View Full Version : UFFA!DIALER EXSPLORER..!
Salve a tutti...
sono giorni che provo a togliere da un portatile questo dialer che ha provocato un aumento della bolletta di 100 euro circa su una connessione a 56k (non mia).
Ho provato l utilizzo di ccleaner, adaware,spybot...hanno tolto un po di robaccia ma il dialer resiste ancora!:muro:
Ho usato hijackthis in modalita provvisoria e non.. conseguentemente l ho confrontarlo sul famoso sito...fixo..ma alla fine ricompare sempre se rifaccio lo scan ...soprattutto nella parte 15!
c'e' qualcuno che mi puo aiutare e soprattutto mi puo dire se devo fixare qualcos'altro che il sito ufficiale magari non riconosce!??:confused:
grazie a tutti in anticipo!!
ecco il log:
Logfile of HijackThis v1.99.1
Scan saved at 21.30.55, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programmi\Arcade\PCMService.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\BenQ\QMusic2\QMAgent.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
C:\Programmi\USB Disk Win98 Driver\Res.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\QLink 1.0\devmonit.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\pc\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" -r "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\ereg.ini"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QMusic] C:\Programmi\BenQ\QMusic2\QMAgent.exe
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programmi\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Monitor.lnk = C:\Programmi\QLink 1.0\devmonit.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.happyfile.net
O15 - Trusted Zone: http://www.otherchance.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{76E708D5-4A6D-4124-86E1-028FE9F2FE80}: NameServer = 85.37.17.46 85.38.28.84
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
Chill-Out
23-10-2007, 22:36
Fixa come hai già fatto in precedenza:
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.happyfile.net
O15 - Trusted Zone: http://www.otherchance.com
Disattiva il Ripristino configurazione di sistema ovvero procedi in questa maniera:
tasto destro del mouse sull'icona Risorse del Computer
seleziona la voce Proprietà
apri la scheda Ripristino configurazione di Sistema
spunta la voce Disattiva ripristino configurazione di sistema
conferma, la modifica, con Applica e, poi Ok
Rifai pulizia con Ccleaner
Scarica a-squared free da qui: http://www.emsisoft.it/it/software/download/ installalo, lancialo, aggiornalo e fagli fare una "Deep scan"
Scarica SysClean da qui: http://it.trendmicro-europe.com/file_downloads/common/tsc/sysclean.com per praticità salvalo sul DeskTop in un cartella che chiamerai SysClean
Scarica le definizioni dei virus da qui: http://it.trendmicro-europe.com/enterprise/support/pattern.php scompatta all'interno della cartella creata il file compresso contenente le definizioni
Riavvia il PC in modalità provvisoria F8, esegui SysClean, copi ed incolli il log nel prossimo post
juninho85
23-10-2007, 22:57
nel caso non risolvi posta un log di gmer e findawf
ecco il log sysclean dopo aver fatto tutto quello che hai sopra scritto...
come e' la situazione ????:confused: :confused:
in pratica continua ad uscire su hijackthis la serie 015...perche????eppure adsquare aveva trovato 2 lnk da eliminare cosa che prontamente ho fatto.
help!!!!!!!!!!!!!
/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/
2007-10-24, 20:59:17, Auto-clean mode specified.
2007-10-24, 20:59:17, Running scanner "C:\Documents and Settings\pc\Desktop\sysclean\TSC.BIN"...
2007-10-24, 20:59:52, Scanner "C:\Documents and Settings\pc\Desktop\sysclean\TSC.BIN" has finished running.
2007-10-24, 20:59:52, TSC Log:
2007-10-24, 21:19:14, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/24/2007 21:00:38
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 791 (246254 Patterns) (2007/10/23) (479100)
Command Line: C:\Documents and Settings\pc\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\pc\Desktop\sysclean
43633 files have been read.
43633 files have been checked.
35307 files have been scanned.
43337 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/24/2007 21:19:13
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-24, 21:19:14, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/24/2007 21:00:38
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 791 (246254 Patterns) (2007/10/23) (479100)
Command Line: C:\Documents and Settings\pc\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\pc\Desktop\sysclean
43633 files have been read.
43633 files have been checked.
35307 files have been scanned.
43337 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/24/2007 21:19:13 18 minutes 29 seconds (1109.31 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-24, 21:19:14, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/24/2007 21:00:38
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 791 (246254 Patterns) (2007/10/23) (479100)
Command Line: C:\Documents and Settings\pc\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\pc\Desktop\sysclean
43633 files have been read.
43633 files have been checked.
35307 files have been scanned.
43337 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/24/2007 21:19:13 18 minutes 29 seconds (1109.31 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-24, 21:19:14, Scanner "C:\Documents and Settings\pc\Desktop\sysclean\VSCANTM.BIN" has finished running.
2007-10-24, 21:19:35, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/24/2007 21:19:16
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 791 (246254 Patterns) (2007/10/23) (479100)
Command Line: C:\Documents and Settings\pc\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\pc\Desktop\sysclean
21 files have been read.
21 files have been checked.
21 files have been scanned.
73 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/24/2007 21:19:35
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-24, 21:19:35, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/24/2007 21:19:16
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 791 (246254 Patterns) (2007/10/23) (479100)
Command Line: C:\Documents and Settings\pc\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\pc\Desktop\sysclean
21 files have been read.
21 files have been checked.
21 files have been scanned.
73 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/24/2007 21:19:35 7 seconds (7.20 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-24, 21:19:35, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/24/2007 21:19:16
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 791 (246254 Patterns) (2007/10/23) (479100)
Command Line: C:\Documents and Settings\pc\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\pc\Desktop\sysclean
21 files have been read.
21 files have been checked.
21 files have been scanned.
73 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/24/2007 21:19:35 7 seconds (7.20 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2007-10-24, 21:19:35, Scanner "C:\Documents and Settings\pc\Desktop\sysclean\VSCANTM.BIN" has finished running.
juninho85
24-10-2007, 21:51
nel caso non risolvi posta un log di gmer e findawf
.
nel caso non risolvi posta un log di gmer e findawf
sto facendo anche gmer...adesso..speriamo.:O
:confused: nel caso non risolvi posta un log di gmer e findawf
ho usato gmer...come funziona per favore??????HELP!
:confused: :rolleyes:
juninho85
24-10-2007, 22:37
:confused:
ho usato gmer...come funziona per favore??????HELP!
:confused: :rolleyes:
clicchi su system e avvi la scansione,poi selezioni copy e incolli il contenuto qui sul forum
clicchi su system e avvi la scansione,poi selezioni copy e incolli il contenuto qui sul forum
SONO un tantino in difficolta'...non riesco a copiarti ...e poi quale scheda dovrei copiarti'!?ROOTKIT??modules?processes??
Grazie comunque!
juninho85
24-10-2007, 22:48
SONO un tantino in difficolta'...non riesco a copiarti ...e poi quale scheda dovrei copiarti'!?ROOTKIT??modules?processes??
Grazie comunque!
si,rootkit
si,rootkit
ecco juninho85..ecco il log:
cosa ne deduci???
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-24 22:51:54
Windows 5.1.2600 Service Pack 2
---- Devices - GMER 1.0.13 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLEANUP [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLOSE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_MAILSLOT [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_NAMED_PIPE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CHANGE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DIRECTORY_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FILE_SYSTEM_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FLUSH_BUFFERS [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_INTERNAL_DEVICE_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_LOCK_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_POWER [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_EA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_QUOTA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_SECURITY [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_VOLUME_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_EA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_QUOTA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_SECURITY [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_VOLUME_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SHUTDOWN [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SYSTEM_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_WRITE [FA839E00] SynTP.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [FA9EC1DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [FA9EC1DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [FA9EC1DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [FA9EC454] fltMgr.sys
---- System - GMER 1.0.13 ----
SSDT FB238884 ZwCreateThread
SSDT FB238870 ZwOpenProcess
SSDT FB238875 ZwOpenThread
SSDT FB23887F ZwTerminateProcess
SSDT FB23887A ZwWriteVirtualMemory
---- EOF - GMER 1.0.13 ----
Riverside
24-10-2007, 22:53
Salve a tutti... O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.happyfile.net
O15 - Trusted Zone: http://www.otherchance.com
Infetto da virus preso attraverso MSN Messenger; segui la procedura descritta im questa Guida (e continua, la discussione, in quel thread): http://www.hwupgrade.it/forum/showthread.php?t=1547867
juninho85
24-10-2007, 22:55
ecco juninho85..ecco il log:
cosa ne deduci???
che non sei infetto da rootkit
Infetto da virus preso attraverso MSN Messenger; segui la procedura descritta im questa Guida (e continua, la discussione, in quel thread): http://www.hwupgrade.it/forum/showthread.php?t=1547867
come e' possibile riverside??msn su questo portatile neanke e' installato!!!su una connessione a 56 k non va.....:confused: :confused: :rolleyes:
juninho85
24-10-2007, 23:01
prova,sempre con gmer,a effettuare le scansioni su tutte le altre voci eccetto system
Riverside
24-10-2007, 23:06
come e' possibile riverside??msn su questo portatile neanke e' installato!!!su una connessione a 56 k non va.....:confused: :confused: :rolleyes:
Non va che cosa? non hai un account di Hotmail? cosa non è installato?
Windows Messenger è installato, di defalut, anche sul quel portatile (e nota bene, sto parlando di Windows Messenger in questo momento, non di MSN Messenger: sono entrambi due client di messagistica immediata, entrambi assogettati, in caso di uso, a quel tipo di virus).
E il tipo di connessione, non c'entra nulla.
