Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

controllo computer

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

controllo computer

Messaggioda lollo40 » mar giu 12, 2012 3:24 pm

salve, ieri stavo facendo un controllo al computer quando il temporale ha fatto saltare tutto.avevo già fatto la scansione con avira e c'era in funzione malwarebytes(credo non sia stata completa). vi mando la scansione di hijacthis, potete controllarla? vi ringrazio

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.00.56, on 12/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\sistray.EXE
C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\LClock\LClock.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe
C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe
C:\Programmi\Web Assistant\ExtensionUpdaterService.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb165?a=6R8vMp1DoQ&i=26
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programmi\IEPro\iepro.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programmi\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll (file missing)
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programmi\Web Assistant\Extension32.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programmi\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\IEPro\IEProRecorder.dll
O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programmi\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [LClock] C:\Programmi\LClock\LClock.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: glass2k.exe.lnk = C:\Programmi\Glass2k\Glass2k.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: glass2k.exe.lnk = C:\Programmi\Glass2k\Glass2k.exe (User 'Default user')
O4 - .DEFAULT User Startup: glass2k.exe.lnk = C:\Programmi\Glass2k\Glass2k.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programmi\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programmi\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IEPro\iepro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted IP range: http://82.48.162.158
O15 - ESC Trusted IP range: http://82.48.162.158
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Programmi/Escape%20Rosecliff%20Island/Images/stg_drm.ocx
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} (CPlayFirstDreamChronControl Object) - http://www.shockwave.com/content/dreamc ... 0.0.13.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{981F78FF-E14F-4604-8077-AB4B5776AA20}: NameServer = 85.37.17.6 85.38.28.89
O17 - HKLM\System\CS4\Services\Tcpip\..\{1510208D-CD37-404D-892D-3F671FBB1E3D}: NameServer = 85.37.17.6 85.38.28.89
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Programmi\Web Assistant\ExtensionUpdaterService.exe

--
End of file - 10552 bytes


scusate, ma non sono riuscita a metterlo in memo
Avatar utente
lollo40
Senior Member
Senior Member
 
Messaggi: 204
Iscritto il: lun mar 26, 2007 1:33 am
Top

Re: controllo computer

Messaggioda crazy.cat » mar giu 12, 2012 3:42 pm

E' meglio se rifai una scansione di malwarebytes, però quella completa. Poi riposta il log di hiajackthis.

Conosci questi ip?
O15 - Trusted IP range: http://82.48.162.158
O15 - ESC Trusted IP range: http://82.48.162.158
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Re: controllo computer

Messaggioda lollo40 » mar giu 12, 2012 4:02 pm

crazy.cat ha scritto:E' meglio se rifai una scansione di malwarebytes, però quella completa. Poi riposta il log di hiajackthis.

Conosci questi ip?
O15 - Trusted IP range: http://82.48.162.158
O15 - ESC Trusted IP range: http://82.48.162.158

grazie crazy.cat e no non conosco questi ip.
Avatar utente
lollo40
Senior Member
Senior Member
 
Messaggi: 204
Iscritto il: lun mar 26, 2007 1:33 am
Top
Top

Re: controllo computer

Messaggioda lollo40 » mer giu 13, 2012 4:16 pm

ciao crazy, un po' in ritardo ti mando la scansione di hijackthis. grazie

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17.05.25, on 13/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Web Assistant\ExtensionUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\sistray.EXE
C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\LClock\LClock.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe
C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb165?a=6R8vMp1DoQ&i=26
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programmi\IEPro\iepro.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programmi\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll (file missing)
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programmi\Web Assistant\Extension32.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programmi\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\IEPro\IEProRecorder.dll
O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programmi\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [LClock] C:\Programmi\LClock\LClock.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: glass2k.exe.lnk = C:\Programmi\Glass2k\Glass2k.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: glass2k.exe.lnk = C:\Programmi\Glass2k\Glass2k.exe (User 'Default user')
O4 - .DEFAULT User Startup: glass2k.exe.lnk = C:\Programmi\Glass2k\Glass2k.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programmi\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programmi\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IEPro\iepro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted IP range: http://82.48.162.158
O15 - ESC Trusted IP range: http://82.48.162.158
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Programmi/Escape%20Rosecliff%20Island/Images/stg_drm.ocx
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} (CPlayFirstDreamChronControl Object) - http://www.shockwave.com/content/dreamc ... 0.0.13.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{981F78FF-E14F-4604-8077-AB4B5776AA20}: NameServer = 85.37.17.6 85.38.28.89
O17 - HKLM\System\CS4\Services\Tcpip\..\{1510208D-CD37-404D-892D-3F671FBB1E3D}: NameServer = 85.37.17.6 85.38.28.89
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Programmi\Web Assistant\ExtensionUpdaterService.exe

