• S
    User Newbie

    strano processo iexplore.exe !!!!aiuto!!!!

    Salve.Ho questo strano processo iexplore.exe che sta nel taskmanager pure quando non sono connesso.
    Se lo killo riappare subito e sempre.
    Prima di postare qualche log di hijackthis aspetto voi cosi facciamo tutto insieme.Grazie anticipatamente.

    0
  • G
    Super User

    Ciao stoart e benvenuto nel forumGT 😉

    Da quel che dici è probabile che tu abbia qualche elemento nocivo attivo nel tuo pc.

    Ti consiglio di iniziare ad eseguire delle scansioni in modalità provvisoria con antivirus e antispyware (alcuni free li trovi indicati in questo topic).

    E poi ci posti il log di hijackthis

    0
  • S
    User Attivo

    Controlla anche cosa hai in esecuzione automatica, il processo iexplorer.exe parte anche con l'apertura di files multimediali.

    0
  • S
    User Newbie

    Ecco il log:

    Logfile of HijackThis v1.99.1
    Scan saved at 14.10.41, on 09/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
    C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\Winamp\winampa.exe
    C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Programmi\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
    C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
    C:\PROGRA~1\INCRED~1\bin\IncMail.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\hijackthis_199\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.virgilio.it/adsl/01.adsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Tin.it
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
    O4 - HKLM..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
    O4 - Startup: Registration .LNK = C:\Programmi\Ubisoft\Tom Clancy's Splinter Cell Double Agent\support\Register\Reg.exe
    O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Programmi\Ubisoft\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Remote Control.lnk = C:\Programmi\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149190435828
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - file://D:\vadsl\guida\pctester\files\MotivePreQual.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O17 - HKLM\System\CCS\Services\Tcpip..{DE981BAD-2EC3-4F8D-BD79-792E371825F9}: NameServer = 62.211.69.150 212.48.4.15
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Programmi\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

    0
  • S
    User Attivo

    O4 - HKLM..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe "
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
    O4 - Startup: Registration .LNK = C:\Programmi\Ubisoft\Tom Clancy's Splinter Cell Double Agent\support\Register\Reg.exe
    O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Programmi\Ubisoft\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.e xe
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Remote Control.lnk = C:\Programmi\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe

    tutti questi sono in autoloading, potrebbe essere qui in mezzo il problema, hai anche un sacco di registrazioni programmi rimandate.
    In ogni modo prima prova i consigli di Gorka

    0
  • wolf.otakar
    Consiglio Direttivo

    @stoart said:

    Salve.Ho questo strano processo iexplore.exe che sta nel taskmanager pure quando non sono connesso.
    Se lo killo riappare subito e sempre.
    Prima di postare qualche log di hijackthis aspetto voi cosi facciamo tutto insieme.Grazie anticipatamente.

    Ciao stoart;
    effettua prima, una scansione online con kaspersky e successivamente scarica superantispyware; aggiornalo ed avvia una scansione...

    fammi sapere..:ciauz:

    0
  • L
    User

    Ehm...
    avvio --- esegui --- iexplore <invio>

    Magicamente cosa ti appare?

    Rispondendo a questa risposta avrai chiarito i dubbi in merito al tuo "virus" 😄

    0
Effettua l'accesso per rispondere