| Precedente :: Successivo |
| Autore |
Messaggio |
miciotta
Semidio
Registrato: 19/12/08 12:40
Messaggi: 274
|
 Inviato: 06 Mar 2009 10:42 Oggetto: Lentezzza esasperante... |
 |
|
nel pc dove lavoro,
pazzesco ho fatto per curiosita' una scansione con il
TOOL di kaspersky e trovato una marea di schifezze
che ne SpyBot, ne Spywaretermiantor e ne il famoso
ma pessimo NORTON ha trovato!
Sapevo che Norton come antivirus era cosi e cosi, mah!
Chi mi da per cortesia ora un occhiata al log di Hikackthis
del pc dove lavoro per vedere se c'e qualche altra cosa ?
vedo un sospetto : C:\ ..... teknum system \ updsvc.exe ???
lo killo? e cosa e' ?
e poi il computer in accensione e' LENTISSIMO, ci mettera' quasi
5 minuti...cosa mi consigliate di killare ?
grazie x aiuto.
allego log di hijackthis. |
|
| Top |
|
 |
miciotta
Semidio
Registrato: 19/12/08 12:40
Messaggi: 274
|
| Inviato: 06 Mar 2009 10:43 Oggetto: log |
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.03.41, on 06/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\Programmi\Aclient\AClient.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Programmi\Symantec AntiVirus\SavRoam.exe
C:\Programmi\PK\PKLOGO\PKLOGO.exe
C:\Documents and Settings\Administrator\Documenti\archivio-old\wincm\wincmm\MIX\ - Utility\PC problemi\win_care\Sblocco PRG\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\Programmi\Brother\ControlCenter2\brctrcen.exe
C:\Programmi\Aclient\AClntUsr.EXE
C:\WINDOWS\system32\SSLEmptyCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmi\UPHClean\uphclean.exe
C:\Programmi\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Programmi\ATnotes\ATnotes.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\File comuni\Teknum Systems\updsvc.exe
C:\Programmi\VisualTaskTips\VisualTaskTips.exe
C:\Programmi\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\NetMeter\NetMeter.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lomb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://server:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programmi\IE7Pro\IE7Pro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Programmi\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\ctbr.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Programmi\WOT\WOT.dll
O4 - HKLM\..\Run: [PKLOGO] C:\Programmi\PK\PKLOGO\PKLOGO.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Documents and Settings\Administrator\Documenti\archivio-old\wincm\wincmm\MIX\ - Utility\PC problemi\win_care\Sblocco PRG\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AClntUsr] C:\Programmi\Aclient\AClntUsr.EXE
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Programmi\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ATnotes.exe] C:\Programmi\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FILECO~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Programmi\VisualTaskTips\VisualTaskTips.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Thoosje Sidebar .lnk
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IE7Pro\IE7Pro.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} (Posto di Lavoro del Cittadino - Attestazione) - http://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
O16 - DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} (Posto di Lavoro del Cittadino - Autenticazione utente) - http://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
O16 - DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} (Posto di Lavoro del Cittadino - Interprete dati) - http://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1225450559671
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229678090875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229678068562
O16 - DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} (Postazione di Lavoro del Cittadino 3.0) - http://supportsiss.lispa.it/components/pdlc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = miodominio.com
O17 - HKLM\Software\..\Telephony: DomainName = miodominio.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\ctbr.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Programmi\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Programmi\Aclient\AClient.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe
--
End of file - 13418 bytes |
|
| Top |
|
|
chemicalbit
Dio maturo
Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
|
| Inviato: 06 Mar 2009 12:22 Oggetto: Re: Lentezzza esasperante... |
|
|
| miciotta ha scritto: | nel pc dove lavoro,
pazzesco ho fatto per curiosita' una scansione con il
TOOL di kaspersky e trovato una marea di schifezze |
Il tool offline,
o la scansione online? |
|
| Top |
|
|
miciotta
Semidio
Registrato: 19/12/08 12:40
Messaggi: 274
|
| Inviato: 06 Mar 2009 12:33 Oggetto: re |
|
|
entrambi...nulla falso/positivo quel exe !
ora cosa devo fixxare con HijackThis
per questo pc della ditta che ci mette
una vita all'accensione ?
qualche voce che appesantisce l'avvio ?
grazie |
|
| Top |
|
|
chemicalbit
Dio maturo
Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
|
| Inviato: 06 Mar 2009 12:43 Oggetto: Re: re |
|
|
Avevi installato qualche programma della teknum system?
| miciotta ha scritto: | | entrambi... |
Quale hai fatto per primo?
Cosa ti ha trovato quello on-line e cosa quello off-line?
| miciotta ha scritto: | | nulla falso/positivo quel exe ! |
Come hai controllato? |
|
| Top |
|
|
miciotta
Semidio
Registrato: 19/12/08 12:40
Messaggi: 274
|
| Inviato: 06 Mar 2009 12:51 Oggetto: re |
 |
|
non ricordo cmq mi ha cancellato TUTTI i file infetti!
il file l'ho scansito con virustotalsca.com (32 antivurs)
e SOLO l'hanno dato come sospetto ...
quindi ora e' ok....
come faccio a velocizzare l'avvio ? cosa devo
fixxare su hijackThis ? |
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