Tu comunque esegui quella procedura ;)
non e' installato msn live messenger..
lo so che windows messenger di default c'e'...ma su questo portatile non e' stata mai utilizzato.cmq seguiro', come da te consigliato, anche la tua procedura!!
vediamo cosa succede..sto usando, da come state vedendo, di tutto..ed il log di hijackthis e' impietoso ogni volta..la parte 015 si ripresenta sempre.:confused:
edit:
questo intando il log di gmer senza system:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-24 23:11:26
Windows 5.1.2600 Service Pack 2
---- Devices - GMER 1.0.13 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_NAMED_PIPE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLOSE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_WRITE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_EA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_EA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FLUSH_BUFFERS [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_VOLUME_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_VOLUME_INFORMATION [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DIRECTORY_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FILE_SYSTEM_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_INTERNAL_DEVICE_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SHUTDOWN [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_LOCK_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLEANUP [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_MAILSLOT [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_SECURITY [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_SECURITY [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_POWER [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SYSTEM_CONTROL [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CHANGE [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_QUOTA [FA839E00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_QUOTA [FA839E00] SynTP.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [FA9EC1DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [FA9EC1DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [FA9EC454] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [FA9EC1DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [FA9DFF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [FA9DFF4C] fltMgr.sys
---- EOF - GMER 1.0.13 ----
Chill-Out
25-10-2007, 09:37
C'è un processo residente in memoria da eliminare quindi lancia HijackThis -> clicca su Open The Misc Tool Section -> clicca su Generate StartUpList Log spuntando i due campi a dx List also... e List empty... copia e incolla il log nel prossimo post
Ciao
C'è un processo residente in memoria da eliminare quindi lancia HijackThis -> clicca su Open The Misc Tool Section -> clicca su Generate StartUpList Log spuntando i due campi a dx List also... e List empty... copia e incolla il log nel prossimo post
Ciao
ecco il log come mi hai chiesto!!!cosa ci vedete Ragazzi???:confused:
ho provato veramente di tutto..la parte 015 si ripresenta..:muro:
StartupList report, 25/10/2007, 19.11.42
StartupList version: 1.52.2
Started from : C:\Documents and Settings\pc\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programmi\Arcade\PCMService.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\BenQ\QMusic2\QMAgent.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
C:\Programmi\USB Disk Win98 Driver\Res.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\QLink 1.0\devmonit.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pc\Desktop\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\pc\Menu Avvio\Programmi\Esecuzione automatica]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
Monitor.lnk = C:\Programmi\QLink 1.0\devmonit.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LaunchApp = Alaunch
SynTPLpr = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
SoundMan = SOUNDMAN.EXE
AGRSMMSG = AGRSMMSG.exe
SiSPower = Rundll32.exe SiSPower.dll,ModeAgent
SiS Windows KeyHook = C:\WINDOWS\system32\keyhook.exe
PCMService = "C:\Programmi\Arcade\PCMService.exe"
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
LManager = C:\Programmi\Launch Manager\QtZgAcer.EXE
eRecoveryService = C:\Programmi\Acer\eRecovery\Monitor.exe
OpwareSE2 = "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
OPSE reminder = "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" -r "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\ereg.ini"
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
QMusic = C:\Programmi\BenQ\QMusic2\QMAgent.exe
SMSTray = C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
MAAgent = C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
USB Storage Toolbox = C:\Programmi\USB Disk Win98 Driver\Res.EXE
DSLSTATEXE = C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
DSLAGENTEXE = dslagent.exe USB
avgnt = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ss3dfo.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Editor del Registro di sistema'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
--------------------------------------------------
Enumerating Task Scheduler jobs:
*No jobs found*
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
a-squared Free Service: "C:\Programmi\a-squared Free\a2service.exe" (autostart)
Ad-Aware 2007 Service: "C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart)
Driver ACPI Microsoft: system32\DRIVERS\ACPI.sys (system)
Driver del controller integrato Microsoft: system32\DRIVERS\ACPIEC.sys (system)
Eliminatore di eco acustico del kernel Microsoft: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Agere Systems Soft Modem: system32\DRIVERS\AGRSM.sys (manual start)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Avvisi: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Servizio Gateway di livello applicazione: %SystemRoot%\System32\alg.exe (manual start)
Driver del processore AMD: system32\DRIVERS\AmdK8.sys (system)
Notebook Manager Service: C:\Acer\eManager\anbmServ.exe (autostart)
AntiVir PersonalEdition Classic Scheduler: "C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe" (autostart)
AntiVir PersonalEdition Classic Guard: "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe" (autostart)
