Discussione: [8] HiJackThis [Thread Ufficiale]

Tom Hansen

#451 22-09-08 21:21

---

Ok grazie

jin_tekken

#452 22-09-08 22:37

---

Spoiler:

Logfile of HijackThis v1.99.1
Scan saved at 21.25.07, on 22/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
C:\Programmi\EzButton\CPLDBL10.EXE
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\x\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\sw g.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Programmi\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

non ho un antivirus
cosa mi consigliate? Avevo AVG Free ma l'ho disinstallato perchè odiavo l'icona e perchè mi appesantiva un sacco in background e ancora perchè col mio merda di modem UMTS della Vodafone non si aggiornava

Grazie

miki boss

#453 23-09-08 15:33

---

@ jin_tekken: Come antivirus puoi scegliere Avira AntiVir, anch'esso FREE. Fixa queste:

Spoiler:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Programmi\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

jin_tekken

#454 23-09-08 21:37

---

miki boss

O4 - HKLM\..\Run: [CeEPOWER] C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe

Questi qua della Toshiba non so se dovrei disattivarli. Cioè il mio portatile è Toshiba e una utility per il Power Management e per il Touch Pad mi sembrano cose utili
Il CeEKey non so cosa sia però

Scusa lo scetticismo, sono grato che mi hai aiutato eh!
Però se mi risolvi questi dubbi te ne sarei ancora più grato

miki boss

#455 24-09-08 15:40

---

Ovviamente io ti segnalo tutte le voci NON NECESSARIE all'avvio del sistema. E' logico che se questi programmi ti sono di una certa utilità non li devi fixare all'avvio, tutto sta a te. Io ti segno tutte le voci non necessarie, per il resto deve anche essere l'utente a scegliere quali processi gli servono e quali no.
In questa pagina è contenuta la descrizione su CeEKey. Puoi capire leggendone la sua descrizione se ti serve oppure no. Fixa senza problemi TPTray, assolutamente inutile.

BOSE

#456 26-09-08 13:57

---

Spoiler:

Logfile of HijackThis v1.99.1
Scan saved at 12.57.05, on 26/09/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\services.exe
C:\Programmi\Skra\Skra.exe
C:\DOCUME~1\Enrico\DOCUME~1\ECURIT~1\wuauclt.exe
C:\Documents and Settings\Enrico\Documenti\?icrosoft.NET\w?nlogon.exe
C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Last.fm\LastFMHelper.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {024738-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP06568 Class - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Programmi\AOL Security Toolbar\tbu2\AOL_security_toolbar.dll
O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Programmi\OINAnalytics\OINAnalytics.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A932E43F-26AD-7506-F938-7FA295B41DB2} - C:\WINDOWS\System32\xccwbysv.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Programmi\Mjcore\Mjcore.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Programmi\AOL Security Toolbar\tbu2\AOL_security_toolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{3a812f05-42ee-4899-ad7e-e39686134a75}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\vfgottppnvamygsk.dll" DllStart
O4 - HKLM\..\Run: [cwriter] C:\Programmi\ToolSicuro\ucookw.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [advap32] .\3.tmp/r
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [CJKHJLMM] %systemroot%\CJKHJLMM.exe
O4 - HKLM\..\Run: [runservices] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [Fraps] C:\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skra] C:\Programmi\Skra\Skra.exe
O4 - HKCU\..\Run: [Taos] "C:\DOCUME~1\Enrico\DOCUME~1\ECURIT~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Duhi] C:\WINDOWS\system32\?racle\??rvices.exe
O4 - HKCU\..\Run: [Irzzzqql] C:\WINDOWS\s?stem\r?ndll.exe
O4 - HKCU\..\Run: [Iwhcvgu] "C:\Documents and Settings\Enrico\Documenti\?icrosoft.NET\w?nlogon.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - Startup: Last.fm Helper.lnk = C:\Programmi\Last.fm\LastFMHelper.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151509717703
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D343F24-9AAD-49-99CF-E934E405A361}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

Quali devo o mi conviene fixare?

miki boss

#457 26-09-08 15:25

---

@ BOSE: Sei infestato da malware. Fixa tutte queste:

Spoiler:

C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\services.exe
C:\Programmi\Skra\Skra.exe
C:\DOCUME~1\Enrico\DOCUME~1\ECURIT~1\wuauclt.exe
C:\Documents and Settings\Enrico\Documenti\?icrosoft.NET\w?nlogon.exe
O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Programmi\OINAnalytics\OINAnalytics.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA5E23E045} - (no file)
O2 - BHO: (no name) - {A932E43F-26AD-7506-F938-7FA295B41DB2} - C:\WINDOWS\System32\xccwbysv.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Programmi\Mjcore\Mjcore.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [{3a812f05-42ee-4899-ad7e-e39686134a75}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\vfgottppnvamygsk.dll" DllStart
O4 - HKLM\..\Run: [cwriter] C:\Programmi\ToolSicuro\ucookw.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [advap32] .\3.tmp/r
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [CJKHJLMM] %systemroot%\CJKHJLMM.exe
O4 - HKLM\..\Run: [runservices] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [Fraps] C:\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skra] C:\Programmi\Skra\Skra.exe
O4 - HKCU\..\Run: [Taos] "C:\DOCUME~1\Enrico\DOCUME~1\ECURIT~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Duhi] C:\WINDOWS\system32\?racle\??rvices.exe
O4 - HKCU\..\Run: [Irzzzqql] C:\WINDOWS\s?stem\r?ndll.exe
O4 - HKCU\..\Run: [Iwhcvgu] "C:\Documents and Settings\Enrico\Documenti\?icrosoft.NET\w?nlogon.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - Startup: Last.fm Helper.lnk = C:\Programmi\Last.fm\LastFMHelper.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151509717703
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

E' possibile che non troverai le prime voci, in quanto erano in esecuzione al momento dello scan. Non preoccuparti se non le tovi oppure non riesci a fixarle, elimina tutto il resto e vedrai che al prossimo riavvio del PC tutto si sarà sistemato .

Ghost85

#458 26-09-08 17:25

---

Ho dato una completa ripulita al mio pc, ma vorrei un vostro parere sul log, perché sono sicuro che ci sia molto da fixare ^^

Spoiler:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16.21.23, on 26/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Thunderbird-Tray\TBTray.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Giganology\Gigaget\Gigaget.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Downloads\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Programmi\DIALux\DLXShellExtension.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Gigaget] "C:\Programmi\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: TB-Tray.lnk = C:\Programmi\Thunderbird-Tray\TBTray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1212864434529
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1212864424076
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{751E7E44-D461-4471-B9D8-583FDE3E23D6}: NameServer = 85.37.17.17,85.38.28.72
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

Calcolate che già tutta la roba di avvio di ITunes io non la uso ^_^
A me basta che antivirus e programmi quali messenger, thunderbird e il setpoint si avviino ^_^

--
End of file - 8497 bytes

miki boss

#459 26-09-08 17:53

---

@ Ghost85: Hai da fixare solo queste:

Spoiler:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Gigaget] "C:\Programmi\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1212864434529
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1212864424076
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab

Ghost85

#460 26-09-08 18:34

---

Grazie mille ^_^


fumoffu

BOSE

#461 27-09-08 13:05

---

Ripulito. C'è un buon antivirus e anti malware freeware, in modo che non mi incasini il registro come prima?

SERPENTE915

#462 27-09-08 14:30

---

BOSE

Ripulito. C'è un buon antivirus e anti malware freeware, in modo che non mi incasini il registro come prima?

Avira
Spyware Blaster(non mi ricordo cosa fa di sicuro)
Spybot Seacrh & Desotry

miki boss

#463 27-09-08 15:17

---

Anche i soli AntiVir e SpyBot ti offrono una protezione pressochè completa, affiancati ad HiJackThis.

BOSE

#464 27-09-08 19:22

---

E' normale che da quando ho pulito il log come mi avete detto voi, la connessione sia diventata costantemente stralenta??

miki boss

#465 27-09-08 19:31

---

BOSE

E' normale che da quando ho pulito il log come mi avete detto voi, la connessione sia diventata costantemente stralenta??

No, la cosa non è normale. Questo problema persiste da giorni?