Precedente :: Successivo |
Autore |
Messaggio |
=SaReTtA13= Mortale adepto
Registrato: 21/03/07 14:40 Messaggi: 31
|
Inviato: 16 Apr 2007 23:44 Oggetto: controllo log |
|
|
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 0.40.58, on 17/04/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\System\MSASP32.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\System\MSIWA32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Program Files\Aspire Arcade\PCMService.exe
C:\Programmi\CRW\shwicon.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\System32\cmd.exe
C:\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://saretta131.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96DAE00C-75C1-414B-83DA-7B0E5F20EDA5}: NameServer = 85.37.17.4 85.38.28.70
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Advance Service Process - Unknown owner - C:\Programmi\File comuni\System\MSASP32.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Integrated Windows Authentication - Unknown owner - C:\Programmi\File comuni\System\MSIWA32.exe
--
End of file - 5230 bytes |
|
Top |
|
|
Orange Dio maturo
Registrato: 18/02/07 12:20 Messaggi: 2224 Residenza: Roma
|
Inviato: 17 Apr 2007 08:12 Oggetto: |
|
|
ciao, =SaReTtA13= e bentornata!
sarebbe utile anche sapere che problemi riscontri con PC...
il tuo log è pulito.. |
|
Top |
|
|
=SaReTtA13= Mortale adepto
Registrato: 21/03/07 14:40 Messaggi: 31
|
Inviato: 17 Apr 2007 13:24 Oggetto: |
|
|
Ciao,grazie per avermi risposto.
Beh,ogni tanto mi da ancora la finestrella "Generic Host...ecc,ecc",per cui devo riavviare il pc perchè non mi fa più far nulla,mi sconnette da internet e cose così.Uso Avast antivirus,Spy Boot search & destroy e Ad aware se-personal.
E poi ogni tanto si impalla.E ogni tre per due devo ripristinare il pc con tanto di formattazione e tutto. |
|
Top |
|
|
Orange Dio maturo
Registrato: 18/02/07 12:20 Messaggi: 2224 Residenza: Roma
|
Inviato: 17 Apr 2007 14:11 Oggetto: |
|
|
da quello che descrivi sembrerebbe l'infezione da Blaster...
ah già, hai ancora SP1...
lo vediamo subito:
scarica Sysclean della TrendMicro e fai lo scan.
dopo ci dici se ti ha trovato qualcosa.
prova anche con FixBlast
installa SP2 (altrimenti non la finisci più di formattare) |
|
Top |
|
|
=SaReTtA13= Mortale adepto
Registrato: 21/03/07 14:40 Messaggi: 31
|
Inviato: 17 Apr 2007 15:50 Oggetto: |
|
|
Ora faccio tutto e ti dico...
io vorrei scaricare SP2,ma non so come trovarla...mi dai il link? |
|
Top |
|
|
=SaReTtA13= Mortale adepto
Registrato: 21/03/07 14:40 Messaggi: 31
|
Inviato: 17 Apr 2007 16:00 Oggetto: |
|
|
/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/
2007-04-17, 16:56:29, Auto-clean mode specified.
2007-04-17, 16:56:29, Running scanner "C:\TSC.BIN"...
2007-04-17, 16:57:10, Scanner "C:\TSC.BIN" has finished running.
2007-04-17, 16:57:10, TSC Log:
Damage Cleanup Engine (DCE) 5.0(Build 1107)
Windows XP(Build 2600: Service Pack 1)
Start time : mar apr 17 2007 16:56:31
Load Damage Cleanup Template (DCT) "C:\\tsc.ptn" (version 854) [success]
Complete time : mar apr 17 2007 16:57:10
Execute pattern count(3080), Virus found count(0), Virus clean count(0), Clean failed count(0)
/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/
2007-04-17, 16:57:59, Auto-clean mode specified.
2007-04-17, 16:57:59, Running scanner "C:\TSC.BIN"...
2007-04-17, 16:58:09, Scanner "C:\TSC.BIN" has finished running.
2007-04-17, 16:58:09, TSC Log:
Damage Cleanup Engine (DCE) 5.0(Build 1107)
Windows XP(Build 2600: Service Pack 1)
Start time : mar apr 17 2007 16:58:00
Load Damage Cleanup Template (DCT) "C:\\tsc.ptn" (version 854) [success]
Complete time : mar apr 17 2007 16:58:09
Execute pattern count(3080), Virus found count(0), Virus clean count(0), Clean failed count(0)
2007-04-17, 16:59:20, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/17/2007 16:59:20
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Command Line: C:\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.*
2007-04-17, 16:59:20, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/17/2007 16:59:20
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Command Line: C:\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.*
2007-04-17, 16:59:20, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/17/2007 16:59:20
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Command Line: C:\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.*
2007-04-17, 16:59:20, Scanner "C:\VSCANTM.BIN" has finished running.
questo è quello di sysclean |
|
Top |
|
|
=SaReTtA13= Mortale adepto
Registrato: 21/03/07 14:40 Messaggi: 31
|
Inviato: 17 Apr 2007 16:07 Oggetto: |
|
|
no,mi ha detto che non è stato trovato nessun blaster |
|
Top |
|
|
Orange Dio maturo
Registrato: 18/02/07 12:20 Messaggi: 2224 Residenza: Roma
|
Inviato: 17 Apr 2007 17:23 Oggetto: |
|
|
sono sempre piu convinta che il problema sta proprio nelle patch di aggiornamento mancanti..
questo è il link per scaricare SP2 http://corporate.windowsupdate.microsoft.com/
forse, installandolo riesci a risolvere con quell'errore...
altrimenti fai lo scan on-line con Kaspersky |
|
Top |
|
|
=SaReTtA13= Mortale adepto
Registrato: 21/03/07 14:40 Messaggi: 31
|
Inviato: 17 Apr 2007 17:35 Oggetto: |
|
|
fatto...ho rifatto il log...guarda...
Logfile of HijackThis v1.99.1
Scan saved at 18.31.13, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\System\MSASP32.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\System\MSIWA32.exe
C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Program Files\Aspire Arcade\PCMService.exe
C:\Programmi\CRW\shwicon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Programmi\Messenger\MSMSGS.EXE
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\System32\MsiExec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\DOCUME~1\Sara\IMPOST~1\Temp\Directory temporanea 4 per hijackthis.zip\HijackThis.exe
C:\Programmi\MSN Messenger\Device Manager\dpinst.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\MSMSGS.EXE" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://saretta131.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Advance Service Process - Unknown owner - C:\Programmi\File comuni\System\MSASP32.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Integrated Windows Authentication - Unknown owner - C:\Programmi\File comuni\System\MSIWA32.exe |
|
Top |
|
|
Orange Dio maturo
Registrato: 18/02/07 12:20 Messaggi: 2224 Residenza: Roma
|
Inviato: 18 Apr 2007 09:58 Oggetto: |
|
|
il log è sempre pulito....
se persistono ancora quei problemi, fai la scansione on-line linkata sopra.
posta il risultato |
|
Top |
|
|
|