| Autore |
 Discussione  |
|
|
mrcdfl80
New Member
Città: avellino
43 Messaggi |
 Inserito il - 20/09/2008 : 14:04:04
|
ho almeno sei CSRSS.EXE nel task manager e almeno tre SERVICE.EXE
come risolvo???
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 20/09/2008 : 14:06:50
|
ciao
scarica htt*://[www].trendsecure[.com]/portal/en-US/threat_analytics/hijackthis.php#
Una volta scaricato l'eseguibile, posizionalo in una sua cartella specifica, che avrai creato in precedenza, ad esempio in C:\Programmi. Questo perché se non ha una sua cartella dedicata, non riesce a creare un backup delle voci rimosse prima di effettuare la pulizia.
Ora lancia il programma cliccando l’eseguibile e avvia la scansione, scegliendo la voce "Do a system scan and save a logfile"
Posta il file di testo che ti rilascia
Fatto questo, vai su questo sito:
htt*://[www].kaspersky[.com]/virusscanner
clicca su "kaspersky online scanner"
clicca su "accept"
--- verrà eseguito il download dei componenti necessari alla scansione
quando è terminato clicca su "my computer" (finestra a sinistra)
avvia la scansione
--- da questo punto in poi, puoi anche disconnettere il pc da internet
quando finisce la scansione, salva e posta il rapporto.
|
 |
|
|
mrcdfl80
New Member
Città: avellino
43 Messaggi |
Inserito il - 20/09/2008 : 14:18:34
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.17.48, on 20/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\CSRSS.exe
C:\WINDOWS\system\CSRSS.exe
C:\WINDOWS\help\CSRSS.exe
C:\WINDOWS\security\CSRSS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\SERVICES.EXE
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\SWiSH Studio2\burner\nmsaccessu.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
E:\CSRSS.exe
E:\SERVICES.EXE
C:\Programmi\Internet Explorer\iexplore.exe
E:\CSRSS.exe
E:\SERVICES.EXE
C:\Documents and Settings\marco\Desktop\csrss\HiJackThis.exe
|
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 20/09/2008 : 14:22:15
|
devi postare il log intero
qui manca quasi tutto |
|
|
|
mrcdfl80
New Member
Città: avellino
43 Messaggi |
Inserito il - 20/09/2008 : 14:26:04
|
non posso accept il kaspersky avendo già un altro programma antivirus attivo
che faccio cancello il nod 32 che ho, lo sospendo oppure lo disinstallo? |
|
|
|
mrcdfl80
New Member
Città: avellino
43 Messaggi |
Inserito il - 20/09/2008 : 14:27:24
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.17.48, on 20/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\CSRSS.exe
C:\WINDOWS\system\CSRSS.exe
C:\WINDOWS\help\CSRSS.exe
C:\WINDOWS\security\CSRSS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\SERVICES.EXE
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\SWiSH Studio2\burner\nmsaccessu.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
E:\CSRSS.exe
E:\SERVICES.EXE
C:\Programmi\Internet Explorer\iexplore.exe
E:\CSRSS.exe
E:\SERVICES.EXE
C:\Documents and Settings\marco\Desktop\csrss\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programmi\TextAloud\TAForIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] C:\Programmi\lg_fwupdate\fwupdate.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] C:\Programmi\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Script di Sistema] C:\WINDOWS\CSRSS.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\CSRSS.exe
O4 - HKLM\..\Run: [Host Info] C:\WINDOWS\system\CSRSS.exe
O4 - HKLM\..\Run: [Help] C:\WINDOWS\help\CSRSS.exe
O4 - HKLM\..\Run: [Discovery] C:\WINDOWS\security\CSRSS.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\CSRSS.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NewsAloud] C:\Programmi\NewsAloud\NewsAloud.exe -auto
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Motore SolidWorks Task Scheduler.lnk = C:\Programmi\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Watch.lnk = C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - htt*://[www].update.microsoft[.com]/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site .cab?1219436233437
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - htt*://[www].piuvallitv[.com]/SOPCORE .cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\SWiSH Studio2\burner\nmsaccessu.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 8622 bytes
|
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 20/09/2008 : 14:35:57
|
il percorso legittimo di CSRSS.exe e'
C:\WINDOWS\System32 quindi devi eliminarlo
scarica Avenger da qui
htt*://swandog46.geekstogo[.com]/avenger.zip
lo installi e lo lanci
Copi e incolli nella finestra: "Input script here" il testo in rosso così come lo vedi scritto:
files to delete:
C:\WINDOWS\CSRSS.exe
C:\WINDOWS\system\CSRSS.exe
C:\WINDOWS\help\CSRSS.exe
C:\WINDOWS\security\CSRSS.exe
E:\CSRSS.exe
Spunta "Automatically disable any rootkits found"
clicca sul pulsante "Execute"
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente
posta il log di avenger che trovi in c:\
Per ora fai questo>>>appena finito continuiamo con l'altro
Appena finito, posta un nuovo log di hjt e il responso di kaspersky
non devi togliere il tuo antivirus per la scansione online con kaspersky
|
Modificato da - shang in data 20/09/2008 14:38:42 |
|
|
|
mrcdfl80
New Member
Città: avellino
43 Messaggi |
Inserito il - 20/09/2008 : 14:58:29
|
Logfile of The Avenger Version 2.0, (c) by Swandog46
htt*://swandog46.geekstogo[.com]
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\CSRSS.exe" deleted successfully.
File "C:\WINDOWS\system\CSRSS.exe" deleted successfully.
File "C:\WINDOWS\help\CSRSS.exe" deleted successfully.
File "C:\WINDOWS\security\CSRSS.exe" deleted successfully.
File "E:\CSRSS.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
|
|
|
|
mrcdfl80
New Member
Città: avellino
43 Messaggi |
Inserito il - 20/09/2008 : 15:00:10
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.59.22, on 20/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\lg_fwupdate\fwupdate.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\SWiSH Studio2\burner\nmsaccessu.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\marco\Desktop\csrss\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programmi\TextAloud\TAForIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] C:\Programmi\lg_fwupdate\fwupdate.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] C:\Programmi\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Script di Sistema] C:\WINDOWS\CSRSS.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\CSRSS.exe
O4 - HKLM\..\Run: [Host Info] C:\WINDOWS\system\CSRSS.exe
O4 - HKLM\..\Run: [Help] C:\WINDOWS\help\CSRSS.exe
O4 - HKLM\..\Run: [Discovery] C:\WINDOWS\security\CSRSS.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\CSRSS.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NewsAloud] C:\Programmi\NewsAloud\NewsAloud.exe -auto
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Motore SolidWorks Task Scheduler.lnk = C:\Programmi\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Watch.lnk = C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - htt*://[www].update.microsoft[.com]/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site .cab?1219436233437
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - htt*://[www].piuvallitv[.com]/SOPCORE .cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\SWiSH Studio2\burner\nmsaccessu.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 8834 bytes
|
|
|
|
anghelvs
Advanced Member
.jpg)
Città: Crotone\Cosenza
1678 Messaggi |
Inserito il - 20/09/2008 : 15:02:51
|
mrcdfl80 cortesemente posta i log seguendo il regolamento del forum....
htt*://[www].notrace.it/forum2/regolamento.asp |
Modificato da - anghelvs in data 20/09/2008 15:05:49 |
|
|
|
mrcdfl80
New Member
Città: avellino
43 Messaggi |
Inserito il - 20/09/2008 : 15:21:03
|
shang mi ha mollato
sapresti darmi una mano tu anghelvs?? |
|
|
|
anghelvs
Advanced Member
Città: Crotone\Cosenza
1678 Messaggi |
Inserito il - 20/09/2008 : 15:36:28
|
Nel log sono presenti ancora voci da Fixare,quindi attendi il ritorno di Shang e segui quello che ti dice di fare..
Cmq non disattivare il tuo antivirus!Per fare le scansioni on-line non serve farlo.. |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 20/09/2008 : 16:11:34
|
apri hijackthis , spunta queste voci e premi FIX CHECKED
O4 - HKLM\..\Run: [Script di Sistema] C:\WINDOWS\CSRSS.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\CSRSS.exe
O4 - HKLM\..\Run: [Host Info] C:\WINDOWS\system\CSRSS.exe
O4 - HKLM\..\Run: [Help] C:\WINDOWS\help\CSRSS.exe
O4 - HKLM\..\Run: [Internet] C:\WINDOWS\system32\CSRSS.exe
HKLM\..\Run: [Discovery] C:\WINDOWS\security\CSRSS.exe
GRAZIE PER L'ASSISTENZA anghelvs  |
Modificato da - shang in data 20/09/2008 16:46:39 |
|
|
| |
Discussione |
|
CSRSS E SERVICE
Forum Bloccato
