Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log

Controllo Log Opzioni
Topic Precedente · Topic Sucessivo
robertcan
Inviato: Thursday, July 14, 2005 10:51:05 PM
Rank: Member

Iscritto dal : 7/14/2005
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 22.46.17, on 14/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~2\UpsPilot\Winpower.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~2\UpsPilot\hello21.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
L:\Programmi\QuickTime\qttask.exe
L:\Programmi\NetLimiter\NetLimiter.exe
L:\Programmi\D-Tools\daemon.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
L:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\ORiNOCO\Client Manager\CmLUC.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\twain_32\trust\19200\SCANER32.EXE
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\SalvoEli\Desktop\Nuova cartella (4)\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 209.158.71.16:8609
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;(local)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvMixerTray] C:\Programmi\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Programmi\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ImInstaller] C:\DOCUME~1\SalvoEli\IMPOST~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -product IncrediMail
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "L:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetLimiter] l:\Programmi\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "L:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Programmi\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [byzrpi] C:\WINDOWS\System32\umrdic.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Programmi\NaviSearch\bin\nls.exe
O4 - HKLM\..\RunServices: [Winpower] C:\Program Files\UpsPilot\Winpower.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Programmi\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MemTurbo.lnk = C:\Programmi\MemTurbo30\MemTurbo.exe
O4 - Startup: Trust Scanner Utilities.lnk = C:\WINDOWS\twain_32\trust\19200\SCANER32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = L:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Programmi\ORiNOCO\Client Manager\CmLUC.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/cab/prod/DD_v4.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0736ee81e8a3c56b5e05/netzip/RdxIE601_it.cab
O16 - DPF: {5DDF3BA5-7DCD-45A9-B4A1-601E67700271} (DDv4_Member.DDv4) - http://www.drivershq.com/cab/prod/DDv4_Member.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118304692484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {A6EE3F8E-925E-11D4-892D-0000C0D84CF5} (3DCT Viewer Class) - http://www.3dcompress.com/download/3DSee.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {ED6D016A-12F8-4871-BEDC-CE13AAAB4F0B} (DD_v4_Member.DDv4) - http://www.drivershq.com/members/DD_v4_Member.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD35DC75-79E2-4BFF-9EBA-586EA465A816}: NameServer = 212.216.112.112,212.216.172.62
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: ISEXEng - Unknown owner - (no file)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: RVS Installer (RVSINST) - RVS Datentechnik GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Winpower - Zero G - C:\PROGRA~2\UpsPilot\Winpower.exe
Torna in alto
 
Sponsor
Inviato: Thursday, July 14, 2005 10:51:05 PM

 
Torna in alto
 
alfonso
Inviato: Friday, July 15, 2005 9:58:45 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 209.158.71.16:8609
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;(local)
-
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
-
O4 - HKLM\..\Run: [byzrpi] C:\WINDOWS\System32\umrdic.exe
-
O4 - HKLM\..\Run: [NaviSearch] C:\Programmi\NaviSearch\bin\nls.exe
-
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/cab/prod/DD_v4.CAB
-
O16 - DPF: {5DDF3BA5-7DCD-45A9-B4A1-601E67700271} (DDv4_Member.DDv4) - http://www.drivershq.com/cab/prod/DDv4_Member.CAB
-
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {A6EE3F8E-925E-11D4-892D-0000C0D84CF5} (3DCT Viewer Class) - http://www.3dcompress.com/download/3DSee.cab
-
O16 - DPF: {ED6D016A-12F8-4871-BEDC-CE13AAAB4F0B} (DD_v4_Member.DDv4) - http://www.drivershq.com/members/DD_v4_Member.CAB
-
O23 - Service: ISEXEng - Unknown owner - (no file)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
umrdic.exe
nls.exe
==================================

ELIMINA LA CARTELLA IN ROSSO
C:\Programmi\<font color=red><b>NaviSearch</font id=red></b>


