A..H. --- "C:\Documents and Settings\Amministratore\Desktop\TURNI LOCALI\2006\MAGGIO 2006\~WRL2749.tmp"

Finished!
Capitan Barbossa
Utente Junior
 
Post: 19
Iscritto il: 27/05/06 19:34

Re: problema con symantec (ai livelli di esaurimento di nervi)

Postdi Luke57 » 22/02/08 19:35

Ciao, sdfix ha tolto di mezzo il virus (taskmon.exe), hai sempre problemi?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: problema con symantec (ai livelli di esaurimento di nervi)

Postdi Capitan Barbossa » 23/02/08 12:56

si perfetto, grazie mille a tutti ora il compuer va che è una meraviglia!! :D
Capitan Barbossa
Utente Junior
 
Post: 19
Iscritto il: 27/05/06 19:34


Torna a Sicurezza e Privacy


Topic correlati a "problema con symantec (ai livelli di esaurimento di nervi)":

problema blocco note
Autore: carlin
Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 43 ospiti