quando mi collego a tgm online

[teoleo]

ti mando anche questo:


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-21 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2006-12-14 SDHelper.dll
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-08 Includes\Cookies.sbi
2006-10-06 Includes\Dialer.sbi
2006-12-08 Includes\DialerC.sbi
2006-10-06 Includes\Hijackers.sbi
2006-12-08 Includes\HijackersC.sbi
2006-10-06 Includes\Keyloggers.sbi
2006-12-08 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2006-10-06 Includes\Malware.sbi
2006-12-08 Includes\MalwareC.sbi
2006-10-06 Includes\PUPS.sbi
2006-12-08 Includes\PUPSC.sbi
2006-12-08 Includes\Revision.sbi
2006-10-06 Includes\Security.sbi
2006-12-08 Includes\SecurityC.sbi
2006-10-06 Includes\Spybots.sbi
2006-12-08 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2006-10-06 Includes\Trojans.sbi
2006-12-08 Includes\TrojansC.sbi

Spybot - Search & Destroy browser pages report, 14/12/2006 19.05.43

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
http://www.catlist.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINNT\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.tgmonline.it/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

[teoleo]

e questo :O)


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-21 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2006-12-14 SDHelper.dll
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-08 Includes\Cookies.sbi
2006-10-06 Includes\Dialer.sbi
2006-12-08 Includes\DialerC.sbi
2006-10-06 Includes\Hijackers.sbi
2006-12-08 Includes\HijackersC.sbi
2006-10-06 Includes\Keyloggers.sbi
2006-12-08 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2006-10-06 Includes\Malware.sbi
2006-12-08 Includes\MalwareC.sbi
2006-10-06 Includes\PUPS.sbi
2006-12-08 Includes\PUPSC.sbi
2006-12-08 Includes\Revision.sbi
2006-10-06 Includes\Security.sbi
2006-12-08 Includes\SecurityC.sbi
2006-10-06 Includes\Spybots.sbi
2006-12-08 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2006-10-06 Includes\Trojans.sbi
2006-12-08 Includes\TrojansC.sbi

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Programmi\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 14/12/2004 0.56.50
Date (last access): 14/12/2006 18.52.26
Date (last write): 14/12/2004 0.56.50
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 7.0.0.1333

{31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
BHO name:
CLSID name: bho2gr Class
description: GetRight
classification: Legitimate
known filename: msie2gr.dll
info link: http://www.getright.com/
info source: TonyKlein
Path: C:\Programmi\GetRight\
Long name: xx2gr.dll
Short name:
Date (created): 12/10/2003 19.45.08
Date (last access): 14/12/2006 18.52.26
Date (last write): 11/09/2006 16.37.48
Filesize: 237568
Attributes: archive
MD5: 37EA04E865DF48DF4A84CF87F86C29EE
CRC32: 931CB198
Version: 6.0.0.3

{6CB7807F-43B3-1C6B-FBC4-21D44073F3E6} (Class)
BHO name:
CLSID name: Class
Path: C:\WINNT\
Long name: nrxeg1.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\programmi\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 13/12/2006 15.29.02
Date (last access): 14/12/2006 18.52.26
Date (last write): 13/12/2006 15.29.02
Filesize: 2149440
Attributes: readonly archive
MD5: 47328147BBD819A026F00C2B7E98DAC5
CRC32: E34209F1
Version: 4.0.1020.6156

[teoleo]

e la domanda mi sorge spontanea:

ma l'utilizzo di programmi quali C6 messenger o i vari Emule (parlo solo di utilizzo, senza poi toccare eventuali file scaricati), puo' essere pericoloso?

[firewall76]

e la domanda mi sorge spontanea:

ma l'utilizzo di programmi quali C6 messenger o i vari Emule (parlo solo di utilizzo, senza poi toccare eventuali file scaricati), puo' essere pericoloso?

ovviamente occorre sempre adottare delle cautele: ossia non accettare file di dubbia provenienza, prima di scompattare un archivio farlo analizzare all'antivirus.
I log mi sembrano puliti.
Riposta un log di hijackthis.

[teoleo]

ti riposto hjack, cmq ho sempre quel cavolo di trojan all'avvio, e ti ricordo che se parto in modalita provvisoria non c'e'... ( fosse quello che da problemi con i siti?)

[teoleo]

Logfile of HijackThis v1.99.1
Scan saved at 10.39.18, on 15/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\service32.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\carpserv.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
C:\WINNT\system32\atwtusb.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 8472\GoogleToolbarNot

ifier.exe
C:\Programmi\GetRight\getright.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\C6 Messenger\c6Messenger.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Downloads\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =

http://www.catlist.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.tgmonline.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName

= Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -

C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: Class - {6CB7807F-43B3-1C6B-FBC4-21D44073F3E6} -

C:\WINNT\nrxeg1.dll (file missing)
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher]

C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH

Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CXMon]

"C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]

C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition

Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost

Firewall 1.0\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost

Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [CTRegRun] C:\WINNT\CTRegRun.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Creative Detector]

C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe /R
O4 - HKCU\..\Run: [swg]

C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 8472\GoogleToolbarNot

ifier.exe
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6

Messenger\c6Messenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File

comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk =

C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk =

C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02. EXE
O4 - Global Startup: GetRight - Tray Icon.lnk =

C:\Programmi\GetRight\getright.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk =

C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk =

C:\Programmi\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions

present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

present
O8 - Extra context menu item: Download with GetRight -

C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser -

C:\Programmi\GetRight\GRbrowse.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan

Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -

http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -

http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://update.microsoft.com/windowsu...n/x86/client/w

uweb_site.cab?1128513464265
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -

http://toolbar.google.com/data/it/bi.../GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://update.microsoft.com/microsof.../en/x86/client

/muweb_site.cab?1165670099968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX

Control) - http://c6.community.alice.it/downloa...derActiveX.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{9973FF83-261B-4F06-802D-20A3D90599FC

}: NameServer = 85.37.17.17 85.38.28.72
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH -

C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService)

- AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd -

C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology

Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico

(dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO

EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner -

C:\WINNT\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum -

C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

da ignorantone c'e'

:\WINNT\nrxeg1.dll (file missing)

che e' riportato pero' da spybot qui


6CB7807F-43B3-1C6B-FBC4-21D44073F3E6} (Class)
BHO name:
CLSID name: Class
Path: C:\WINNT\
Long name: nrxeg1.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\programmi\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 13/12/2006 15.29.02
Date (last access): 14/12/2006 18.52.26
Date (last write): 13/12/2006 15.29.02
Filesize: 2149440
Attributes: readonly archive
MD5: 47328147BBD819A026F00C2B7E98DAC5
CRC32: E34209F1
Version: 4.0.1020.6156


teoleo
Visualizza profilo pubblico
Invia un messaggio privato a teoleo
Trova altri messaggi di teoleo
Aggiungi teoleo alla tua lista amici

Ieri, 19.17.28 #178
teoleo
Il Niubbi


Registrato: 27-12-2003
Messaggi: 198 Re: quando mi collego a tgm online

--------------------------------------------------------------------------------

e la domanda mi sorge spontanea:

ma l'utilizzo di programmi quali C6 messenger o i vari Emule (parlo solo di utilizzo, senza poi toccare eventuali file scaricati), puo' essere pericoloso?


teoleo
Visualizza profilo pubblico
Invia un messaggio privato a teoleo
Trova altri messaggi di teoleo
Aggiungi teoleo alla tua lista amici

Ieri, 20.20.53 #179
firewall76
Moderatore




Registrato: 30-04-2003
Residenza: pesaro
Messaggi: 12,450
Re: quando mi collego a tgm online

--------------------------------------------------------------------------------

Citazione:
Originalmente inviato da teoleo
e la domanda mi sorge spontanea:

ma l'utilizzo di programmi quali C6 messenger o i vari Emule (parlo solo di utilizzo, senza poi toccare eventuali file scaricati), puo' essere pericoloso?

ovviamente occorre sempre adottare delle cautele: ossia non accettare file di dubbia provenienza, prima di scompattare un archivio farlo analizzare all'antivirus.
I log mi sembrano puliti.
Riposta un log di hijackthis.
__________________


Dipingi un cielo che non sa /Che cosa č la radioattivitŕ… /Un fiore…Un fiore rosso che mi dia, /Il suo profumo e di plastica non sia! /Dimmi che ancora esisterň… /Anche se sono di latta i sogni che ho!!! Dipingi un uomo, se c’č… /
Che non porti la morte con sé! /Che non distrugga gli ideali suoi, /Spacciando borotalco ai figli tuoi!



firewall76
Visualizza profilo pubblico
Invia un messaggio privato a firewall76
Trova altri messaggi di firewall76
Aggiungi firewall76 alla tua lista amici

Oggi, 10.33.08 #180
teoleo
Il Niubbi


Registrato: 27-12-2003
Messaggi: 199 Re: quando mi collego a tgm online

--------------------------------------------------------------------------------

ti riposto hjack, cmq ho sempre quel cavolo di trojan all'avvio, e ti ricordo che se parto in modalita provvisoria non c'e'... ( fosse quello che da problemi con i siti?)

teoleo
Visualizza profilo pubblico
Invia un messaggio privato a teoleo
Trova altri messaggi di teoleo
Aggiungi teoleo alla tua lista amici

Pagina 8 di 8 Ť Primo < 4 5 6 7 8



Ť Discussione precedente | Prossima discussione ť

Messaggio vBulletin

Cancella modifiche
Risposta rapida
Si sono verificati alcuni errori durante l'invio di questo messaggio

Ok
Messaggio:
Logfile of HijackThis v1.99.1
Scan saved at 10.39.18, on 15/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\service32.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\carpserv.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
C:\WINNT\system32\atwtusb.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 8472\GoogleToolbarNot

ifier.exe
C:\Programmi\GetRight\getright.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\C6 Messenger\c6Messenger.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Downloads\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =

http://www.catlist.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.tgmonline.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName

= Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -

C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: Class - {6CB7807F-43B3-1C6B-FBC4-21D44073F3E6} -

C:\WINNT\nrxeg1.dll (file missing)
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher]

C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH

Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CXMon]

"C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]

C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition

Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost

Firewall 1.0\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost

Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [CTRegRun] C:\WINNT\CTRegRun.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Creative Detector]

C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe /R
O4 - HKCU\..\Run: [swg]

C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 8472\GoogleToolbarNot

ifier.exe
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6

Messenger\c6Messenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File

comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk =

C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk =

C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02. EXE
O4 - Global Startup: GetRight - Tray Icon.lnk =

C:\Programmi\GetRight\getright.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk =

C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk =

C:\Programmi\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions

present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

present
O8 - Extra context menu item: Download with GetRight -

C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser -

C:\Programmi\GetRight\GRbrowse.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan

Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -

http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -

http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://update.microsoft.com/windowsu...n/x86/client/w

uweb_site.cab?1128513464265
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -

http://toolbar.google.com/data/it/bi.../GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://update.microsoft.com/microsof.../en/x86/client

/muweb_site.cab?1165670099968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX

Control) - http://c6.community.alice.it/downloa...derActiveX.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{9973FF83-261B-4F06-802D-20A3D90599FC

}: NameServer = 85.37.17.17 85.38.28.72
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH -

C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService)

- AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd -

C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology

Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico

(dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO

EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner -

C:\WINNT\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum -

C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

da ignorantone c'e'

:\WINNT\nrxeg1.dll (file missing)

che e' riportato pero' da spybot qui


6CB7807F-43B3-1C6B-FBC4-21D44073F3E6} (Class)
BHO name:
CLSID name: Class
Path: C:\WINNT\
Long name: nrxeg1.dll

[firewall76]

fixa: C:\WINNT\service32.exe
ifier.exe (questo non so cosa sia, qualora anche tu non lo sappia eliminalo)
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {6CB7807F-43B3-1C6B-FBC4-21D44073F3E6} -
O4 - HKLM\..\Run: [zBrowser Launcher]

[teoleo]

ifier e' l'andata a capo di googlebarnotifier.... :O)

[teoleo]

questo e' il log di hjack quando volevo fare i fix, mi sbaglio ma winnt/service32.exe non c'e'???

gli altri li fixo...

[teoleo]

ah, ma O4 intendi quello di Itouch.exe??

E un'altra domanda, io ho ancora un programma di nome Einstein installato, ma che diavolo e?

[teoleo]

insomma ho fixato solo R3 e O2

[firewall76]

ah, ma O4 intendi quello di Itouch.exe??

E un'altra domanda, io ho ancora un programma di nome Einstein installato, ma che diavolo e?

la voce sopra. o se preferisci l'ultima di running process.
Se non conosci un programma disinstallalo.

[teoleo]

ti posto hjack perche' quello O4 che dici tu e' quello di Itouch.

Logfile of HijackThis v1.99.1
Scan saved at 13.19.43, on 15/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\service32.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\carpserv.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
C:\WINNT\system32\atwtusb.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 8472\GoogleToolbarNotifier.exe
C:\Programmi\GetRight\getright.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Downloads\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.catlist.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgmonline.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: Class - {6CB7807F-43B3-1C6B-FBC4-21D44073F3E6} - C:\WINNT\nrxeg1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher]C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CXMon] "C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall 1.0\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [CTRegRun] C:\WINNT\CTRegRun.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe /R
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 8472\GoogleToolbarNotifier.exe
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6 Messenger\c6Messenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02. EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1128513464265
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/bi.../GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165670099968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/downloa...derActiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9973FF83-261B-4F06-802D-20A3D90599FC}: NameServer = 85.37.17.17 85.38.28.72
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

xche' quella e' tutta una riga

[firewall76]

[IMG]http://www.***************.it/forum/images/icons/icon1.gif[/IMG] Re: quando mi collego a tgm online
ti posto hjack perche' quello O4 che dici tu e' quello di Itouch.

Logfile of HijackThis v1.99.1
Scan saved at 13.19.43, on 15/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\service32.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\carpserv.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
C:\WINNT\system32\atwtusb.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 8472\GoogleToolbarNotifier.exe
C:\Programmi\GetRight\getright.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Downloads\hijack\HijackThis.exe

[teoleo]

devo fixare quello in neretto? se lo trovo?

[firewall76]

devo fixare quello in neretto? se lo trovo?

[teoleo]

scusami, ma se apro hjack, io il winnt serevice32.exe non lo trovo, me lo segna solo sul log.

Come faccio a eliminarlo?

[StickyŠ]

scusami, ma se apro hjack, io il winnt serevice32.exe non lo trovo, me lo segna solo sul log.

Come faccio a eliminarlo?

Vai nella cartella indicata e lo elimini a mano.

[teoleo]

ok, quindi comunque e' da eliminare?

[StickyŠ]

ok, quindi comunque e' da eliminare?

Non ho un 2000 sottomano, ma non mi sembra di averlo mai visto. Indi, si.

[teoleo]

dovrei averlo cancellato, vediamo domani all riavvio :O(

[teoleo]

aggiornamento situazione:

non ho piu' il trojan all'avvio ma mi rimane il problema dei reindirizzamento dei siti e della ricerca con google ( e della non visualizzazione del sito di spybot)

[StickyŠ]

aggiornamento situazione:

non ho piu' il trojan all'avvio ma mi rimane il problema dei reindirizzamento dei siti e della ricerca con google ( e della non visualizzazione del sito di spybot)

C:\Winnt\system32\drivers\etc\hosts

Aprilo con Notepad e posta qui il contenuto.

Dovrebbe esserci solo questo:

127.0.0.1 localhost

E dei commenti con un # davanti.

[teoleo]

esatto....

Copyright (c) 1993-1999 Microsoft Corp.
#
# Questo č un esempio di file HOSTS usato da Microsoft TCP/IP per Windows.
#
# Questo file contiene la mappatura degli indirizzi IP ai nomi host.
# Ogni voce dovrebbe occupare una singola riga. L'indirizzo IP dovrebbe
# trovarsi nella prima colonna seguito dal nome host corrispondente.
# L'indirizzo e il nome host dovrebbero essere separati da almeno uno spazio
# o punto di tabulazione.
#
# Č inoltre possibile inserire commenti (come questi) nelle singole righe
# o dopo il nome del computer caratterizzato da un simbolo '#'.
#
# Per esempio:
#
# 102.54.94.97 rhino.acme.com # server origine
# 38.25.63.10 x.acme.com # client host x

127.0.0.1 localhost


cmq, il problema l'ho solo se uso google, se uso il sito di yahoo non mi e' mai successo... Ho provato gia' a disinstallare e reinstallare la google tool bar...

[StickyŠ]

esatto....

Copyright (c) 1993-1999 Microsoft Corp.
#
# Questo č un esempio di file HOSTS usato da Microsoft TCP/IP per Windows.
#
# Questo file contiene la mappatura degli indirizzi IP ai nomi host.
# Ogni voce dovrebbe occupare una singola riga. L'indirizzo IP dovrebbe
# trovarsi nella prima colonna seguito dal nome host corrispondente.
# L'indirizzo e il nome host dovrebbero essere separati da almeno uno spazio
# o punto di tabulazione.
#
# Č inoltre possibile inserire commenti (come questi) nelle singole righe
# o dopo il nome del computer caratterizzato da un simbolo '#'.
#
# Per esempio:
#
# 102.54.94.97 rhino.acme.com # server origine
# 38.25.63.10 x.acme.com # client host x

127.0.0.1 localhost


cmq, il problema l'ho solo se uso google, se uso il sito di yahoo non mi e' mai successo... Ho provato gia' a disinstallare e reinstallare la google tool bar...

Se te lo fa solo con Google, potrebbe essere un problema temporaneo.