| Autore |
 Discussione  |
|
|
papillon
Advanced Member
368 Messaggi |
 Inserito il - 27/01/2006 : 18:21:23
|
Qualcuno potrebbe controllare il mio log di hijack??
avevo alcuni problemi di rallentamento che ora paiono risolti..ma dato che sono le prime volte che tento di fare da me...un controllo da parte vostra (che tra l'altro siete coloro che mi hanno aiutato maestralmente a capire qualcosa di hijack)sarebbe cosa utile e gradita...
Mi rimane un dubbio su questa voce
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
non so se può essere riferita ai drivers della stampante Epson.. o cosa??
Inoltre ...ma non so se ha attinenza ..ho problemi a ricevere le e-mail.
uso Incredimail e il problema si presenta solo oggi..forse domani sarà risolto da solo dato che fino a ieri tutto era a posto..
Grazie
Logfile of HijackThis v1.99.1
Scan saved at 17.48.50, on 27/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Documents and Settings\Personal Computer\Documenti\Varie\pulizia PC\Hijack. exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htt*://[www].google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://[www].google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htt*://[www].google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://[www].google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Mauro e Carla
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O5 "LPT1:" /M "Stylus C66"
O4 - HKLM\..\Run: [SoundMax] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - htt*://messenger.zone.msn[.com]/binary/msgrchkr .cab31267 .cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - htt*://go.microsoft[.com]/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - htt*://messenger.zone.msn[.com]/binary/MessengerStatsClient .cab31267 .cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - htt*s://[www]-secure.symantec[.com]/techsupp/asa/ctrl/SymAData .cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD163FFB-935F-401B-BAFB-D0EE5513EB52}: NameServer = 212.216.172.62,212.216.112.112
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - (no file)
|
|
|
Er-Gladiatore
Advanced Member
Città: Roma
2540 Messaggi |
Inserito il - 27/01/2006 : 20:35:51
|
Comincio col dirti che il Log di Hijackthis non deve più essere postato direttamente sul forum,infatti l'admin ha introdotto una nuova regola,quindi faresti un piacere a tutti se modificassi il tuo Post ripostando il Log nella maniera alternativa 
Ok ok ora è meglio passare al tuo Log,non ha nessun virus ma qualche cosa inutile e superflua c'è:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htt*://[www].google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htt*://[www].google.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Mauro e Carla
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 <--- Se NON ti connetti ad internet con un server Proxy fixa questa voce
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash <--- Superfluo
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - htt*://messenger.zone.msn[.com]/binary/msgrchkr .cab31267 .cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - htt*://go.microsoft[.com]/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - htt*://messenger.zone.msn[.com]/binary/MessengerStatsClient .cab31267 .cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - htt*s://[www]-secure.symantec[.com]/techsupp/asa/ctrl/SymAData .cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - (no file)
la voce 06 fixala solamente se:
"""Cancellate quest'oggetto se non avete attivato l'opzione 'Impedisci modifiche alla home page del browser' ('Lock homepage from changes') presente in alcuni software anti-spyware."""
Fammi sapere come và.... |
 |
|
| |
Discussione |
|
|
|
controllo log hijack
Forum Bloccato
