DIALER NASCOSTISSIMO! - Sicurezza Informatica

NoTrace Security Forum

Nome Utente:	Password:
Salva Password
Password Dimenticata?

Tutti i Forum

Virus

Computer Virus

DIALER NASCOSTISSIMO!

Forum Bloccato

Versione Stampabile

Aggiungi Segnalibro

Pagina Successiva

Autore

Discussione

Pagina: di 2

steve22
New Member

46 Messaggi

Inserito il - 19/11/2005 : 18:01:11

Ciao a tutti!
Ho un problema enorme: Ho un dialer nascosto sul pc,senza connessioni remote o altro, che beffa stop dialer, antidialer, dialer control,spybot, ad-aware, cwshredder, panda, e tutto il resto! Praticamente io mi connetto con la mia connessione, e lui dopo un attimo mi cambia il numero senza che il pc emetta segnale alcuno!
Grazie a PORTMON so il numero che viene composto, ma il processo rimane lo stesso, SVCHOST!!!! SONO DISPERATO, non voglio resettare il pc! ho sul pc hijack this ma nn saprei cosa eliminare! aiuto!!!

Er-Gladiatore
Advanced Member

Città: Roma

2540 Messaggi

Inserito il - 19/11/2005 : 18:08:55

Steve22 per vedere se hai questodialer postaci un log di Hijackthis.

Non ti proccupare ti spiego nel dettaglio come fare:

Scaricati Hijackthis da qui htt*://[www].download[.com]/HijackThis/3000-8022_4-10379544.html?tag=lst-0-1

Non ti proccupare non si deve installare,cliccaci due volte e clicca sulla prima opzione "Do you a log file and save a log" o qualcosa del genere.

Dopo che ti è apparso il file di scrittura copia quello che c'è scritto sul foglio e incollalo qui sul forum.

Ciao facci sapere

steve22
New Member

46 Messaggi

Inserito il - 19/11/2005 : 18:12:36

Ecco cosa mi dice hijack this,aiuto!!

Logfile of HijackThis v1.99.1
Scan saved at 18.13.52, on 19/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmi\dvd43\dvd43_tray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\sndman.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\timer.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\steve\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://[www].hp[.com]/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt*://[www].hp[.com]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.238.40.2 [www].winmx[.com]
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx[.com]
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx[.com]
O1 - Hosts: 82.43.224.20 c3312.z1301.winmx[.com]
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx[.com]
O1 - Hosts: 212.227.64.159 c3314.z1301.winmx[.com]
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx[.com]
O1 - Hosts: 67.18.233.36 c3316.z1301.winmx[.com]
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx[.com]
O1 - Hosts: 209.67.209.50 c3318.z1301.winmx[.com]
O1 - Hosts: 212.227.64.159 c3319.z1301.winmx[.com]
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx[.com]
O1 - Hosts: 67.18.233.36 c3311.z1302.winmx[.com]
O1 - Hosts: 82.43.224.20 c3312.z1302.winmx[.com]
O1 - Hosts: 209.67.209.50 c3313.z1302.winmx[.com]
O1 - Hosts: 212.227.64.159 c3314.z1302.winmx[.com]
O1 - Hosts: 205.238.40.2 c3315.z1302.winmx[.com]
O1 - Hosts: 67.18.233.36 c3316.z1302.winmx[.com]
O1 - Hosts: 82.43.224.20 c3317.z1302.winmx[.com]
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx[.com]
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx[.com]
O1 - Hosts: 82.43.224.20 c3310.z1303.winmx[.com]
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx[.com]
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx[.com]
O1 - Hosts: 82.43.224.20 c3313.z1303.winmx[.com]
O1 - Hosts: 67.18.233.36 c3314.z1303.winmx[.com]
O1 - Hosts: 205.238.40.2 c3315.z1303.winmx[.com]
O1 - Hosts: 82.43.224.20 c3316.z1303.winmx[.com]
O1 - Hosts: 67.18.233.36 c3317.z1303.winmx[.com]
O1 - Hosts: 205.238.40.2 c3318.z1303.winmx[.com]
O1 - Hosts: 82.43.224.20 c3319.z1303.winmx[.com]
O1 - Hosts: 205.238.40.2 c3310.z1304.winmx[.com]
O1 - Hosts: 67.18.233.36 c3311.z1304.winmx[.com]
O1 - Hosts: 82.43.224.20 c3312.z1304.winmx[.com]
O1 - Hosts: 209.67.209.50 c3313.z1304.winmx[.com]
O1 - Hosts: 212.227.64.159 c3314.z1304.winmx[.com]
O1 - Hosts: 205.238.40.2 c3315.z1304.winmx[.com]
O1 - Hosts: 67.18.233.36 c3316.z1304.winmx[.com]
O1 - Hosts: 82.43.224.20 c3317.z1304.winmx[.com]
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx[.com]
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx[.com]
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx[.com]
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx[.com]
O1 - Hosts: 82.43.224.20 c3312.z1305.winmx[.com]
O1 - Hosts: 209.67.209.50 c3313.z1305.winmx[.com]
O1 - Hosts: 212.227.64.159 c3314.z1305.winmx[.com]
O1 - Hosts: 205.238.40.2 c3315.z1305.winmx[.com]
O1 - Hosts: 67.18.233.36 c3316.z1305.winmx[.com]
O1 - Hosts: 82.43.224.20 c3317.z1305.winmx[.com]
O1 - Hosts: 209.67.209.50 c3318.z1305.winmx[.com]
O1 - Hosts: 212.227.64.159 c3319.z1305.winmx[.com]
O1 - Hosts: 205.238.40.2 c3310.z1306.winmx[.com]
O1 - Hosts: 67.18.233.36 c3311.z1306.winmx[.com]
O1 - Hosts: 82.43.224.20 c3312.z1306.winmx[.com]
O1 - Hosts: 209.67.209.50 c3313.z1306.winmx[.com]
O1 - Hosts: 212.227.64.159 c3314.z1306.winmx[.com]
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx[.com]
O1 - Hosts: 67.18.233.36 c3316.z1306.winmx[.com]
O1 - Hosts: 82.43.224.20 c3317.z1306.winmx[.com]
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx[.com]
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx[.com]
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx[.com]
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx[.com]
O1 - Hosts: 82.43.224.20 c3522.z1301.winmx[.com]
O1 - Hosts: 209.67.209.50 c3523.z1301.winmx[.com]
O1 - Hosts: 212.227.64.159 c3524.z1301.winmx[.com]
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx[.com]
O1 - Hosts: 67.18.233.36 c3526.z1301.winmx[.com]
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx[.com]
O1 - Hosts: 209.67.209.50 c3528.z1301.winmx[.com]
O1 - Hosts: 212.227.64.159 c3529.z1301.winmx[.com]
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx[.com]
O1 - Hosts: 67.18.233.36 c3521.z1302.winmx[.com]
O1 - Hosts: 82.43.224.20 c3522.z1302.winmx[.com]
O1 - Hosts: 209.67.209.50 c3523.z1302.winmx[.com]
O1 - Hosts: 212.227.64.159 c3524.z1302.winmx[.com]
O1 - Hosts: 205.238.40.2 c3525.z1302.winmx[.com]
O1 - Hosts: 67.18.233.36 c3526.z1302.winmx[.com]
O1 - Hosts: 82.43.224.20 c3527.z1302.winmx[.com]
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx[.com]
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx[.com]
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx[.com]
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx[.com]
O1 - Hosts: 82.43.224.20 c3522.z1303.winmx[.com]
O1 - Hosts: 209.67.209.50 c3523.z1303.winmx[.com]
O1 - Hosts: 212.227.64.159 c3524.z1303.winmx[.com]
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx[.com]
O1 - Hosts: 67.18.233.36 c3526.z1303.winmx[.com]
O1 - Hosts: 82.43.224.20 c3527.z1303.winmx[.com]
O1 - Hosts: 209.67.209.50 c3528.z1303.winmx[.com]
O1 - Hosts: 212.227.64.159 c3529.z1303.winmx[.com]
O1 - Hosts: 205.238.40.2 c3520.z1304.winmx[.com]
O1 - Hosts: 67.18.233.36 c3521.z1304.winmx[.com]
O1 - Hosts: 82.43.224.20 c3522.z1304.winmx[.com]
O1 - Hosts: 209.67.209.50 c3523.z1304.winmx[.com]
O1 - Hosts: 212.227.64.159 c3524.z1304.winmx[.com]
O1 - Hosts: 205.238.40.2 c3525.z1304.winmx[.com]
O1 - Hosts: 67.18.233.36 c3526.z1304.winmx[.com]
O1 - Hosts: 82.43.224.20 c3527.z1304.winmx[.com]
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx[.com]
O1 - Hosts: 212.227.64.159 c3529.z1304.winmx[.com]
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [dvd43] C:\Programmi\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AutoTBar] WINDOWS\System32\Wbem;C:\Programmi\File comuni\Autodesk Shared\AUTOTBAR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [firewall] C:\WINDOWS\timer.exe /i
O4 - HKLM\..\Run: [SoundMan] C:\WINDOWS\sndman.exe -i
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] C:\Programmi\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Programmi\Le Robert\Le Petit Robert\prhyper.exe
O4 - Startup: WKCALREM.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=htt*://[www].hp[.com]
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - htt*://[www]3.ca[.com]/securityadvisor/virusinfo/webscan .cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - htt*://acs.pandasoftware[.com]/activescan/as5free/asinst .cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10AAE25D-FB15-46CA-9A57-27BBFCC88072}: NameServer = 151.99.125.2 151.99.125.3
O20 - Winlogon Notify: -cszotzqf - C:\WINDOWS\system32\jiampo.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

Er-Gladiatore
Advanced Member

Città: Roma

2540 Messaggi

Inserito il - 19/11/2005 : 18:44:44

Per caso quando hai fotto il log di Hijackthis avevi WinMx aperto?

Come p2p hai WinMx?

steve22
New Member

46 Messaggi

Inserito il - 19/11/2005 : 18:49:49

No, ho e mule winmx l'ho eliminato!

steve22
New Member

46 Messaggi

Inserito il - 19/11/2005 : 18:53:10

ah, ho trovato un file, nel task manager, che è sparito di colpo da solo, si chiama SVRCHOS1AT.EXE, è sparito subito dopo la tentata connessione balorda!

Er-Gladiatore
Advanced Member

Città: Roma

2540 Messaggi

Inserito il - 19/11/2005 : 20:07:57

Allora siccome con Hijackthis non ho molta esperienza ti consiglio di sentire il parere di qualcun altro ma secondo me questo è da fixare:

C:\WINDOWS\timer.exe
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx[.com]
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx[.com]
O1 - Hosts: 82.43.224.20 c3312.z1301.winmx[.com]
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx[.com]
O1 - Hosts: 212.227.64.159 c3314.z1301.winmx[.com]
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx[.com]
O1 - Hosts: 67.18.233.36 c3316.z1301.winmx[.com]
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx[.com]
O1 - Hosts: 209.67.209.50 c3318.z1301.winmx[.com]
O1 - Hosts: 212.227.64.159 c3319.z1301.winmx[.com]
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx[.com]
O1 - Hosts: 67.18.233.36 c3311.z1302.winmx[.com]
O1 - Hosts: 82.43.224.20 c3312.z1302.winmx[.com]
O1 - Hosts: 209.67.209.50 c3313.z1302.winmx[.com]
O1 - Hosts: 212.227.64.159 c3314.z1302.winmx[.com]
O1 - Hosts: 205.238.40.2 c3315.z1302.winmx[.com]
O1 - Hosts: 67.18.233.36 c3316.z1302.winmx[.com]
O1 - Hosts: 82.43.224.20 c3317.z1302.winmx[.com]
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx[.com]
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx[.com]
O1 - Hosts: 82.43.224.20 c3310.z1303.winmx[.com]
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx[.com]
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx[.com]
O1 - Hosts: 82.43.224.20 c3313.z1303.winmx[.com]
O1 - Hosts: 67.18.233.36 c3314.z1303.winmx[.com]
O1 - Hosts: 205.238.40.2 c3315.z1303.winmx[.com]
O1 - Hosts: 82.43.224.20 c3316.z1303.winmx[.com]
O1 - Hosts: 67.18.233.36 c3317.z1303.winmx[.com]
O1 - Hosts: 205.238.40.2 c3318.z1303.winmx[.com]
O1 - Hosts: 82.43.224.20 c3319.z1303.winmx[.com]
O1 - Hosts: 205.238.40.2 c3310.z1304.winmx[.com]
O1 - Hosts: 67.18.233.36 c3311.z1304.winmx[.com]
O1 - Hosts: 82.43.224.20 c3312.z1304.winmx[.com]
O1 - Hosts: 209.67.209.50 c3313.z1304.winmx[.com]
O1 - Hosts: 212.227.64.159 c3314.z1304.winmx[.com]
O1 - Hosts: 205.238.40.2 c3315.z1304.winmx[.com]
O1 - Hosts: 67.18.233.36 c3316.z1304.winmx[.com]
O1 - Hosts: 82.43.224.20 c3317.z1304.winmx[.com]
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx[.com]
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx[.com]
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx[.com]
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx[.com]
O1 - Hosts: 82.43.224.20 c3312.z1305.winmx[.com]
O1 - Hosts: 209.67.209.50 c3313.z1305.winmx[.com]
O1 - Hosts: 212.227.64.159 c3314.z1305.winmx[.com]