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA


al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.
Collaboratore Aiutamici
Torna in alto
 
robertcan
Inviato: Friday, July 15, 2005 5:23:16 PM
Rank: Member

Iscritto dal : 7/14/2005
Posts: 0
Ho eseguito tutto alla lettera. Da circa 1 ora sono connesso e non si prensetano problemi. Su cerca di window non ci sono i file. exe da te indicati. La cartella In rosso su c:/programmi non la vedo,ovvero, vedo la cartella programmi ma è piena.
Continuo a provare con la speranza che il problema non si ripresenti.
Dimenticavo: quando ero su "CERCA" mi è spuntato un messaggio di window + volte.. diceva: la memoria non poteva essere red etc...
Per adesso grazie di tutto, siete magnifici
Torna in alto
 
robertcan
Inviato: Friday, July 15, 2005 5:52:50 PM
Rank: Member

Iscritto dal : 7/14/2005
Posts: 0
IL problema si è appena ripresentato visitando e connettendomi a SuperEva, prima non succedeva, adesso riprovo a navigare su altri siti che normalmente frequento
Torna in alto
 
alfonso
Inviato: Friday, July 15, 2005 8:59:55 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Inserisci nuovamente il log.
Collaboratore Aiutamici
Torna in alto
 
robertcan
Inviato: Friday, July 15, 2005 9:51:24 PM
Rank: Member

Iscritto dal : 7/14/2005
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 21.48.50, on 15/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~2\UpsPilot\Winpower.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\EPOX\USDM\USDM.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
L:\Programmi\QuickTime\qttask.exe
L:\Programmi\NetLimiter\NetLimiter.exe
L:\Programmi\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
L:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\ORiNOCO\Client Manager\CmLUC.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~2\UpsPilot\hello21.exe
C:\WINDOWS\twain_32\trust\19200\SCANER32.EXE
L:\Programmi\eMule\emule.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\SalvoEli\Desktop\Nuova cartella (4)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvMixerTray] C:\Programmi\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Programmi\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ImInstaller] C:\DOCUME~1\SalvoEli\IMPOST~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -product IncrediMail
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "L:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetLimiter] l:\Programmi\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "L:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Programmi\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\RunServices: [Winpower] C:\Program Files\UpsPilot\Winpower.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Programmi\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MemTurbo.lnk = C:\Programmi\MemTurbo30\MemTurbo.exe
O4 - Startup: Trust Scanner Utilities.lnk = C:\WINDOWS\twain_32\trust\19200\SCANER32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = L:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Programmi\ORiNOCO\Client Manager\CmLUC.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0736ee81e8a3c56b5e05/netzip/RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118304692484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD35DC75-79E2-4BFF-9EBA-586EA465A816}: NameServer = 212.216.112.112,212.216.172.62
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: RVS Installer (RVSINST) - RVS Datentechnik GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Winpower - Zero G - C:\PROGRA~2\UpsPilot\Winpower.exe
Torna in alto
 
alfonso
Inviato: Friday, July 15, 2005 10:00:26 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Il log adesso e pulito da spyware, prova a fare un controllo antivirus da questo indirizzo
http://security.symantec.com/default.asp?productid=symhome&langid=it&venid=sym
Collaboratore Aiutamici
Torna in alto
 
robertcan
Inviato: Friday, July 15, 2005 10:35:26 PM
Rank: Member

Iscritto dal : 7/14/2005
Posts: 0
Sto effetuando la scansione dal Link che mi hai dato.
Avevo il Norton 2004 l'ho sostituito col Nod32.
Torna in alto
 
robertcan
Inviato: Saturday, July 16, 2005 12:13:23 AM
Rank: Member

Iscritto dal : 7/14/2005
Posts: 0
L:\Programmi\eMule\Incoming\WinRar.3.20.Final.Italiano.+.Kg.Autoestraente.-.by.Dimostar.exe è infettato con Hacktool
Non mi spiego come mai il nod32 non l'ha rilevato
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo Log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.