Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il Log

Mi controllate il Log Opzioni
Topic Precedente · Topic Sucessivo
mat82
Inviato: Wednesday, October 28, 2009 6:59:37 PM

Rank: AiutAmico

Iscritto dal : 5/13/2008
Posts: 146
Salve a tutti è da un giorno che non riesco a navigare con internet explorer 8,(mentre con firefox non ho problemi) ogni volta mi esce l'avviso di connettermi a internet anche se sono già connesso. Ieri ho fatto un controllo con spybot ho eliminato due spywere e poi ho disabilitato il ripristino configurazione di sistema e ho controllato in modalità provvisoria con antivirus, malwarebytes e spyboot ma non mi hanno trovato nulla.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.52.10, on 28/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programmi\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Programmi\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe

--
End of file - 8557 bytes
Torna in alto
 
Sponsor
Inviato: Wednesday, October 28, 2009 6:59:37 PM

 
Torna in alto
 
r16
Inviato: Wednesday, October 28, 2009 11:41:39 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Prima prova questa operazione:
Apri IE8.
Clicca su "Strumenti":
Opzioni Internet.
Avanzate.
In basso, clicca su "REIMPOSTA".
Clicca "Applica" e poi Ok.
Riavvia il pc.

Seconda prova:

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)
Torna in alto
 
mat82
Inviato: Thursday, October 29, 2009 12:20:50 AM

Rank: AiutAmico

Iscritto dal : 5/13/2008
Posts: 146
ciao r16 allora con la prima operazione non sono riuscito a risolvere il problema ecco il Log di ComboFix:


ComboFix 09-10-27.08 - Matteo 29/10/2009 0.10.36.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.559 [GMT 1:00]
Eseguito da: c:\documents and settings\Matteo\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-0C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-09-28 al 2009-10-28 )))))))))))))))))))))))))))))))))))
.

2009-10-28 17:36 . 2009-10-28 17:36 -------- d-----w- c:\programmi\Trend Micro
2009-10-26 21:39 . 2009-10-26 21:39 -------- d-----w- c:\windows\ShellNew
2009-10-26 21:38 . 2009-10-26 21:38 -------- d-----w- c:\documents and settings\Matteo\Dati applicazioni\Microsoft Web Folders
2009-10-21 12:19 . 2009-10-21 12:19 -------- d-----w- c:\programmi\Microsoft CAPICOM 2.1.0.2
2009-10-21 12:11 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-21 12:11 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-20 21:35 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-20 21:35 . 2009-10-20 21:35 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-10-20 20:45 . 2009-10-20 20:45 -------- d-----w- c:\programmi\Paint.NET
2009-10-20 20:45 . 2009-10-23 15:45 -------- d-----w- c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\Paint.NET
2009-10-20 16:03 . 2009-10-20 16:04 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-10-20 15:31 . 2009-10-20 15:31 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-20 15:11 . 2009-06-04 08:09 7512 ----a-w- c:\windows\system32\34CoInstaller(6).dll
2009-10-20 15:11 . 2009-06-04 08:09 7512 ----a-w- c:\windows\system32\34CoInstaller(5).dll
2009-10-20 15:11 . 2009-06-04 08:09 7512 ----a-w- c:\windows\system32\34CoInstaller(4).dll
2009-10-20 15:11 . 2009-06-04 08:09 7512 ----a-w- c:\windows\system32\34CoInstaller(3).dll
2009-10-20 15:11 . 2009-06-04 08:09 7512 ----a-w- c:\windows\system32\34CoInstaller(2).dll
2009-10-20 14:54 . 2009-10-20 14:54 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-10-20 14:03 . 2009-10-20 14:03 -------- d-----w- c:\windows\system32\LogFiles
2009-10-19 20:20 . 2009-10-19 20:20 -------- d-----w- c:\documents and settings\Matteo\Dati applicazioni\PCToolsFirewallPlus
2009-10-19 20:18 . 2009-09-23 13:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-19 20:18 . 2009-09-16 12:19 87656 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-19 20:18 . 2009-09-24 06:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-19 20:18 . 2009-10-28 22:58 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-19 20:18 . 2009-10-19 20:18 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-10-19 20:18 . 2009-09-16 06:39 70280 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-10-19 20:18 . 2009-08-14 10:44 32552 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-10-19 20:18 . 2009-07-29 07:54 46592 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2009-10-19 20:18 . 2009-09-08 10:48 115088 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-10-19 20:18 . 2009-10-20 15:32 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2009-10-19 20:04 . 2009-10-28 00:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-19 17:55 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 17:55 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 17:20 . 2009-10-19 17:20 -------- d-----w- c:\documents and settings\Matteo\Dati applicazioni\Malwarebytes
2009-10-19 17:20 . 2009-10-19 17:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-10-19 17:19 . 2009-10-19 17:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-10-19 16:28 . 2009-10-19 17:27 -------- d-----w- c:\programmi\Microsoft Visual Studio(2)
2009-10-19 16:27 . 2009-10-19 16:27 -------- d-----w- c:\windows\ShellNew(2)
2009-10-19 16:26 . 2009-10-19 17:27 -------- d-----w- c:\programmi\Microsoft Office(2)
2009-10-19 12:07 . 2009-10-20 14:04 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-10-19 12:06 . 2009-10-20 14:03 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-18 16:22 . 2009-10-18 16:22 -------- d-----w- c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\Help
2009-10-18 15:27 . 2009-10-28 19:47 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-10-18 14:00 . 2009-10-18 14:00 -------- d-----w- c:\documents and settings\Matteo\Dati applicazioni\Avira
2009-10-18 13:54 . 2009-10-18 13:54 -------- d-----w- c:\documents and settings\Matteo\Dati applicazioni\Talkback
2009-10-18 13:54 . 2009-10-18 13:54 -------- d-----w- c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\Thunderbird
2009-10-18 13:54 . 2009-10-18 13:54 -------- d-----w- c:\documents and settings\Matteo\Dati applicazioni\Thunderbird
2009-10-18 11:42 . 2009-10-18 11:42 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-18 11:42 . 2009-10-18 11:42 -------- d-----w- c:\programmi\MSBuild
2009-10-18 11:42 . 2009-10-18 11:42 -------- d-----w- c:\programmi\Reference Assemblies
2009-10-18 11:42 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-18 11:42 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-18 11:42 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-18 11:42 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-18 11:42 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-18 11:42 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-18 11:42 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-17 14:39 . 2009-10-17 14:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2009-10-17 14:27 . 2009-10-28 23:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-16 23:36 . 2006-05-24 17:15 882048 ----a-w- c:\windows\system32\drivers\HVR1110.sys
2009-10-16 23:36 . 2006-05-15 16:34 98360 ----a-w- c:\windows\system32\hcwi2c32.dll
2009-10-16 23:36 . 2006-05-15 16:33 245816 ----a-w- c:\windows\system32\hcwpnp32.dll
2009-10-16 23:36 . 2004-06-07 03:03 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2009-10-16 23:36 . 2003-02-26 11:07 3072 ----a-w- c:\windows\system32\HCW34Co.dll
2009-10-16 20:59 . 2009-10-16 20:59 -------- d-----w- c:\programmi\CCleaner
2009-10-16 20:57 . 2009-10-16 20:57 -------- d-----w- c:\windows\Sun
2009-10-16 20:38 . 2009-10-16 20:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA Corporation
2009-10-16 20:38 . 2009-10-16 20:38 -------- d-----w- c:\programmi\NVIDIA Corporation
2009-10-16 20:38 . 2009-09-27 14:12 490088 ----a-w- c:\windows\system32\nvuninst.exe
2009-10-16 20:37 . 2009-10-16 20:37 -------- d-----w- C:\NVIDIA
2009-10-16 20:36 . 2009-10-16 20:40 -------- d-----w- c:\windows\nview
2009-10-16 20:36 . 2009-09-27 14:12 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-16 20:11 . 2009-10-16 20:11 -------- d-----w- c:\documents and settings\Matteo\Dati applicazioni\Darq Software
2009-10-16 19:55 . 2009-10-16 19:55 0 ----a-w- c:\windows\nsreg.dat
2009-10-16 19:55 . 2009-10-16 19:55 -------- d-----w- c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\Mozilla
2009-10-16 19:17 . 2009-10-16 19:17 -------- d-sh--w- c:\documents and settings\Matteo\IECompatCache
2009-10-16 19:16 . 2009-10-16 19:16 -------- d-sh--w- c:\documents and settings\Matteo\PrivacIE
2009-10-16 19:15 . 2009-10-16 19:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-16 19:14 . 2009-10-16 19:14 -------- d-sh--w- c:\documents and settings\Matteo\IETldCache
2009-10-16 19:12 . 2009-10-16 19:12 -------- d-----w- c:\programmi\MSXML 4.0
2009-10-16 19:09 . 2009-08-29 07:56 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-16 19:09 . 2009-08-29 07:56 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-16 19:09 . 2009-08-29 07:56 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-16 19:09 . 2009-08-29 07:56 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-16 19:09 . 2009-08-29 07:56 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-16 19:09 . 2009-08-29 07:56 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-16 19:09 . 2009-10-16 19:09 -------- d-----w- c:\windows\ie8updates
2009-10-16 19:09 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-16 19:08 . 2009-10-16 19:09 -------- dc-h--w- c:\windows\ie8
2009-10-16 18:45 . 2009-10-16 19:14 -------- d-----w- c:\windows\system32\it-it
2009-10-16 18:45 . 2009-10-16 18:45 -------- d-----w- c:\windows\system32\it
2009-10-16 18:45 . 2009-10-16 18:45 -------- d-----w- c:\windows\system32\bits
2009-10-16 18:45 . 2009-10-16 18:45 -------- d-----w- c:\windows\l2schemas
2009-10-16 18:44 . 2009-10-16 18:45 -------- d-----w- c:\windows\ServicePackFiles
2009-10-16 17:32 . 2009-10-16 17:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-16 16:37 . 2008-05-01 14:34 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-16 16:35 . 2008-06-17 19:01 8490496 -c----w- c:\windows\system32\dllcache\shell32.dll
2009-10-16 16:32 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-16 16:26 . 2009-10-16 16:23 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-16 16:26 . 2009-10-16 16:23 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-16 16:26 . 2009-10-16 16:23 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-16 16:26 . 2009-10-16 16:23 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-16 16:26 . 2009-10-16 16:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-10-16 16:26 . 2009-10-16 16:26 -------- d-----w- c:\programmi\Avira
2009-10-16 16:22 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-16 16:22 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-16 16:22 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-16 16:17 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-16 16:16 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-16 15:57 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-16 15:57 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-16 15:56 . 2009-10-16 15:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-10-16 15:56 . 2009-10-16 15:56 -------- d-----w- c:\documents and settings\Matteo\Dati applicazioni\ScanSoft
2009-10-16 15:56 . 2009-10-16 15:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2009-10-16 15:56 . 2009-10-16 15:56 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2009-10-16 15:55 . 2009-10-16 15:55 -------- d-----w- c:\programmi\ScanSoft
2009-10-16 15:54 . 2009-10-16 15:54 -------- d-----w- c:\programmi\ArcSoft
2009-10-16 15:54 . 1995-08-01 02:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-10-16 15:54 . 1998-11-13 11:07 307712 ----a-w- c:\windows\IsUn0410.exe
2009-10-16 15:53 . 2009-10-16 15:53 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ
2009-10-16 15:53 . 2006-03-26 20:00 161792 ----a-w- c:\windows\system32\CNMLM82.DLL
2009-10-16 15:53 . 2009-10-16 15:53 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-10-16 15:53 . 2006-02-17 06:44 106496 ----a-w- c:\windows\system32\cnco180.dll
2009-10-16 15:53 . 2006-03-24 06:29 135168 ----a-w- c:\windows\system32\CNCL180.DLL
2009-10-16 15:53 . 2006-03-15 06:27 57344 ----a-w- c:\windows\system32\CNCI180.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 21:38 . 2006-08-11 15:43 -------- d-----w- c:\programmi\microsoft frontpage
2009-10-26 00:39 . 2006-08-11 15:57 84764 ----a-w- c:\windows\system32\perfc010.dat
2009-10-26 00:39 . 2006-08-11 15:57 490646 ----a-w- c:\windows\system32\perfh010.dat
2009-10-16 23:26 . 2006-08-11 15:41 -------- d-----w- c:\programmi\Windows Plus
2009-10-16 23:26 . 2006-08-11 15:42 -------- d-----w- c:\programmi\Servizi in linea
2009-10-16 23:25 . 2006-08-11 15:54 -------- d-----w- c:\programmi\Realtek
2009-10-16 23:25 . 2006-08-11 15:50 -------- d-----w- c:\programmi\Oca History Tool
2009-10-16 23:25 . 2006-08-11 16:06 -------- d-----w- c:\programmi\NewTech Infosystems
2009-10-16 23:24 . 2006-08-11 16:06 -------- d-----w- c:\programmi\File comuni\NewTech Infosystems
2009-10-16 23:24 . 2006-08-11 16:06 -------- d-----w- c:\programmi\File comuni\muvee Technologies
2009-10-16 23:24 . 2006-08-11 16:06 -------- d-----w- c:\programmi\File comuni\LightScribe
2009-10-16 23:24 . 2006-08-11 16:07 -------- d-----w- c:\programmi\DIFX
2009-10-16 23:24 . 2006-08-11 16:07 -------- d-----w- c:\programmi\CyberLink
2009-10-16 23:24 . 2006-08-11 16:08 -------- d-----w- c:\programmi\commercial
2009-10-16 23:24 . 2006-08-11 16:07 -------- d-----w- c:\programmi\Acer WLAN 11g USB Dongle
2009-10-16 15:56 . 2006-08-11 16:07 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-10-16 15:54 . 2006-08-11 16:07 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-16 15:05 . 2009-10-16 14:54 135 ----a-w- c:\documents and settings\Matteo\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-09-27 16:20 . 2009-09-27 16:20 2505320 ----a-w- c:\windows\system32\nvcpluir.dll
2009-09-27 16:20 . 2009-09-27 16:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 16:20 . 2009-09-27 16:20 253952 ----a-w- c:\windows\system32\nvrsth.dll
2009-09-27 16:20 . 2009-09-27 16:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 14:12 . 2009-10-16 23:37 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-27 14:12 . 2009-10-16 23:37 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 14:12 . 2009-10-16 23:37 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 14:12 . 2009-10-16 23:37 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 14:12 . 2009-09-27 14:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 14:12 . 2009-09-27 14:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 14:12 . 2009-09-27 14:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12 . 2009-09-27 14:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 14:12 . 2006-07-11 22:19 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 14:12 . 2006-07-11 22:19 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-25 05:35 . 2009-09-25 05:35 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-16 00:20 . 2009-10-19 20:18 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-14 23:12 . 2009-10-19 20:18 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-14 23:01 . 2009-10-19 20:18 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-11 14:17 . 2004-09-07 20:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-09-07 20:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2006-03-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-09-07 20:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2004-09-07 20:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2004-09-07 20:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2004-09-07 20:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2004-09-07 20:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2004-09-07 20:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2004-09-07 20:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2004-09-07 20:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 08:59 . 2004-09-07 20:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:26 . 2005-09-29 18:27 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:26 . 2005-09-29 18:28 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ntiMUI"="c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-09-07 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-16 149280]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 61440]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-10-16 209153]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-09-24 2971608]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-01 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2009-10-16 45056]
Acer WLAN 11g USB Dongle.lnk - c:\programmi\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [19/10/2009 21.18.51 229304]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [16/10/2009 17.26.50 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [16/10/2009 17.26.50 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [16/10/2009 17.26.50 434945]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [19/10/2009 21.18.52 87656]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [19/10/2009 21.18.38 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [19/10/2009 21.18.38 70280]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [19/10/2009 21.18.38 46592]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [19/10/2009 21.18.36 115088]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.tiscali.it/
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Matteo\Dati applicazioni\Mozilla\Firefox\Profiles\w0pwafgr.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 00:14
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(1072)
c:\programmi\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(2132)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\programmi\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-10-28 0.15.08
ComboFix-quarantined-files.txt 2009-10-28 23:15

Pre-Run: 141.021.569.024 byte disponibili
Post-Run: 140.986.556.416 byte disponibili

- - End Of File - - 10C5796A2F24451F64476E1747E4BF45
Torna in alto
 
mat82
Inviato: Thursday, October 29, 2009 1:10:58 AM

Rank: AiutAmico

Iscritto dal : 5/13/2008
Posts: 146
Ok buona notte ci sentiamo domani
Torna in alto
 
mat82
Inviato: Thursday, October 29, 2009 5:16:04 PM

Rank: AiutAmico

Iscritto dal : 5/13/2008
Posts: 146
Ciao r16 ora internet explorer 8 funzionaWhistle invece ieri sera noThink
Non mi sembra che ci siano virus tu cosa nè pensi analizzando i Log? grazie e buona serata
Torna in alto
 
r16
Inviato: Thursday, October 29, 2009 9:56:58 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Infatti, non ci sono infezioni.
Hai riavviato il pc, quando hai fatto il "Reimposta"?
Se IE8 adesso funziona, qualcosa si sarà messo a posto.
Alle volte, succedono cose strane con Windows.
Comunque se funziona tutto.....meglio così.
Ciao.
Torna in alto
 
mat82
Inviato: Thursday, October 29, 2009 11:34:18 PM

Rank: AiutAmico

Iscritto dal : 5/13/2008
Posts: 146
Grazie mille r16Applause penso che sia stato solo un problema di impostazione di explorer 8 magari aggravato inizialmente da qualche"ospite" che avevo rimosso con spybot. Buona serata e grazie ancora
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il Log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.