CNBabe.dll e gandi

Pubblicità
Stato
Discussione chiusa ad ulteriori risposte.
claudia82

claudia82

Utente Attivo
Messaggi
28
Reazioni
0
Punteggio
25
HO QUALCOSA CHE NON VA... MA NON SO COSA... O MEGLIO...NON SO COSA DEVO ELIMINARE....

Logfile of HijackThis v1.99.1
Scan saved at 21.32.24, on 20/01/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Compaq\Easy Access Button Support\StartEAK.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\WINNT\system32\PRPCUI.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programmi\Generic\USB Card Reader Driver v1.7\Disk_Monitor.exe
C:\WINNT\system32\Atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINNT\system32\internat.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foveaonline.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {7AF809F0-AED8-57E9-AAFF-E7BFADC43338} - C:\WINNT\system32\jpchwzei.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Rundll16] C:\WINNT\rundll16.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\Generic\USB Card Reader Driver v1.7\Disk_Monitor.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [<H] c:\WINNT\System32\<HEAD>
O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\WINNT\System32\ <TITLE>Error</TITLE>
O4 - HKLM\..\Run: [</H] c:\WINNT\System32\</HTML>
O4 - HKLM\..\Run: [<B] c:\WINNT\System32\<BODY>
O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINNT\System32\The site you have requested doesn't exist.
O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINNT\System32\The associated domain name has probably been reserved by a client from
O4 - HKLM\..\Run: [</B] c:\WINNT\System32\</BODY>
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zenet] rundll32.exe C:\PROGRA~1\COMMON~1\Toolbar\CNBabe.dll,DllStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [<H] c:\WINNT\System32\<HEAD>
O4 - HKCU\..\Run: [ <TITLE>Error</TI] c:\WINNT\System32\ <TITLE>Error</TITLE>
O4 - HKCU\..\Run: [</H] c:\WINNT\System32\</HTML>
O4 - HKCU\..\Run: [<B] c:\WINNT\System32\<BODY>
O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\WINNT\System32\The site you have requested doesn't exist.
O4 - HKCU\..\Run: [] c:\WINNT\System32\
O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINNT\System32\The associated domain name has probably been reserved by a client from
O4 - HKCU\..\Run: [</B] c:\WINNT\System32\</BODY>
O4 - HKCU\..\Run: [key] C:\WINNT\System32\winxp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINNT\System32\<A HREF="http://www.gandi.net/">GANDI</A> then parked.
O4 - Global Startup: DSLMON.lnk = C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38A5D282-90D9-4C29-B7BC-508859AF3F71}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EA7AA4A-D4A7-464E-B6BA-F69E06E032AE}: NameServer = 213.205.32.70 213.205.36.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{38A5D282-90D9-4C29-B7BC-508859AF3F71}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{38A5D282-90D9-4C29-B7BC-508859AF3F71}: NameServer = 151.99.125.2,151.99.250.2
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
 
Inanzitutto benvenuta...:) :) :)


http://www.hijackthis.de/it

Tramite il tasto sfoglia sottometti il txt qui..:nod: :nod:
Ti dirà lui quali sono le voci poco sicure o sospette..;)

Facendo analizzare il tuo file risultano una marea di cose sospette, ma lui consiglia di eliminare immediatamente queste...


O1 - Hosts: 217.116.231.7 aimtoday.aol.com
Sospetto Quest'oggetto deve essere immediatamente eliminato!
Da eliminare!
O1 - Hosts: 217.116.231.7 aimtoday.aol.com12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
Sospetto Quest'oggetto deve essere immediatamente eliminato!
Da eliminare!
O4 - HKLM\..\Run: [Rundll16] C:\WINNT\rundll16.exe
Sospetto Added as a result of any number of VIRUSES!
Hit rate: 94 % (risultato)
Da eliminare!

Oltre ad avere una versione di explorer da aggiornare.
 
Ultima modifica da un moderatore:
x toby

grazie per il BENVENUTO..hihiho provato ad eliminare quelle cose...^^hih... con le cose sconosciute???avrei anche altre cose da chiederti, se è possibile..ho anche fatto le varie mascherine...^^ posso contattarti??? come faccio ad aggiornare la mia versione di explorer
 
ho provato ad andare sul linkhttp://www.windowsupdate.com/ma non ci capisco molto di quello che devo fare... sono triste...
 
ma io ce lho già (qua sul portatile) mozzilla...sotto suggerimento della mia amica...^^ hih....anche se...ehm...è un po' lentino quando mi si carica la pagina iniziale...^^ hihi....
povera me....spero di risolvere presto tutto senza dover formattare....^^
 
Ragazzi, non è meglio provare con Spyboot?:)
E' molto più semplice da usare, fà tutto da solo...
E risolve molti problemi, basta aggiornarlo e il gioco è fatto...
Oppure anche Ad-aware è ottimo. Io li usi in combinazione, e x ora... Va perfetto da mesi!:D

Voi cosa ne dite?

Cmq, benvenuta!;)
 
Stato
Discussione chiusa ad ulteriori risposte.
Pubblicità
Pubblicità
Indietro
Top