O1 - Hosts: 205.238.40.2 c3315.z1305.winmx[.com]
O1 - Hosts: 67.18.233.36 c3316.z1305.winmx[.com]
O1 - Hosts: 82.43.224.20 c3317.z1305.winmx[.com]
O1 - Hosts: 209.67.209.50 c3318.z1305.winmx[.com]
O1 - Hosts: 212.227.64.159 c3319.z1305.winmx[.com]
O1 - Hosts: 205.238.40.2 c3310.z1306.winmx[.com]
O1 - Hosts: 67.18.233.36 c3311.z1306.winmx[.com]
O1 - Hosts: 82.43.224.20 c3312.z1306.winmx[.com]
O1 - Hosts: 209.67.209.50 c3313.z1306.winmx[.com]
O1 - Hosts: 212.227.64.159 c3314.z1306.winmx[.com]
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx[.com]
O1 - Hosts: 67.18.233.36 c3316.z1306.winmx[.com]
O1 - Hosts: 82.43.224.20 c3317.z1306.winmx[.com]
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx[.com]
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx[.com]
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx[.com]
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx[.com]
O1 - Hosts: 82.43.224.20 c3522.z1301.winmx[.com]
O1 - Hosts: 209.67.209.50 c3523.z1301.winmx[.com]
O1 - Hosts: 212.227.64.159 c3524.z1301.winmx[.com]
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx[.com]
O1 - Hosts: 67.18.233.36 c3526.z1301.winmx[.com]
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx[.com]
O1 - Hosts: 209.67.209.50 c3528.z1301.winmx[.com]
O1 - Hosts: 212.227.64.159 c3529.z1301.winmx[.com]
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx[.com]
O1 - Hosts: 67.18.233.36 c3521.z1302.winmx[.com]
O1 - Hosts: 82.43.224.20 c3522.z1302.winmx[.com]
O1 - Hosts: 209.67.209.50 c3523.z1302.winmx[.com]
O1 - Hosts: 212.227.64.159 c3524.z1302.winmx[.com]
O1 - Hosts: 205.238.40.2 c3525.z1302.winmx[.com]
O1 - Hosts: 67.18.233.36 c3526.z1302.winmx[.com]
O1 - Hosts: 82.43.224.20 c3527.z1302.winmx[.com]
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx[.com]
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx[.com]
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx[.com]
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx[.com]
O1 - Hosts: 82.43.224.20 c3522.z1303.winmx[.com]
O1 - Hosts: 209.67.209.50 c3523.z1303.winmx[.com]
O1 - Hosts: 212.227.64.159 c3524.z1303.winmx[.com]
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx[.com]
O1 - Hosts: 67.18.233.36 c3526.z1303.winmx[.com]
O1 - Hosts: 82.43.224.20 c3527.z1303.winmx[.com]
O1 - Hosts: 209.67.209.50 c3528.z1303.winmx[.com]
O1 - Hosts: 212.227.64.159 c3529.z1303.winmx[.com]
O1 - Hosts: 205.238.40.2 c3520.z1304.winmx[.com]
O1 - Hosts: 67.18.233.36 c3521.z1304.winmx[.com]
O1 - Hosts: 82.43.224.20 c3522.z1304.winmx[.com]
O1 - Hosts: 209.67.209.50 c3523.z1304.winmx[.com]
O1 - Hosts: 212.227.64.159 c3524.z1304.winmx[.com]
O1 - Hosts: 205.238.40.2 c3525.z1304.winmx[.com]
O1 - Hosts: 67.18.233.36 c3526.z1304.winmx[.com]
O1 - Hosts: 82.43.224.20 c3527.z1304.winmx[.com]
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx[.com]
O1 - Hosts: 212.227.64.159 c3529.z1304.winmx[.com]
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)

steve22
New Member

46 Messaggi

Inserito il - 19/11/2005 : 20:17:33

Li ho appena cancellati, spero funzioni, grazie mille comunque! Del file ke ho scritto nn ti dice niente?