--
End of file - 10426 bytes
Avatar utente
lollo40
Senior Member
Senior Member
 
Messaggi: 204
Iscritto il: lun mar 26, 2007 1:33 am
Top

Re: controllo computer

Messaggioda crazy.cat » mer giu 13, 2012 6:31 pm

Controlla questi due file sul sito http://www.virustotal.com e falli analizzare.
C:\Programmi\Web Assistant\ExtensionUpdaterService.exe
C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe

Rimuovere con Hijackthis, alcune righe sono dubbie.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb165?a=6R8vMp1DoQ&i=26
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll (file missing)
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programmi\Web Assistant\Extension32.dll
(FORSE DA ELIMINARE A SECONDA DEL RISULTATO DELL'ANALISI DEL PRIMO FILE)
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programmi\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll (file missing)
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programmi\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe" (FORSE DA ELIMINARE A SECONDA DEL RISULTATO DELL'ANALISI DEL secondo FILE)
O15 - Trusted IP range: http://82.48.162.158
O15 - ESC Trusted IP range: http://82.48.162.158
O23 - Service: Web Assistant Updater - Unknown owner - C:\Programmi\Web Assistant\ExtensionUpdaterService.exe
(FORSE DA ELIMINARE A SECONDA DEL RISULTATO DELL'ANALISI DEL PRIMO FILE)

Incredibar e Webassistant potrebbero essere nellal ista delle applicazioni installate, rimuovile da li come prima cosa se le trovi.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Re: controllo computer

Messaggioda lollo40 » mer giu 13, 2012 8:46 pm

ciao crazy, ti mando i risultati dei due controlli con virustotal

SHA256: 554da03701af3e5b1e8803e208ba9b8fc13b5f56ac627a34c3d367e20d5176ff
File name: netsession_win.exe
Detection ratio: 0 / 42
Analysis date: 2012-06-13 19:31:59 UTC ( 2 minuti ago )
0
3


SHA256: 46b31853777d80b36c20e87d154fbabc2320b6ed2dabdfaffaff083a8bdc892a
File name: ExtensionUpdaterService.exe
Detection ratio: 0 / 42
Analysis date: 2012-06-11 22:35:08 UTC ( 1 giorno, 21 ore ago )
0
0

la lista che mi hai dato la elimino solo con hijackthis? grazie
Avatar utente
lollo40
Senior Member
Senior Member
 
Messaggi: 204
Iscritto il: lun mar 26, 2007 1:33 am
Top

Re: controllo computer

Messaggioda GERONIMO* » gio giu 14, 2012 1:25 pm

per maggiori informazioni..
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe"
http://translate.google.it/translate?hl ... md%3Dimvns
[8D]
Avatar utente
GERONIMO*
Bronze Member
Bronze Member
 
Messaggi: 931
Iscritto il: lun apr 23, 2012 11:30 pm
Top

Re: controllo computer

Messaggioda lollo40 » gio giu 14, 2012 9:17 pm

GERONIMO* ha scritto:per maggiori informazioni..
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe"
http://translate.google.it/translate?hl ... md%3Dimvns
[8D]

vuoi scusarmi, geronimo? io non ci capisco un'acca. ho guardato ma non so a cosa si riferisce nel mio pc sto' benedetto akamai.
posso cancellare quello che mi ha detto crazy con hijackthis? grazie
Avatar utente
lollo40
Senior Member
Senior Member
 
Messaggi: 204
Iscritto il: lun mar 26, 2007 1:33 am
Top

Re: controllo computer

Messaggioda GERONIMO* » gio giu 14, 2012 9:25 pm

e indifferente,c'è chi lo da ok e chi no
ma essendo in avvio automatico,si può disabilitare se vuoi
ma il pc che problemi ti da?
Avatar utente
GERONIMO*
Bronze Member
Bronze Member
 