Gestione applicazione: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Driver per supporti asincroni RAS: system32\DRIVERS\asyncmac.sys (manual start)
Controller disco rigido IDE/ESDI standard: system32\DRIVERS\atapi.sys (system)
Protocollo client ARP ATM: system32\DRIVERS\atmarpc.sys (manual start)
Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver stub audio: system32\DRIVERS\audstub.sys (manual start)
avgio: \??\C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgio.sys (system)
avgntflt: \??\C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (manual start)
avipbb: system32\DRIVERS\avipbb.sys (system)
Driver per l’adattatore di rete Broadcom 802.11: system32\DRIVERS\bcmwl5.sys (manual start)
Servizio trasferimento intelligente in background: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Browser di computer: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Driver del CD-ROM: system32\DRIVERS\cdrom.sys (system)
Servizio di indicizzazione: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Driver batteria a metodo di controllo ACPI Microsoft: system32\DRIVERS\CmBatt.sys (manual start)
Driver della batteria composita Microsoft: system32\DRIVERS\compbatt.sys (system)
Applicazione di sistema COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Servizi di crittografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Utilità di avvio processo server DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Driver del disco: system32\DRIVERS\disk.sys (system)
Dritek HotKey Keyboard Filter Driver: System32\Drivers\DKbFltr.sys (manual start)
Servizio amministrativo di Gestione disco logico: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Gestione dischi logici: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Sintetizzatore DLS Microsoft Kernel: system32\drivers\DMusic.sys (manual start)
Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Decodificatore audio DRM del kernel Microsoft: system32\drivers\drmkaud.sys (manual start)
Servizio di segnalazione errori: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Registro eventi: %SystemRoot%\system32\services.exe (autostart)
Sistema di eventi COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Compatibilità di Cambio rapido utente: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Driver archiviazione volumi: system32\DRIVERS\ftdisk.sys (system)
Filtro Microsoft AGPv3.0 generico per piattaforme processore K8: system32\DRIVERS\gagp30kx.sys (system)
gmer: System32\DRIVERS\gmer.sys (manual start)
Utilità di classificazione pacchetti generica: system32\DRIVERS\msgpc.sys (manual start)
Guida in linea e supporto tecnico: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Accesso periferica Human Interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Driver di classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
SSL HTTP: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
Driver di porta mouse PS/2 e tastiera i8042: system32\DRIVERS\i8042prt.sys (system)
Driver filtro masterizzazione CD: system32\DRIVERS\imapi.sys (system)
Servizio COM di masterizzazione CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start)
int15.sys: \??\C:\Programmi\Acer\eRecovery\int15.sys (autostart)
Driver Windows Firewall IPv6: system32\DRIVERS\Ip6Fw.sys (manual start)
Driver filtro traffico IP: system32\DRIVERS\ipfltdrv.sys (manual start)
Driver tunnel IP in IP: system32\DRIVERS\ipinip.sys (manual start)
Traduttore indirizzi di rete IP: system32\DRIVERS\ipnat.sys (manual start)
Driver IPSEC: system32\DRIVERS\ipsec.sys (system)
Servizio enumeratore infrarossi: system32\DRIVERS\irenum.sys (manual start)
Driver bus PnP ISA/EISA: system32\DRIVERS\isapnp.sys (system)
Driver classe tastiera: system32\DRIVERS\kbdclass.sys (system)
Mixer wave audio del kernel Microsoft: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Helper NetBIOS di TCP/IP: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Condivisione desktop remoto di NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Driver classe mouse: system32\DRIVERS\mouclass.sys (system)
Driver di mouse HID: system32\DRIVERS\mouhid.sys (manual start)
Redirector del client WebDav: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Proxy di servizio di flusso Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy clock di flusso Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy di gestione qualità di flusso Microsoft: system32\drivers\MSPQM.sys (manual start)
Driver BIOS Microsoft System Management: system32\DRIVERS\mssmbios.sys (manual start)
Driver TAPI NDIS di accesso remoto: system32\DRIVERS\ndistapi.sys (manual start)
Protocollo I/O modalità utente su NDIS: system32\DRIVERS\ndisuio.sys (manual start)
Driver WAN NDIS di accesso remoto: system32\DRIVERS\ndiswan.sys (manual start)
Interfaccia NetBIOS: system32\DRIVERS\netbios.sys (system)
NetBios su Tcpip: system32\DRIVERS\netbt.sys (system)
DDE di rete: %SystemRoot%\system32\netdde.exe (disabled)
DDE DSDM di rete: %SystemRoot%\system32\netdde.exe (disabled)
Accesso rete: %SystemRoot%\system32\lsass.exe (manual start)
Connessioni di rete: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Upper Class Filter Driver: system32\DRIVERS\NTIDrvr.sys (manual start)
Provider supporto protezione LM NT: %SystemRoot%\system32\lsass.exe (manual start)
Archivi rimovibili: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Driver filtro traffico IPX: system32\DRIVERS\nwlnkflt.sys (manual start)
Driver inoltratore traffico IPX: system32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Pcmcia: system32\DRIVERS\pcmcia.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Servizi IPSEC: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Archiviazione protetta: %SystemRoot%\system32\lsass.exe (autostart)
Utilità di pianificazione pacchetti QoS: system32\DRIVERS\psched.sys (manual start)
Driver Direct Parallel Link: system32\DRIVERS\ptilink.sys (manual start)
Driver connessione automatica Accesso remoto: system32\DRIVERS\rasacd.sys (system)
Auto Connection Manager di Accesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Connection Manager di Accesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Driver PPPOE di accesso remoto: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Gestione sessione di assistenza mediante desktop remoto: C:\WINDOWS\system32\sessmgr.exe (manual start)
Driver filtro riproduzione CD-ROM audio digitale: system32\DRIVERS\redbook.sys (system)
Routing e Accesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
RPC Locator: %SystemRoot%\system32\locator.exe (manual start)
RPC (Remote Procedure Call): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Gestione account di protezione (SAM): %SystemRoot%\system32\lsass.exe (autostart)
smart card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Utilità di pianificazione: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Accesso secondario: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notifica eventi di sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall / Condivisione connessione Internet (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Rilevamento hardware shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS315: system32\DRIVERS\sisgrp.sys (manual start)
SiS AGP Filter: system32\DRIVERS\SISAGPX.sys (system)
SiSkp: system32\DRIVERS\srvkp.sys (system)
SiS PCI Fast Ethernet Adapter Driver for NDIS51: system32\DRIVERS\sisnicxp.sys (manual start)
Frazionatore audio del kernel Microsoft: system32\drivers\splitter.sys (manual start)
Spooler di stampa: %SystemRoot%\system32\spoolsv.exe (autostart)
Driver filtro Ripristino configurazione di sistema: \SystemRoot\system32\DRIVERS\sr.sys (disabled)
Servizio Ripristino configurazione di sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
Servizio nomi files: C:\WINDOWS\Downlo~1\mdd9q\p1lygc.exe (autostart)
Servizio di rilevamento SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
ssmdrv: system32\DRIVERS\ssmdrv.sys (system)
Driver per fotocamera digitale seriale: system32\DRIVERS\serscan.sys (manual start)
Acquisizione di immagini di Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Driver bus software: system32\DRIVERS\swenum.sys (manual start)
Sintetizzatore Wavetable GS kernel Microsoft: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{50CFF27D-AC37-45C3-9BCD-C924D5B7C006} (manual start)
SYMIDSCO: \??\C:\PROGRA~1\FILECO~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys (manual start)
Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)
Periferica audio di sistema Microsoft Kernel: system32\drivers\sysaudio.sys (manual start)
Avvisi e registri di prestazioni: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver protocollo TCP/IP: system32\DRIVERS\tcpip.sys (system)
Driver della periferica terminale: system32\DRIVERS\termdd.sys (system)
Servizi terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Temi: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Manutenzione collegamenti distribuiti client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Driver aggiornamento microcodice: system32\DRIVERS\update.sys (manual start)
Host di periferiche Plug and Play universali: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Gruppo di continuità: %SystemRoot%\System32\ups.exe (manual start)
Driver principale generico USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start)
Driver Miniport controller enhanced host USB 2.0 Microsoft: system32\DRIVERS\usbehci.sys (manual start)
Driver hub USB standard Microsoft: system32\DRIVERS\usbhub.sys (manual start)
Driver miniport per controller open host USB Microsoft: system32\DRIVERS\usbohci.sys (manual start)
Classe stampanti USB Microsoft: system32\DRIVERS\usbprint.sys (manual start)
Driver scanner USB: system32\DRIVERS\usbscan.sys (manual start)
Driver archiviazione di massa USB: system32\DRIVERS\USBSTOR.SYS (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Copia replicata del volume: %SystemRoot%\System32\vssvc.exe (manual start)
Ora di Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver ARP IP di accesso remoto: system32\DRIVERS\wanarp.sys (manual start)
GlobespanVirata USB ADSL WAN Modem: system32\DRIVERS\gwausb.sys (manual start)
Driver di compatibilità audio Microsoft WINMM WDM: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Strumentazione gestione Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Servizio Numero di serie per dispositivi multimediali portatili: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Scheda WMI Performance: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
WpdUsb: System32\Drivers\wpdusb.sys (manual start)
Centro sicurezza PC: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Aggiornamenti automatici: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Zero Configuration reti senza fili: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Servizio Provisioning di rete: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 32.837 bytes
Report generated in 0,687 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Chill-Out
25-10-2007, 21:23
Io non vedo nulla di strano, visto che abbiamo a che fare con una connessione 56K installa a-squared antidialer http://download5.emsisoft.com/a2AntiDialerSetup.exe
vediamo se lo intercettiamo.
juninho85
25-10-2007, 21:29
che bimbominchia!!!!:muro: :muro: :muro: :muro: :muro:
eccolo:
C:\WINDOWS\Downlo~1\mdd9q\p1lygc.exe
la cartella è C:\WINDOWS\Downlonloaded Program Files
Chill-Out
25-10-2007, 21:34
che bimbominchia!!!!:muro: :muro: :muro: :muro: :muro:
eccolo:
la cartella è C:\WINDOWS\Downlonloaded Program Files
bel colpo mi era sfuggito, ero sicuro che con StartUpList saltava fuori
Riverside
25-10-2007, 21:50
Ma porca quella miseria ..... ti costa troppo eseguire una scansione con MSNFIX e pubblicare il relativo log? :muro:
MSNFIX TOOL: clicca qui per il download (http://sosvirus.changelog.fr/MSNFix.zip) (la versione del Tool viene, costantemente, rilasciata, aggiornata)
● scompatta il file Zip posizionandolo sul Desktop (verrà creata una cartella)
● lancia MSNFix File batch
● digita I per impostare la lingua, e, premi invio
● digita R per cercare il malware
● digita N per eliminare ciò che trova
● digita A per creare il log da pubblicare
● digita R per ripulire il registro ed uscire
● digita Q per terminare MSNFix
Verrano creati:
● un file Zip
● un log
all'interno della cartella posizionata sul Desktop: cestina solo il file Zip e ripulisci il cestino
Annotazione; il Tool rimuove automaticamente i file infetti ma indica, anche, alcuni files (di norma, sono Screensaver non legittimi) alla cui rimozione si deve procedere, manualmente.
Fatto tutto, pubblica qui, il relativo log per farlo analizzare
ok....
appena torno a casa stasera vedo di eseguire le vostre raccomandazioni.
per il momento un grosso grazie!
ecco il log di msnfix!
ha trovato qlk ed ha ripulito.
hijackthis continua a ripropormi la parte 015 in maniera inesorabile!!
procedo manualmente alla rimozione del file che avete individuato!????!
log:
MSNFix 1.555
C:\Documents and Settings\pc\Desktop\MSNFix
Fix effettuato il 26/10/2007 - 18.29.13,73 By pc
modalità normale
************************ Cercare i files presenti
... C:\WINDOWS\system32\autorun.ini
************************ MSNCHK ***** /!\ beta test /!\
************************ Ricerca le cartelle presenti
Nessuna cartella trovata
************************ Eliminazione dei files
.. OK ... C:\WINDOWS\system32\autorun.ini
************************ Pulizia del Registro
************************ Files sospetti
Nessun files trovato
I files e le chiavi di registro eliminati sono stati salvati nel file 26102007_18.30.3034.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Chill-Out
26-10-2007, 18:41
Devi cancella questo:
C:\WINDOWS\Downlo~1\mdd9q\p1lygc.exe la cartella è C:\WINDOWS\Downlonloaded Program Files
prima però fallo controllare su www.virustotal.com
Riverside
26-10-2007, 18:42
ecco il log di msnfix!
ASQUARED ANTIDIALER FREE: clicca qui per il download (http://download5.emsisoft.com/a2AntiDialerSetup.exe)
una volta installato, scarica gli aggiornamenti e poi, esegui una scansione del sistema, da disconnesso.
Lacialo installato (visto che ti connetti a 56k) perchè ha una protezione in tempo reale.
Dopo che hai eseguito la scansione pubblica un nuovo log di HTHIS
in down.prog.files non c'e nulla!!!possibile!???
juninho85
26-10-2007, 18:44
in down.prog.files non c'e nulla!!!possibile!???
che sia un file nascosto?
ASQUARED ANTIDIALER FREE: clicca qui per il download (http://download5.emsisoft.com/a2AntiDialerSetup.exe)
una volta installato, scarica gli aggiornamenti e poi, esegui una scansione del sistema, da disconnesso.
Lacialo installato (visto che ti connetti a 56k) perchè ha una protezione in tempo reale.
Dopo che hai eseguito la scansione pubblica un nuovo log di HTHIS
gia scaricato ed utilizzato asquared antidialer free..utile , ha ripulito anche lui qlk su questo dialer ma non ha completato l opera!lo 015 si ripropone.
ps: ho un alice flat..il portatile non e' mio e viene usato su una 56k.
siccome sto usando la connessione di casa mia su questo portatile non c'e mika il riskio che anche su una flat aumenta la bolletta?non mi risulta a me che un dialer diventa attivo su una flat.:confused:
che sia un file nascosto?
impossibile sto..utilizzando la visuale aperta!!:muro: :muro:
edit.ecco il nuovo log hithisjack
Logfile of HijackThis v1.99.1
Scan saved at 18.53.31, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programmi\Arcade\PCMService.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\BenQ\QMusic2\QMAgent.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
C:\Programmi\USB Disk Win98 Driver\Res.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\QLink 1.0\devmonit.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\pc\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" -r "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\ereg.ini"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QMusic] C:\Programmi\BenQ\QMusic2\QMAgent.exe
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programmi\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Monitor.lnk = C:\Programmi\QLink 1.0\devmonit.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.happyfile.net
O15 - Trusted Zone: http://www.otherchance.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{76E708D5-4A6D-4124-86E1-028FE9F2FE80}: NameServer = 85.37.17.46 85.38.28.84
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Servizio nomi files (srvflsn) - Unknown owner - C:\WINDOWS\Downlo~1\mdd9q\p1lygc.exe (file missing)
juninho85
26-10-2007, 18:53
lancia avenger con questo script
Files to delete:
C:\WINDOWS\Downlonloaded Program Files\mdd9q\p1lygc.exe
lancia avenger con questo script
ho fatto la ricerca..sul mio notebook quel file e' come se non esistesse..io non so piu veramente cosa cavolo fare.
Chill-Out
26-10-2007, 19:17
ho fatto la ricerca..sul mio notebook quel file e' come se non esistesse..io non so piu veramente cosa cavolo fare.
e questo cos'è O23 - Service: Servizio nomi files (srvflsn) - Unknown owner - C:\WINDOWS\Downlo~1\mdd9q\p1lygc.exe (file missing)
ma avenger l'hai usato?
e questo cos'è O23 - Service: Servizio nomi files (srvflsn) - Unknown owner - C:\WINDOWS\Downlo~1\mdd9q\p1lygc.exe (file missing)
ma avenger l'hai usato?
l ho usato ma mi dice che non lo trova..
a questo punto lo fixo con hijack??
Chill-Out
26-10-2007, 19:21
l ho usato ma mi dice che non lo trova..
a questo punto lo fixo con hijack??
si
si
incredibile..ho fixato sia la 15 che il 23 singolo..ma si ripropongono al successivo controllo.pazzesco.
la ricerca dal menu non ha trovato questo file..avenger mi dice che non puo aprire un file che logicamente non trova.
:mbe: :stordita:
Chill-Out
26-10-2007, 19:29
incredibile..ho fixato sia la 15 che il 23 singolo..ma si ripropongono al successivo controllo.pazzesco.
la ricerca dal menu non ha trovato questo file..avenger mi dice che non puo aprire un file che logicamente non trova.
:mbe: :stordita:
Scarica Regseeker, copia e incolla qui una copia del registro di sistema, ci deve essere una chiave farlocca.
Scarica Regseeker, copia e incolla qui una copia del registro di sistema, ci deve essere una chiave farlocca.
forse hai ragione...cmq chiedo scusa..ho il programma gia aperto e lo avevo gia utilizzato sere fa!
cosa devo fare per farti vedere una copia??grazie.
ps: come ho riavviato il notebook asquared mi ha comunicato che c:\windows\explorer.exe e' un dialer!
ma non e' un file buono??non ha la "s".
juninho85
26-10-2007, 21:00
incredibile..ho fixato sia la 15 che il 23 singolo..ma si ripropongono al successivo controllo.pazzesco.
la ricerca dal menu non ha trovato questo file..avenger mi dice che non puo aprire un file che logicamente non trova.
:mbe: :stordita:
devi disabilitare il ripristino configurazione di sistema prima di procedere
Riverside
26-10-2007, 21:06
:( e dopo aver disabilitato il Ripristino configurazione di sistema fixa le voci comprese nella sezione O15 di Hthis.
Tieni il ripristino disabilitato, riavvia il sistema, rilancia HThis e controlla se si rigenerano o meno.
ci avevo gia pensato al ripristino.si rigerano anche disattivandolo...
ps:mi dite,per favore, come settare al meglio ccleaner?
Chill-Out
26-10-2007, 21:45
Scusa ma il ripristino di sistema avresti già dovuto disattivarlo vedi post #2
http://www.hwupgrade.it/forum/showpost.php?p=19287653&postcount=2
esporti una copia del registro.
Scusa ma il ripristino di sistema avresti già dovuto disattivarlo vedi post #2
http://www.hwupgrade.it/forum/showpost.php?p=19287653&postcount=2
esporti una copia del registro.
esatto chill-out...e' li che ho disattivato e da li e' rimasto sempre in quella maniera!;)
come ti esporto il registro???con quale procedimento?
Chill-Out
26-10-2007, 22:30
esatto chill-out...e' li che ho disattivato e da li e' rimasto sempre in quella maniera!;)
come ti esporto il registro???con quale procedimento?
con la funzione Backup
con la funzione Backup
chiedo scusa, ma con regseeker???
non so!!:help:
Chill-Out
26-10-2007, 22:46
chiedo scusa, ma con regseeker???
non so!!:help:
http://support.microsoft.com/kb/322756/it
lascia stare questa procedura se no non ne veniamo più fuori, lancia Regseeker utilizza la funzione di pulizia del registro e cerca voci inutili, dovresti trovare la stringa segnalata dal log di HijackThis o una voce del tipo: dial e una serie di numeri e lettere senza senso
N.B.: Attenzione! Controlla che la casella in basso “Copia delle voci rimosse” sia selezionata: potrete così ripristinare dal backup del programma voci e chiavi di registro eliminate per sbaglio
mi dite cortesemente come settare al meglio ccleaner!!????
ps: ho usato regseeker, ho eliminato la n.23 ed altre 3-4 kiavi sospette...
su hijackthis la 23 non compare piu.la trusted zone 015 persiste!
Chill-Out
27-10-2007, 11:02
mi dite cortesemente come settare al meglio ccleaner!!????
ps: ho usato regseeker, ho eliminato la n.23 ed altre 3-4 kiavi sospette...
su hijackthis la 23 non compare piu.la trusted zone 015 persiste!
015 ricompaiono anche dopo averle fixate??
Ccleaner -> clicca su opzione, avanzate, spunta la casella "Cancella file Windows Temp solo se più vecchi di 48 ore"
Riverside
27-10-2007, 11:43
mi dite cortesemente come settare al meglio ccleaner!!????
lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
● Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi su:
● Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
● alla voce Pulizia, spunta tutte le voci comprese nella sezione Avanzate
● nel menu a sinistra, clicca sulla voce Pulizia, clicca su tasto Avvia Pulizia per eseguire la scansione
● sempre nel menu a sinistra, clicca sulla voce Registro, spunta tutte le voci comprese nella sezione, clicca sul tasto Trova problemi ed avvia una scansione
● al termine della scansione clicca sulla voce Ripara selezionati e prosegui
015 ricompaiono anche dopo averle fixate??
Ccleaner -> clicca su opzione, avanzate, spunta la casella "Cancella file Windows Temp solo se più vecchi di 48 ore"
si ricampaiono subito dopo.Ovvero le fixo, esco..riavvio immediatamente dopo hijackthis e rispuntano..nel giro praticamente di 30 sec.
io no so piu che cosa pensare, la trusted zone (015) rimane.
ho usato tutto quello che potevo utilizzare..
mi devo arrendere?
una cosa e' certa, ho sempre eliminato queste cose da solo.
una cosa del genere non mi era mai successa.
allora ho scoperto delle istruzioni che mi dicevano di scaricare uno script per riparare la trusted zone:
"delldomains.inf"
L ho scaricato sul desktopo e installato con il tasto destro.
ora se faccio hijackthis gli 015 non escono piu!
perche ha funzionato???ora Il notebook e' guarito??!??:confused: :mbe: :cool:
ecco il log hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 16.44.49, on 27/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programmi\Arcade\PCMService.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\BenQ\QMusic2\QMAgent.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
C:\Programmi\USB Disk Win98 Driver\Res.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\QLink 1.0\devmonit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\pc\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QMusic] C:\Programmi\BenQ\QMusic2\QMAgent.exe
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programmi\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Monitor.lnk = C:\Programmi\QLink 1.0\devmonit.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76E708D5-4A6D-4124-86E1-028FE9F2FE80}: NameServer = 85.37.17.46 85.38.28.84
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
suggerimenti??
Riverside
27-10-2007, 17:01
allora ho scoperto delle istruzioni che mi dicevano di scaricare uno script per riparare la trusted zone:
Link alle istruzioni, per favore (può sempre tornare utile ad altri utenti).
In ogni caso se tu avessi svuotato la Cartella Prefetch in C:/Windows - o meglio se tu ti fossi degnato di seguire l'intera procedura che ti avevo indicato qui:
http://www.hwupgrade.it/forum/showpost.php?p=19303798&postcount=12
ci avresti e, avresti riparmiato un bel pò di tempo e non avresti avuto bisogno di andarti a cercare le istruzioni di cui stai parlando.
Per quanto riguarda il log di HTHIS sei quasi a posto: devi fixare queste voci:
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
aggiorna INTERNET EXPLORER:
clicca qui per il download (http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=it&SrcCategoryId=&SrcFamilyId=9ae91ebe-3385-447c-8a30-081805b2f90b&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f3%2f9%2f0%2f3907f96d-1bbd-499a-b6bd-5d69789ddb54%2fIE7-WindowsXP-x86-ita.exe)
installa JAVASUN: clicca qui per il download (http://www.java.com/it/)
allora ho fatto tutto la procedura che mi avete consigliato dal "primo" post ..
ecco il log dell'ultimissima scansione di hijackthis..:)
si puo dire che e' guarito il notebook??o no!?!
Logfile of HijackThis v1.99.1
Scan saved at 21.47.31, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programmi\Arcade\PCMService.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\BenQ\QMusic2\QMAgent.exe
C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
C:\Programmi\USB Disk Win98 Driver\Res.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\QLink 1.0\devmonit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\pc\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QMusic] C:\Programmi\BenQ\QMusic2\QMAgent.exe
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programmi\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Monitor.lnk = C:\Programmi\QLink 1.0\devmonit.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76E708D5-4A6D-4124-86E1-028FE9F2FE80}: NameServer = 85.37.17.46 85.38.28.84
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
Chill-Out
29-10-2007, 21:56
Sembra di si, riscontri ancora problemi? Cosa ne dici di installare un firewall software
Sembra di si, riscontri ancora problemi? Cosa ne dici di installare un firewall software
Pare, dico pare..nessun problema..
ho aggiornato anche ie7 e java..
firewall?su una linea a 56k va bene??non rallenta troppo il notebook??ho installato avira antivir intanto.:)
Chill-Out
29-10-2007, 22:23
Pare, dico pare..nessun problema..
bene
ho aggiornato anche ie7 e java..
ok
firewall?su una linea a 56k va bene??non rallenta troppo il notebook??
no
ok grazie tante!!!!veramente!!!
Chill-Out
29-10-2007, 22:45
ok grazie tante!!!!veramente!!!
prego ;)
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.