Er-Gladiatore
Advanced Member

Città: Roma

2540 Messaggi

Inserito il - 19/11/2005 : 20:20:35

SVRCHOS1AT.EXE è un Trojan basta scrivere il processo che mi hai detto su Google.

Per quanto riguarda il log di Hijackthis ti avevo detto di sentire anche gli altri....

Er-Gladiatore
Advanced Member

Città: Roma

2540 Messaggi

Inserito il - 19/11/2005 : 20:21:11

Riposta un log...

steve22
New Member

46 Messaggi

Inserito il - 19/11/2005 : 20:28:47

ecco il nuovo LOG
Logfile of HijackThis v1.99.1
Scan saved at 20.30.37, on 19/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmi\dvd43\dvd43_tray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\sndman.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\timer.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\steve\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://[www].hp[.com]/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt*://[www].hp[.com]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [dvd43] C:\Programmi\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AutoTBar] WINDOWS\System32\Wbem;C:\Programmi\File comuni\Autodesk Shared\AUTOTBAR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [firewall] C:\WINDOWS\timer.exe /i
O4 - HKLM\..\Run: [SoundMan] C:\WINDOWS\sndman.exe -i
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] C:\Programmi\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Programmi\Le Robert\Le Petit Robert\prhyper.exe
O4 - Startup: WKCALREM.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=htt*://[www].hp[.com]
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - htt*://[www]3.ca[.com]/securityadvisor/virusinfo/webscan .cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - htt*://acs.pandasoftware[.com]/activescan/as5free/asinst .cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10AAE25D-FB15-46CA-9A57-27BBFCC88072}: NameServer = 151.99.125.2 151.99.125.3
O20 - Winlogon Notify: -cszotzqf - C:\WINDOWS\system32\jiampo.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

n/a
deleted

1470 Messaggi

Inserito il - 19/11/2005 : 21:04:06

DISINSTALLA IL NORTON
se non ti ha trovato niente a niente serve. scarica questi prog.
RegSeeker htt*://[www].pianetapc.it/downloads.php?id=96
Ad-aware SE htt*://[www].pianetapc.it/downloads.php?id=15
BitDefender 7.2 htt*://download.vnunet.it/download/anti-virus/bitdefender+free+edition/_445.html
SpyBot S&D htt*://[www].pianetapc.it/downloads.php?id=17
SpywareBlaster htt*://[www].pianetapc.it/downloads.php?id=24
Outpost 1.0 htt*://[www].pianetapc.it/downloads.php?id=25
installali e aggiornali

Riavvia dalla provvisoria,disabilita ripristino di configurazione ,visualizza file e cartelle di sistema.

Lancia una scansione con Spyboot S&D
poi lancia HJK e fixa queste voci

C:\WINDOWS\sndman.exe
C:\WINDOWS\timer.exe ----> questa è la bestia
O4 - HKLM\..\Run: [firewall] C:\WINDOWS\timer.exe /i
O4 - HKLM\..\Run: [SoundMan] C:\WINDOWS\sndman.exe -i
O4 - HKCU\..\Run: [BackupNotify] C:\Programmi\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Programmi\Le Robert\Le Petit Robert\prhyper.exe
O4 - Startup: WKCALREM.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=htt*://[www].hp[.com]
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - htt*://[www]3.ca[.com]/securityadvisor/virusinfo/webscan .cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - htt*://acs.pandasoftware[.com]/activescan/as5free/asinst .cab
O20 - Winlogon Notify: -cszotzqf - C:\WINDOWS\system32\jiampo.dll
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe

Lancia regedit e cerca in queste chiavi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunEx
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
cliccando sulla chiave nel pannello di Sx guarda se nel pannello di Dx trovi timer.exe se lo trovi sempre nel pannello di Dx fai clik col tasto Dx sulla stringa e ti compare un menù scegli Elimina e dai Invio
esci da regedit
Vai su esegui e digita cmd e premi invio
Nella finestra che ti compare (è tutta nera) digita cd\ e invio
dopo digita cd windows e invio
digita del timer.exe (se ti dice file non trovato meglio)
Svuota il cestino, i cookies e i file temporanei.
Riavvia

Lancia una scansione con bitdefender
lancia un'altra scansione con spyboot
lancia regseeker per pulire il regedit.
fatto questo posta un'altro log di HJK.

steve22
New Member

46 Messaggi

Inserito il - 20/11/2005 : 12:55:25

Ho fatto quel che mi hai detto, ed ecco il nuovo log! Grazie mille, davvero!

Logfile of HijackThis v1.99.1
Scan saved at 12.53.00, on 20/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmi\dvd43\dvd43_tray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\timed.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\timed.exe
C:\Documents and Settings\steve\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://[www].hp[.com]/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt*://[www].hp[.com]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [dvd43] C:\Programmi\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AutoTBar] WINDOWS\System32\Wbem;C:\Programmi\File comuni\Autodesk Shared\AUTOTBAR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WKCALREM.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O20 - Winlogon Notify: -cszotzqf - C:\WINDOWS\system32\jiampo.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Er-Gladiatore
Advanced Member

Città: Roma

2540 Messaggi

Inserito il - 20/11/2005 : 13:54:19

Scaricati RegSeeker e fai una pulizia generale.

Poi sulla sezione Avvio Automatico elimina le cose inutili.

Scaricalo da qui: htt*://[www].pianetapc.it/downloads.php?id=96

n/a
deleted

Città: eh eh ti piacerebbe saperlo

2419 Messaggi

Inserito il - 20/11/2005 : 14:06:03

ci sono ancora troppi programmi che vanno per niente a mio avviso.......

O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [dvd43] C:\Programmi\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AutoTBar] WINDOWS\System32\Wbem;C:\Programmi\File comuni\Autodesk Shared\AUTOTBAR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

sono troppi e sopratutto il messenger va in background..perciò impediscilo o eliminalo .....
prendi un programma che ti aiuti a sbarazzarti delle cose inutili che hai nell'avvio automatico....non mi ricordo + se regseeker lo può fare..se si fallo con lui..
se no fallo con ccleaner o regcleaner..

ciaoooo

n/a
deleted

1470 Messaggi

Inserito il - 20/11/2005 : 14:15:56

Adesso il log è pulito

però è meglio dare una ripulita definitiva di tutti i processi inutili.

Vai in Start - Esegui e digita msconfig e batti invio
vedi se nella lingueta Avvio trovi queste voci

C:\Programmi\Apoint2K\Apoint.exe (questo servirebbe se hai un laptop)
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe (x laptop)
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmi\dvd43\dvd43_tray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe (x l'autoupdate di rela time)
C:\Programmi\iTunes\iTunesHelper.exe (superfluo e pericoloso)
C:\Programmi\QuickTime\qttask.exe (superfluo)
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe (superfluo)
C:\WINDOWS\timed.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\timed.exe

se le trovi togli la spunta ed esci da msconfig

riavvia in provisoria e lancia il prompt del dos cerca nelle varie cartelle i file che ti ho elencato sopra
e una volta nella cartella li cancelli.
(es. cd\ invio cd programmi invio cd Apoint2K invio del Apoint.exe e invio) da questa riga
cambia il percorso e il nome del file e cancellali tutti.

lancia ora HJK e fixa queste voci

O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [dvd43] C:\Programmi\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AutoTBar] WINDOWS\System32\Wbem;C:\Programmi\File comuni\Autodesk Shared\AUTOTBAR.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: WKCALREM.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O20 - Winlogon Notify: -cszotzqf - C:\WINDOWS\system32\jiampo.dll
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe

sono tutte voci inutili e non pericolose.
riavvia il sistema

non hai nessun AV e FW devi scaricare questi prog. e installarli

RegSeeker htt*://[www].pianetapc.it/downloads.php?id=96
Ad-aware SE htt*://[www].pianetapc.it/downloads.php?id=15
BitDefender 7.2 htt*://download.vnunet.it/download/anti-virus/bitdefender+free+edition/_445.html
SpyBot S&D htt*://[www].pianetapc.it/downloads.php?id=17
SpywareBlaster htt*://[www].pianetapc.it/downloads.php?id=24
Outpost 1.0 htt*://[www].pianetapc.it/downloads.php?id=25

Una volta installati e aggiornati fai una scansione con bitdefender e poi con Spyboot

dopo lancia regseeker e fai una pulizia del registro.

Mi raccomando installa AV e FW.

Pagina: di 2

Discussione

Pagina Successiva

Forum Bloccato

Versione Stampabile

Aggiungi Segnalibro

Vai a:

NoTrace Security Forum

Pagina generata in 0,33 secondi.

TargatoNA | SuperDeeJay | Snitz Forums 2000