Messaggi: 931
Iscritto il: lun apr 23, 2012 11:30 pm
Top

Re: controllo computer

Messaggioda lollo40 » sab giu 16, 2012 8:01 pm

ciao geronimo, scusa ma sono stata assente. il pc non mi da nessun problema, solo avevo fatto una pulizia interrotta durante un temporale. ho fatto quanto mi ha suggerito crazy, però non so come cancellare con hjiackthis quello che mi ha detto crazy e cioè:

SHA256: 554da03701af3e5b1e8803e208ba9b8fc13b5f56ac627a34c3d367e20d5176ff
File name: netsession_win.exe
Detection ratio: 0 / 42
Analysis date: 2012-06-13 19:31:59 UTC ( 2 minuti ago )
0
3


SHA256: 46b31853777d80b36c20e87d154fbabc2320b6ed2dabdfaffaff083a8bdc892a
File name: ExtensionUpdaterService.exe
Detection ratio: 0 / 42
Analysis date: 2012-06-11 22:35:08 UTC ( 1 giorno, 21 ore ago )
0
0

Controlla questi due file sul sito http://www.virustotal.com e falli analizzare.
C:\Programmi\Web Assistant\ExtensionUpdaterService.exe
C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe

Rimuovere con Hijackthis, alcune righe sono dubbie.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb165?a=6R8vMp1DoQ&i=26
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll (file missing)
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programmi\Web Assistant\Extension32.dll
(FORSE DA ELIMINARE A SECONDA DEL RISULTATO DELL'ANALISI DEL PRIMO FILE)
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programmi\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll (file missing)
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programmi\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe" (FORSE DA ELIMINARE A SECONDA DEL RISULTATO DELL'ANALISI DEL secondo FILE)
O15 - Trusted IP range: http://82.48.162.158
O15 - ESC Trusted IP range: http://82.48.162.158
O23 - Service: Web Assistant Updater - Unknown owner - C:\Programmi\Web Assistant\ExtensionUpdaterService.exe
(FORSE DA ELIMINARE A SECONDA DEL RISULTATO DELL'ANALISI DEL PRIMO FILE)
Avatar utente
lollo40
Senior Member
Senior Member
 
Messaggi: 204
Iscritto il: lun mar 26, 2007 1:33 am
Top

Re: controllo computer

Messaggioda Uomo_Senza_Sonno » sab giu 16, 2012 8:05 pm

Akamai è un gestore download, lo puoi disabilitare dall'avvio senza problemi [^]
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it
Top

Re: controllo computer

Messaggioda GERONIMO* » sab giu 16, 2012 8:50 pm

devi aprire hijackthis poi clicchi su Do a system scan only
metti il segno di spunta sulle voci che ti ha detto crazy.cat
e clicchi su Fix checked
Se vengono rilasciati Avvisi\messaggi clicca su Si

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb165?a=6R8vMp1DoQ&i=26
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll (file missing)
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programmi\Web Assistant\Extension32.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programmi\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll (file missing)
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programmi\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Grishnackh\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe"
O15 - Trusted IP range: http://82.48.162.158
O15 - ESC Trusted IP range: http://82.48.162.158
O23 - Service: Web Assistant Updater - Unknown owner - C:\Programmi\Web Assistant\ExtensionUpdaterService.exe
Avatar utente
GERONIMO*
Bronze Member
Bronze Member
 
Messaggi: 931
Iscritto il: lun apr 23, 2012 11:30 pm
Top

Re: controllo computer

Messaggioda lollo40 » sab giu 16, 2012 10:24 pm

grazie a tutti.
Avatar utente
lollo40
Senior Member
Senior Member
 
Messaggi: 204
Iscritto il: lun mar 26, 2007 1:33 am
Top

Re: controllo computer

Messaggioda GERONIMO* » dom giu 17, 2012 2:27 pm

[ciao]
Avatar utente
GERONIMO*
Bronze Member
Bronze Member
 
Messaggi: 931
Iscritto il: lun apr 23, 2012 11:30 pm
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 0 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising