Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

WINLOGON.EXE che posso fare ragazzi mi date una mano??

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

WINLOGON.EXE che posso fare ragazzi mi date una mano??

Messaggioda vmanetworking » ven nov 23, 2007 3:50 pm

Ho più di un processo winlogon.exe attivo quindi il 100% della CPU. Per favore mi date una mano??
Grazie mille.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:00, on 23/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\Programmi\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Navision Attain\Database Server\SERVER.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\spnsrvnt.exe
C:\WINNT\system32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\system32\msdtc.exe
C:\Programmi\File comuni\System\MSSearch\Bin\mssearch.exe
C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
C:\Programmi\McAfee\ProtectionPilot\1.1.1\srvmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\winlogon.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\mdm.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://channel21.int.rit.gm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://intouch.rit.gm.com;http://www.g ... com/;https:\\www.csipac.com;https://portal.opel-vis.de/standard/login.do
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\AntiSpyware Enterprise\scriptproxy.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON-OFFICINA] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P14 "EPSON-OFFICINA" /O24 "\\10.50.131.232\epsonoff" /M "Stylus DX3800"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKUS\S-1-5-21-1202660629-2146441571-839522115-1110\..\Run: [internat.exe] internat.exe (User 'srvac-sql2000')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\rnr20.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5751559460
O16 - DPF: {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} (WebClientLoader Control) - https://southern.gmbpi.com/MetisWebClie ... Loader.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/ssl/inquiero/ ... 118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C78A07-BA16-4E3F-8540-F3B568A14A18}: NameServer = 151.99.125.2,212.131.30.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domit0012.gl
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Server (NAIMSERV350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
O23 - Service: Navision Attain Database Server SERVERNAV (SERVERNAV) - Navision a/s - C:\Programmi\Navision Attain\Database Server\SERVER.exe
O23 - Service: SuperProServer - Rainbow Technologies - C:\WINNT\system32\spnsrvnt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7366 bytes
MonsterS4RS
Avatar utente
vmanetworking
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: lun nov 19, 2007 2:12 pm

Messaggioda RaFFoLo » ven nov 23, 2007 4:02 pm

Virus ?? Worm ??

Scansionato con Avast! e Spybot Search & Destroy ???
Powered by AMD Athlon II X2 3 Ghz | Geforce 8300 | 2 gb DDR-2 1000 Mhz | 300 Gb ATA-100 | Via HD Audio | Windows Seven x64 / OpenSUSE 11
Avatar utente
RaFFoLo
Silver Member
Silver Member
 
Messaggi: 1144
Iscritto il: dom ago 19, 2007 3:16 pm
Località: "(Un)eXPerienced Land"

Re: WINLOGON.EXE che posso fare ragazzi mi date una mano??

Messaggioda crazy.cat » ven nov 23, 2007 4:10 pm

direi che si vedono un paio di problemi.
Cancella il file che ti ho indicato in rosso, poi usando lspfix
http://cexx.org/lspfix.htm
rimuovi le voci non valide viste nel 010.

vmanetworking ha scritto:C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\rnr20.dll' missing
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


per il momento grazie..

Messaggioda vmanetworking » ven nov 23, 2007 5:15 pm

volevo ringraziarvi per l'aiuto contunerò dommatina provando a sistemare il mio server.
Ciao
MonsterS4RS
Avatar utente
vmanetworking
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: lun nov 19, 2007 2:12 pm

Problemi nel cancellare l'eseguibile smss.exe con LSP-Fix

Messaggioda vmanetworking » sab nov 24, 2007 11:36 am

Aiutatemi..sono disperato.
Grazie
MonsterS4RS
Avatar utente
vmanetworking
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: lun nov 19, 2007 2:12 pm

Messaggioda ste_95 » sab nov 24, 2007 11:41 am

posta un nuovo log di hijackthis...
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Log di HijackThis.

Messaggioda vmanetworking » sab nov 24, 2007 11:47 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:14, on 24/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://channel21.int.rit.gm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://intouch.rit.gm.com;http://www.g ... com/;https:\\www.csipac.com;https://portal.opel-vis.de/standard/login.do
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\AntiSpyware Enterprise\scriptproxy.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON-OFFICINA] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P14 "EPSON-OFFICINA" /O24 "\\10.50.131.232\epsonoff" /M "Stylus DX3800"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\msafd.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5751559460
O16 - DPF: {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} (WebClientLoader Control) - https://southern.gmbpi.com/MetisWebClie ... Loader.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/ssl/inquiero/ ... 118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C78A07-BA16-4E3F-8540-F3B568A14A18}: NameServer = 151.99.125.2,151.99.125.3,212.131.30.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domit0012.gl
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Server (NAIMSERV350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
O23 - Service: Navision Attain Database Server SERVERNAV (SERVERNAV) - Navision a/s - C:\Programmi\Navision Attain\Database Server\SERVER.exe
O23 - Service: SuperProServer - Rainbow Technologies - C:\WINNT\system32\spnsrvnt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 5672 bytes
ver.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Server (NAIMSERV350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
O23 - Service: Navision Attain Database Server SERVERNAV (SERVERNAV) - Navision a/s - C:\Programmi\Navision Attain\Database Server\SERVER.exe
O23 - Service: SuperProServer - Rainbow Technologies - C:\WINNT\system32\spnsrvnt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7366 bytes

Grazie
MonsterS4RS
Avatar utente
vmanetworking
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: lun nov 19, 2007 2:12 pm

Messaggioda ste_95 » sab nov 24, 2007 11:51 am

i logs di hijackthis vanno fatti in modalità normale...rifallo perpiacere,... [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Log di

Messaggioda vmanetworking » sab nov 24, 2007 12:23 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:34, on 24/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\Programmi\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\spnsrvnt.exe
C:\WINNT\system32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\System\MSSearch\Bin\mssearch.exe
C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINNT\system32\cmd.exe
C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://channel21.int.rit.gm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://intouch.rit.gm.com;http://www.g ... com/;https:\\www.csipac.com;https://portal.opel-vis.de/standard/login.do
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\AntiSpyware Enterprise\scriptproxy.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON-OFFICINA] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P14 "EPSON-OFFICINA" /O24 "\\10.50.131.232\epsonoff" /M "Stylus DX3800"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKUS\S-1-5-21-1202660629-2146441571-839522115-1110\..\Run: [internat.exe] internat.exe (User 'srvac-sql2000')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5751559460
O16 - DPF: {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} (WebClientLoader Control) - https://southern.gmbpi.com/MetisWebClie ... Loader.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/ssl/inquiero/ ... 118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C78A07-BA16-4E3F-8540-F3B568A14A18}: NameServer = 151.99.125.2,151.99.125.3,212.131.30.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domit0012.gl
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Server (NAIMSERV350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
O23 - Service: Navision Attain Database Server SERVERNAV (SERVERNAV) - Navision a/s - C:\Programmi\Navision Attain\Database Server\SERVER.exe
O23 - Service: SuperProServer - Rainbow Technologies - C:\WINNT\system32\spnsrvnt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7146 bytes
Ho il server completamente bloccato..cpu oltre il 100%..
MonsterS4RS
Avatar utente
vmanetworking
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: lun nov 19, 2007 2:12 pm

Messaggioda ste_95 » sab nov 24, 2007 12:27 pm

fixa queste:

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domit0012.gl
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

..fixate le stringhe che mi hai detto

Messaggioda vmanetworking » sab nov 24, 2007 12:38 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:34, on 24/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\Programmi\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\spnsrvnt.exe
C:\WINNT\system32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\System\MSSearch\Bin\mssearch.exe
C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINNT\system32\cmd.exe
C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://channel21.int.rit.gm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://intouch.rit.gm.com;http://www.g ... com/;https:\\www.csipac.com;https://portal.opel-vis.de/standard/login.do
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\AntiSpyware Enterprise\scriptproxy.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON-OFFICINA] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P14 "EPSON-OFFICINA" /O24 "\\10.50.131.232\epsonoff" /M "Stylus DX3800"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKUS\S-1-5-21-1202660629-2146441571-839522115-1110\..\Run: [internat.exe] internat.exe (User 'srvac-sql2000')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5751559460
O16 - DPF: {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} (WebClientLoader Control) - https://southern.gmbpi.com/MetisWebClie ... Loader.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/ssl/inquiero/ ... 118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C78A07-BA16-4E3F-8540-F3B568A14A18}: NameServer = 151.99.125.2,151.99.125.3,212.131.30.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domit0012.gl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domit0012.gl
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Server (NAIMSERV350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
O23 - Service: Navision Attain Database Server SERVERNAV (SERVERNAV) - Navision a/s - C:\Programmi\Navision Attain\Database Server\SERVER.exe
O23 - Service: SuperProServer - Rainbow Technologies - C:\WINNT\system32\spnsrvnt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7146 bytes

Non riesco ad uscire ancora su internet..
Ti prego aiutami.
Grazie
MonsterS4RS
Avatar utente
vmanetworking
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: lun nov 19, 2007 2:12 pm

Messaggioda ste_95 » sab nov 24, 2007 12:39 pm

le voci sono ancora lì...prova a fixarle in modalità provvisoria...
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

fix cancellate..

Messaggioda vmanetworking » sab nov 24, 2007 12:46 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:32, on 24/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\tcpsvcs.exe
C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\Programmi\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\System\MSSearch\Bin\mssearch.exe
C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe
C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\taskmgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://channel21.int.rit.gm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://intouch.rit.gm.com;http://www.g ... com/;https:\\www.csipac.com;https://portal.opel-vis.de/standard/login.do
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\AntiSpyware Enterprise\scriptproxy.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON-OFFICINA] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P14 "EPSON-OFFICINA" /O24 "\\10.50.131.232\epsonoff" /M "Stylus DX3800"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\File comuni\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Programmi\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKUS\S-1-5-21-1202660629-2146441571-839522115-1110\..\Run: [internat.exe] internat.exe (User 'srvac-sql2000')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5751559460
O16 - DPF: {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} (WebClientLoader Control) - https://southern.gmbpi.com/MetisWebClie ... Loader.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/ssl/inquiero/ ... 118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C78A07-BA16-4E3F-8540-F3B568A14A18}: NameServer = 151.99.125.2,151.99.125.3,212.131.30.42
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\EVENTPARSER.EXE
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\File comuni\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: McAfee ProtectionPilot 1.1.1 Server (NAIMSERV350) - Network Associates, Inc. - C:\Programmi\McAfee\ProtectionPilot\1.1.1\NAIMSERV.EXE
O23 - Service: Navision Attain Database Server SERVERNAV (SERVERNAV) - Navision a/s - C:\Programmi\Navision Attain\Database Server\SERVER.exe
O23 - Service: SuperProServer - Rainbow Technologies - C:\WINNT\system32\spnsrvnt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 6587 bytes

Che faccio??
MonsterS4RS
Avatar utente
vmanetworking
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: lun nov 19, 2007 2:12 pm

Messaggioda ste_95 » sab nov 24, 2007 12:48 pm

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehostinge posta qui il link che ti viene assegnato.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

non raggiungo la url con internet explorer..

Messaggioda vmanetworking » sab nov 24, 2007 12:59 pm

Scusami ma non riesco ad eseguire la scansione perché da internet explorer...
Gli dò fuoco??
MonsterS4RS
Avatar utente
vmanetworking
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: lun nov 19, 2007 2:12 pm

Messaggioda ste_95 » sab nov 24, 2007 1:03 pm

scarica systemscan

fai la scansione e al termine carica il file log su www.freefilehosting.net e e postane il link
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

irraggiungibiltà url http:\\www.freefilehosting.net

Messaggioda vmanetworking » sab nov 24, 2007 3:41 pm

Il link che mi hai inviato non mi fà accedere alla pagina..hai qualche altro link dove ti posso inviare il log sel systemscan??
Grazie
MonsterS4RS
Avatar utente
vmanetworking
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: lun nov 19, 2007 2:12 pm

Re: irraggiungibiltà url http:\\www.freefilehosting.net

Messaggioda crazy.cat » sab nov 24, 2007 3:53 pm

vmanetworking ha scritto:Il link che mi hai inviato non mi fà accedere alla pagina..hai qualche altro link dove ti posso inviare il log sel systemscan??
Grazie


http://www.wikifortio.com/
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

systemscan lanciato alle 15.00...

Messaggioda vmanetworking » sab nov 24, 2007 5:37 pm

Ore 17.40 ancora sta girando sul server..nell'eventualità mi converrebbe ripristinare il SO Windows2000 dal CD??
MonsterS4RS
Avatar utente
vmanetworking
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: lun nov 19, 2007 2:12 pm

Log Systemscan

Messaggioda vmanetworking » dom nov 25, 2007 9:25 am

Buongiorno a tutti ragazzi finalmente systemscan ha prodotto il log il link è http://www.freefilehosting.net/download/NDA3MjM=

Grazie...
MonsterS4RS
Avatar utente
vmanetworking
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: lun nov 19, 2007 2:12 pm

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Google [Bot] e 2 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising