Ciao a tutti,qualcuno ha voglia di dare un occhiata al mio log? :)

Logfile of HijackThis v1.99.1
Scan saved at 10.31.38, on 08/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ASUS\NB Probe\NBProbe.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\Programmi\thomson\Dragdiag.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ASUS\Asus ChkMail\ChkMail.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\hrxn\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/?ned=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NB Probe] C:\Programmi\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\thomson\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: spmgr - Unknown owner - C:\Programmi\ASUS\NB Probe\SPM\spmgr.exe

nel primo post ce il link per analizzatore...

cmq è ok

tutto ok

Grazie ,non l'avevo visto nel primo post. :)

ciao,ho un problema con un trojan.alemod.
dopo averle provate tutte nn riesco ancora a eliminarlo, vi posto il log di hijack così magari qualcuno riesce a darmi una mano

Logfile of HijackThis v1.99.1
Scan saved at 16.28.13, on 08/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.12
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

controlla questo.
O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll

poi metti il SP2 e usa ewido e magari bitdefender al posto del norton che hai.
;)

già fatte entrambe le cose ma resiste il fetido

C:\WINDOWS\system32\pctspk.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

queste due sono relative a qualche programma installato da te?:D

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.12
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

si purtroppo

si purtroppo
come putroppo?:D
allora fixa pure quelle :D

fixati ma nn cambia assolutamente nulla

hai giò fatto qualche scan in modalità provvisoria?

scannato cn norton, bitdefender ewido.
mi sa ke parte il formattone olimpico

possibile che non esista nessun tool di rimozione?almeno sai qual'è il file infetto dal trojan?

si ma è una dll di windows: wininet.dll, impossibile da gestire pure in mod provvisoria, l'accesso è sempre negato

hai disabilitato il ripristino di sistema?

poi gli exe è meglio cancellarli manualmente

guardate ragazzi ho già provato di tutto, ma proprio tutto.
mi sono arreso ora formatto, tanto di dati da salvare nn ne ho tanti.
grazie a tutti x l'aiuto se qualcuno trova il modo di fargli il cul0 a questo bel trojan mi tenga aggiornaro

ricordati di mettere SP2 che è necessario per evitare questi problemi

e poi vedo che non hai un firewall ecco il motivo forse

ricordati di mettere SP2 che è necessario per evitare questi problemi

infatti
e sottolineo necessario

leggiti [URL=http://securityresponse.symantec.com/avcenter/venc/data/trojan.alemod.html]/questa] pagina ;)

infatti
e sottolineo necessario
anche il FW che non ha :D

doppio

leggiti questa (http://securityresponse.symantec.com/avcenter/venc/data/trojan.alemod.html) pagina ;)

anche il FW che non ha :D

vabbè dai con quello di xp almeno in rete ci sopravvive :D

vabbè dai con quello di xp almeno in rete ci sopravvive :D
con quello di SP1 sicuramente no :p

con quello di SP1 sicuramente no :p

concordo ;)

Questo è il mio log, chiedo un parere dato che ultimamente il PC appare "strano", specie quando utilizzo internet.

Logfile of HijackThis v1.99.1
Scan saved at 2.02.35, on 09/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5112.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MobileMeter\mobmeter.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\******\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - Startup: MobileMeter.lnk = C:\Program Files\MobileMeter\mobmeter.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O11 - Options group: [TABS] Tabbed Browsing
O17 - HKLM\System\CCS\Services\Tcpip\..\{65DDCAE6-EB69-458C-8B99-83A782DFCD46}: NameServer = 85.37.17.52 151.99.125.1
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - (no file)

Da notare:

- La voce "017" si riferisce a due IP del mio provider, Telecom, il primo è il "Provider Local Registry", il secondo è l'"InterBusiness Backbone", sono ok, vero ?!?
EDIT: Temo proprio di si :rolleyes:

- La prima "023", riferita ad un .exe di Macrovision.. cos'è ?!?
EDIT: Leggo solo ora dalla prima pagina che è ok :rolleyes:

- L'ultimo posso cancellarlo, dato che non c'è più il file ?!?
EDIT: Il fix lo elimina... ma allo scan successivo riappare :muro: :mbe: :stordita:

- Raxco è un defrag, dato che lo uso saltuariamente e mai in automatico... posso cancellare i servizi ?!?

- Perché ho due "C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe" ? Ed anche due "svchost.exe" ?!?

- Strano... sto usando eMule e non appare ! Forse perché eMule è in esecuzione come utente non privilegiato "eMule_Secure" ?!?

Grazie mille!

elimina:O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - (no file)

- L'ultimo posso cancellarlo, dato che non c'è più il file ?!?
EDIT: Il fix lo elimina... ma allo scan successivo riappare :muro: :mbe: :stordita: pulisci il registro ;)

- Raxco è un defrag, dato che lo uso saltuariamente e mai in automatico... posso cancellare i servizi ?!? cancellare no,impostalo su avvio manualw

- Perché ho due "C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe" ? Ed anche due "svchost.exe" ?!? anzi ritieni fortunato ad averne solo 2 :D

- Strano... sto usando eMule e non appare ! Forse perché eMule è in esecuzione come utente non privilegiato "eMule_Secure" ?!? non c'entra nulla ;)

? Ed anche due "svchost.exe" ?!?
io ne ho 6..ed è tutto ok..pensa tu il culo che hai ad averne solo 2!!! ;) ;)

elimina:O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - (no file)

- L'ultimo posso cancellarlo, dato che non c'è più il file ?!?
EDIT: Il fix lo elimina... ma allo scan successivo riappare :muro: :mbe: :stordita: pulisci il registro ;)

- Raxco è un defrag, dato che lo uso saltuariamente e mai in automatico... posso cancellare i servizi ?!? cancellare no,impostalo su avvio manualw

- Perché ho due "C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe" ? Ed anche due "svchost.exe" ?!? anzi ritieni fortunato ad averne solo 2 :D

- Strano... sto usando eMule e non appare ! Forse perché eMule è in esecuzione come utente non privilegiato "eMule_Secure" ?!? non c'entra nulla ;)

Ho provato a pulire il registro con RegClean, RegSeeker, RegSupreme, Ace utilities e CCleaner ma... la voce è sempre li e non si fa cancellare !

Per il problema che il processo di eMule non appare ? :muro: Nel task manager di Windows, invece, c'è ! :mbe:

Grazie per l'interessamento !

PS Mi consigliate un antispyware in particolare ?

Ho provato a pulire il registro con RegClean, RegSeeker, RegSupreme, Ace utilities e CCleaner ma... la voce è sempre li e non si fa cancellare ! controlla nei servizi di sistema di windows se c'è qualcosa di sospetto,non te lo rimuove perchè appunto quel servizio è in esecuzione ;)

Per il problema che il processo di eMule non appare ? :muro: Nel task manager di Windows, invece, c'è ! :mbe: non saprei,certo è che non è normale....

PS Mi consigliate un antispyware in particolare ?te ne dico 3,ognuno indispensabile:spyware blaster,ewido,spysweeper ;)

Ho provato a pulire il registro con RegClean, RegSeeker, RegSupreme, Ace utilities e CCleaner ma... la voce è sempre li e non si fa cancellare ! controlla nei servizi di sistema di windows se c'è qualcosa di sospetto,non te lo rimuove perchè appunto quel servizio è in esecuzione ;)

Per il problema che il processo di eMule non appare ? :muro: Nel task manager di Windows, invece, c'è ! :mbe: non saprei,certo è che non è normale....

PS Mi consigliate un antispyware in particolare ?te ne dico 3,ognuno indispensabile:spyware blaster,ewido,spysweeper ;)

Mmmhhh... il servizio c'è ma è in "manuale" e non era attivo ! Ora l'ho proprio disabilitato :confused:

Indagherò sul processo di eMule che non appare in HiJack :mc:

Spyware blaster lo uso già ! Ho provato Ewido (non ha trovato nulla!)... ora provo Spysweeper. Faccio bene a tenere Spybot e MS Antispyware ? :oink:

Grazie mille!

Mmmhhh... il servizio c'è ma è in "manuale" e non era attivo ! Ora l'ho proprio disabilitato :confused:

Indagherò sul processo di eMule che non appare in HiJack :mc:

Spyware blaster lo uso già ! Ho provato Ewido (non ha trovato nulla!)... ora provo Spysweeper. Faccio bene a tenere Spybot e MS Antispyware ? :oink:

Grazie mille!
io li ho tutti...devo dire che il migliore mi sembra ewido..seguito da spybot..

io li ho tutti...devo dire che il migliore mi sembra ewido..seguito da spybot..

infatti è il migliore
anche ms antispy è un buon prodotto

Ho provato a pulire il registro con RegClean, RegSeeker, RegSupreme, Ace utilities e CCleaner ma... la voce è sempre li e non si fa cancellare !

Per il problema che il processo di eMule non appare ? :muro: Nel task manager di Windows, invece, c'è ! :mbe:

Grazie per l'interessamento !

PS Mi consigliate un antispyware in particolare ?
ma il rispristino di sistema l'hai disabilitato?

ma il rispristino di sistema l'hai disabilitato?

Si l'ho disabilitato... perché ?!? :mbe:

Comunque ho disinstallato sia SpyBot che MS Antispyware per passare a Ewido 3.5 e Spy Sweeper 4.5, quest'ultimo lo utilizzo come residente in memoria.

Penso di tornare indietro, però. Anche se hanno belle funzioni: ewido usa anche metodi euristici per i rilevamenti, mentre Spy Sweeper ha un sacco di "scudi" :sofico: :sofico: :sofico:

Ewido non riesce a terminare uno scan o, meglio, forse lo termina ma alla fine esce sistematicamente dal programma :cry:

Spy Sweeper, sempre durante uno scan, si blocca analizzando la libreria "libnuv_plugin.dll." di VLC Media Player 0.8.4 beta2, il programma per le anteprime in eMule. :muro: :muro: :muro:

conta che hai disinstallato 2 programmi free per due a pagamento(o comunque non totalmente gratis;))

conta che hai disinstallato 2 programmi free per due a pagamento(o comunque non totalmente gratis;))

Ehm... :ciapet: :ciapet: :ciapet:

Comunque sono tornato indietro.

Grazie a tutti. :Prrr:

Bye.

..e ti conviene :D

Posto qui come è stato richiesto nel topic che ho fatto:


Logfile of HijackThis v1.99.1
Scan saved at 21.22.43, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Lyd\IMPOST~1\Temp\~AceTemp\hijackthis_199\HijackThis.exe
C:\Programmi\Empire\PVR Plus\PVR Plus\TVPlus.exe
C:\Programmi\Empire\PVR Plus\TVR\honestechTV.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmi\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EFE637F-A78F-468F-8EA8-4FC81C7E8AB8}: NameServer = 193.70.192.25 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe

Il log e' pulito.

ciao... qualkuno sa perchè metre navigo su internet mi ritrovo sempre delle pagine web che si aprono da sole?
il più delle volte sono delle pagine con uno strano motore di ricerca qwikylynx oppure hooowah e si aprono spessissimo tanto da farmi andare su tutte le furie.... ho provato spybot( aggiornato) pest patrol e fatto scansione antivirus di tutti i tipi anche in modalità provvisoria.... ma NULLA! non riesco a risolvere.... vi posto il log file di hijakthis nella speranza che almeno qualkuno di voi sappia come risolvere....!


Logfile of HijackThis v1.99.1
Scan saved at 13.49.06, on 11/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Mixer.exe
C:\Programmi\LifeView TVR\RecSche.exe
C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\NetLimiter\NetLimiter.exe
C:\Programmi\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe
C:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Netropa\Onscreen Display\OSD.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsq13.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasgeih.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmi\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RecSche] "C:\Programmi\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Q-CAM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [NetLimiter] C:\Programmi\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.EXE"
O4 - HKLM\..\Run: [Onflow] "C:\program files\onflow\uninstall onflow.exe" -ofpid
O4 - HKLM\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programmi\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Programmi\Banshee Screamer Alarm\alarm.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qdaoize.exe (file missing)



GRAZIE

C:\WINDOWS\NCLAUNCH.EXe
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsq13.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasgeih.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [Onflow] "C:\program files\onflow\uninstall onflow.exe" -ofpid
O4 - HKLM\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qdaoize.exe (file missing)

ok ...grazie...
ho fixato quello che hai detto e poi ho eliminato i file manualmente ed ora pare ke sia ok....
GRAZIE ancora!

ok ...grazie...
ho fixato quello che hai detto e poi ho eliminato i file manualmente ed ora pare ke sia ok....
GRAZIE ancora!
facci sapere ;)

Ciao a tutti,
qualcuno mi può controllare il log?
Non riesco a fixare IDriverT neppure in modalità provvisoria, ho cancellato la cartella in file comuni ma mi rimane. Keylogger l'ho installato io per provarlo.
Per il resto come va?
Grazie a tutti.

Logfile of HijackThis v1.99.1
Scan saved at 21.53.56, on 11/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\kelogit.exe
D:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
F:\Programmi BASE\HijackThis 1.99 Final\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WINKL] D:\Programmi\KeyLogger\KeyLogit.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{21CB840A-F764-41C7-8FBF-EF973530033D}: NameServer = 213.205.32.70 213.205.36.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{21CB840A-F764-41C7-8FBF-EF973530033D}: NameServer = 213.205.32.70 213.205.36.70
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Programmi\Sygate\SPF\smc.exe

Fixa:
C:\WINDOWS\system32\kelogit.exe
O4 - HKLM\..\Run: [WINKL] D:\Programmi\KeyLogger\KeyLogit.exe 1
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

Fai una scansione con ewido: http://download.ewido.net/ewido-setup.exe

C:\WINDOWS\system32\kelogit.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O4 - HKLM\..\Run: [WINKL] D:\Programmi\KeyLogger\KeyLogit.exe 1

ora ho in esecuzione ewido....ma IDriverT non lo riesco a fixxare! Il keylogit anche se l'ho installato io lo devo fixxare?

ora ho in esecuzione ewido....ma IDriverT non lo riesco a fixxare! Il keylogit anche se l'ho installato io lo devo fixxare?
se ti serve no ;)

ok fatta scansione con ewido. trovato spyware mediaplex subito cancellato......ma non riesco a fixxare IDriverT come faccio?

ma non riesco a fixxare IDriverT come faccio?
Ma in base al log che hai postato iDriverT gia' appare come ''file missing''. Perche' dici che non riesci a fixarlo?

mi dice che è missing perchè ho cancellato da file comuni la cartella in cui era contenuto....ma dal log non lo riesco a fix....come fa a leggerlo se non c'è?

mi dice che è missing perchè ho cancellato da file comuni la cartella in cui era contenuto....ma dal log non lo riesco a fix....come fa a leggerlo se non c'è?
Se hai gia' cancellato la cartella allora non ce l'hai piu'. Eventualmente dai una passata con CCleaner.

ok fatta scansione con ewido. trovato spyware mediaplex subito cancellato......ma non riesco a fixxare IDriverT come faccio?
in ogni caso non è nulla di preoccupante,sicuramente non riesci a fixarlo perchè il processo è in esecuzione ;)

mi dice che è missing perchè ho cancellato da file comuni la cartella in cui era contenuto....ma dal log non lo riesco a fix....come fa a leggerlo se non c'è?
infatti il log ti segnala il servizio di riferimento,non l'eseuibile ;)

Non riesco a fixare IDriverT neppure in modalità provvisoria, ho cancellato la cartella in file comuni ma mi rimane.
Comunque non capisco come mai tu abbia voluto eliminare iDriverT. E' legittimo e se non ti dava fastidio non avevi motivo di rimuoverlo.
http://castlecops.com/o23list-495.html
http://www.liutilities.com/products/wintaskspro/processlibrary/IDriverT/

ringrazio tutti per l'aiuto, IDriveT allora non lo fix. Grazie.

Salve a tutti, ho un grosso:
Dopo avere formattato il pc e installato i programmi di base (firefox 1.0.7), acrobat reader 7 Nero 6 norton 2005 (aggiornato), ad-aware (aggiornato), mi connetto in internet e dopo un po compare la schermata di errore di winxp per
ERASEME_(dei numeri che non ricordo).exe. Da quel momento in poi la connessione diventa lentissima (1/2 ora per aprire il forum). Provo a riformattare ed idem, ad eseguire scansioni con ad e norton e.... niente. Allora riavvio in modalità provvisoria ed eseguo HiJackthis e vi riporto il seguete log.


Logfile of HijackThis v1.99.1
Scan saved at 11.20.27, on 12/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SATARaid.lnk = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe


Qualcuno sa come posso risolvere il problema???

Grazie

Fixa:
R3 - Default URLSearchHook is missing
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Fai una scansione con ewido:http://download.ewido.net/ewido-setup.exe

Grazie andorra provo immediatamente!

ultimamente sto avendo un po di problemi..l'altro giorno microsoft antispyware mi ha trovato 2 trojan prontamente eliminati facendo una scansione cn il ripristino disabilitato..ma mi sembra che il pc abbia prob..è lento..boh...vedete se ci capite qcsa....


Logfile of HijackThis v1.99.1
Scan saved at 13.13.34, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\CachemanXP\CachemanXP.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\FlyNet\CnxDslTb.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\system32\uWDF.exe
C:\Documents and Settings\cdc\Desktop\utility\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\FlyNet\CnxDslTb.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8625357-801B-449B-B197-EDC09DA68DDA}: NameServer = 212.216.112.112 212.216.172.62
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Programmi\CachemanXP\CachemanXP.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmi\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Fixa:
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)

Ragazzi mi sono beccato qualcosa!! Qua di seguito ho postato il logfile di HT e i sintomi del problema sono in questo post:
http://www.hwupgrade.it/forum/showthread.php?t=1062038


Logfile of HijackThis v1.99.1
Scan saved at 12.24.06, on 12/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\MOZILLA FIREFOX\FIREFOX.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0411/

Grazie a tutti!!!

Ragazzi mi sono beccato qualcosa!! Qua di seguito ho postato il logfile di HT e i sintomi del problema sono in questo post:
http://www.hwupgrade.it/forum/showthread.php?t=1062038


Logfile of HijackThis v1.99.1
Scan saved at 12.24.06, on 12/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\MOZILLA FIREFOX\FIREFOX.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0411/

Grazie a tutti!!!

Fixa:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0411/

fai una scansione con Spybot.

Fixa:
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)
ehm..il primo sono cose di nod 32..sicuro che le devo fix?

ehm..il primo sono cose di nod 32..sicuro che le devo fix?
Se sei sicuro che sia del nod allora tienilo.

Ciao a tutti,
per piacere qualcuno mi può controllare il log? Continua a riavviarsi il computer cosa posso fare?

Logfile of HijackThis v1.99.1
Scan saved at 14.36.23, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
E:\Programmi\HijackThis 1.99 Final\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiscali.it/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O5 "LPT1:" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copia 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

Grazie

Il log e' pulito. Fai una scansione con bitdefender free: http://www.bitdefender.com/site/Download/downloadFile/340/EN/

Grazie alla prossima.

Grazie alla prossima.


Per chi si vuole controllare il log di Hjack da se..basta andare qui si copia e incolla il log e si clicca analizza...

http://www.ilsoftware.it/hijackthis.asp

per lognomo33 :

C:\WINDOWS\system32\uWDF.exe
O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)

il primo non lo conosco,il secondo fixalo ;)

per whiteshark

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

per lognomo33 :

C:\WINDOWS\system32\uWDF.exe



Questo non va fixato. E' un processo microsoft che si chiama Windows User-Mode Driver Framework. ;)

è vero:doh:

Fixa:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0411/

fai una scansione con Spybot.

Nada quel coso si è insiedato e non se ne vuole andare.HELP ME!!!

Nada quel coso si è insiedato e non se ne vuole andare.HELP ME!!!
Riprova in modalita' provvisoria.

Fatto in modalità provvisoria, ovviamente, ma nulla!!!! riposto il log completo:
Logfile of HijackThis v1.99.1
Scan saved at 11.27.16, on 13/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAMMI\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\WINDOWS\DESKTOP\UTORRENT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0411/
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\TOOLS\IESDSG.DLL
O4 - HKCU\..\Run: [Startup Manager] C:\WINDOWS\Application Data\Systweak\ASO 2\smSTARTUP MANAGER.exe
O4 - HKCU\..\RunServices: [Startup Manager] C:\WINDOWS\Application Data\Systweak\ASO 2\smSTARTUP MANAGER.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\TOOLS\IESDPB.DLL

hai provato a editarla manualmente?

hai provato a editarla manualmente?

ovvero???

ovvero???
ovvero vai su start/esegui,digiti "regedit" e piggi invio,dopodichè vai al percorso della chiave che non riesci a editare,anche se penso che il problma sia dovuto a qualche file che ti ripristina quella impostazione

ovvero vai su start/esegui,digiti "regedit" e piggi invio,dopodichè vai al percorso della chiave che non riesci a editare,anche se penso che il problma sia dovuto a qualche file che ti ripristina quella impostazione

Ok, seguendo l'indirizzo nelle chiavi di registro non c'è: http://www.newgenlook.info/ad/ad0411/
ma questo (penso che sia l'indirizzo giusto)
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

Non capisco perchè e non so cosa fare!!!!!

Ok, seguendo l'indirizzo nelle chiavi di registro non c'è: http://www.newgenlook.info/ad/ad0411/
ma questo (penso che sia l'indirizzo giusto)
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

Non capisco perchè e non so cosa fare!!!!!
Fai una scansione con spybot.

Me la date una controllatina, grazie... :)

Logfile of HijackThis v1.99.1
Scan saved at 18.45.18, on 14/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\dede\IMPOST~1\Temp\Rar$EX00.833\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe

Il log e' pulito. :)

mi sa che ti manca il firewall? o usi il router o quello di Xp^? :)

Questo è il mio log chi di voi è così gentile da farmi capire cosa devo eliminare dal mio log?

Logfile of HijackThis v1.99.1
Scan saved at 21.33.55, on 14/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CAP3RSK.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\tuneplayer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\msmedia32.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\frankosho\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\System32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sqlREG] C:\tuneplayer.exe
O4 - Global Startup: Finestra di stato di Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126387304784
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MssengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WinMedia - Unknown owner - C:\WINDOWS\msmedia32.exe

installa subito Service PAck 2

poi installa ewido www.filehippo.com

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares...ysb_regular.cab

Da fixare anche queste:
C:\tuneplayer.exe
C:\WINDOWS\msmedia32.exe
O4 - HKLM\..\Run: [sqlREG] C:\tuneplayer.exe
O23 - Service: WinMedia - Unknown owner - C:\WINDOWS\msmedia32.exe

come da info posto il mio log

Logfile of HijackThis v1.99.1
Scan saved at 0.41.08, on 16/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\PestPatrol\PPControl.exe
C:\Programmi\PestPatrol\PPMemCheck.exe
C:\Programmi\PestPatrol\CookiePatrol.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Yahoo!\Messenger\ypager.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\Programmi\Winamp\winamp.exe
C:\mIRC\mirc.exe
C:\Programmi\ABC\ABC.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\Sports Interactive\Football Manager 2006\fm.exe
C:\DOCUME~1\Matteo\IMPOST~1\Temp\~e5.0001
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.file-webber.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.file-webber.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazzetta.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 195.158.172.121 www.file-webber.de
O1 - Hosts: 195.158.172.121 file-webber.de
O1 - Hosts: 195.158.172.121 www-google.ae
O1 - Hosts: 195.158.172.121 www-google.as
O1 - Hosts: 195.158.172.121 www-google.at
O1 - Hosts: 195.158.172.121 www-google.au
O1 - Hosts: 195.158.172.121 www-google.bi
O1 - Hosts: 195.158.172.121 www-google.br
O1 - Hosts: 195.158.172.121 www-google.ca
O1 - Hosts: 195.158.172.121 www-google.cc
O1 - Hosts: 195.158.172.121 www-google.cd
O1 - Hosts: 195.158.172.121 www-google.cg
O1 - Hosts: 195.158.172.121 www-google.ch
O1 - Hosts: 195.158.172.121 www-google.cl
O1 - Hosts: 195.158.172.121 www-google.co.cr
O1 - Hosts: 195.158.172.121 www-google.co.gg
O1 - Hosts: 195.158.172.121 www-google.co.hu
O1 - Hosts: 195.158.172.121 www-google.co.il
O1 - Hosts: 195.158.172.121 www-google.co.in
O1 - Hosts: 195.158.172.121 www-google.co.je
O1 - Hosts: 195.158.172.121 www-google.co.jp
O1 - Hosts: 195.158.172.121 www-google.co.kr
O1 - Hosts: 195.158.172.121 www-google.co.ls
O1 - Hosts: 195.158.172.121 www-google.co.nz
O1 - Hosts: 195.158.172.121 www-google.com
O1 - Hosts: 195.158.172.121 www-google.com.ae
O1 - Hosts: 195.158.172.121 www-google.com.au
O1 - Hosts: 195.158.172.121 www-google.com.ca
O1 - Hosts: 195.158.172.121 www-google.com.do
O1 - Hosts: 195.158.172.121 www-google.com.fj
O1 - Hosts: 195.158.172.121 www-google.com.gr
O1 - Hosts: 195.158.172.121 www-google.com.ly
O1 - Hosts: 195.158.172.121 www-google.com.mt
O1 - Hosts: 195.158.172.121 www-google.com.my
O1 - Hosts: 195.158.172.121 www-google.com.nf
O1 - Hosts: 195.158.172.121 www-google.com.ni
O1 - Hosts: 195.158.172.121 www-google.com.pa
O1 - Hosts: 195.158.172.121 www-google.com.pe
O1 - Hosts: 195.158.172.121 www-google.com.pk
O1 - Hosts: 195.158.172.121 www-google.com.pr
O1 - Hosts: 195.158.172.121 www-google.com.py
O1 - Hosts: 195.158.172.121 www-google.com.ru
O1 - Hosts: 195.158.172.121 www-google.com.sg
O1 - Hosts: 195.158.172.121 www-google.com.sv
O1 - Hosts: 195.158.172.121 www-google.com.tr
O1 - Hosts: 195.158.172.121 www-google.com.tw
O1 - Hosts: 195.158.172.121 www-google.com.vc
O1 - Hosts: 195.158.172.121 www-google.com.vn
O1 - Hosts: 195.158.172.121 www-google.cr
O1 - Hosts: 195.158.172.121 www-google.de
O1 - Hosts: 195.158.172.121 www-google.dj
O1 - Hosts: 195.158.172.121 www-google.do
O1 - Hosts: 195.158.172.121 www-google.es
O1 - Hosts: 195.158.172.121 www-google.fj
O1 - Hosts: 195.158.172.121 www-google.fr
O1 - Hosts: 195.158.172.121 www-google.gg
O1 - Hosts: 195.158.172.121 www-google.gl
O1 - Hosts: 195.158.172.121 www-google.gm
O1 - Hosts: 195.158.172.121 www-google.gr
O1 - Hosts: 195.158.172.121 www-google.hn
O1 - Hosts: 195.158.172.121 www-google.hu
O1 - Hosts: 195.158.172.121 www-google.ie
O1 - Hosts: 195.158.172.121 www-google.il
O1 - Hosts: 195.158.172.121 www-google.in
O1 - Hosts: 195.158.172.121 www-google.it
O1 - Hosts: 195.158.172.121 www-google.je
O1 - Hosts: 195.158.172.121 www-google.jp
O1 - Hosts: 195.158.172.121 www-google.kr
O1 - Hosts: 195.158.172.121 www-google.kz
O1 - Hosts: 195.158.172.121 www-google.ls
O1 - Hosts: 195.158.172.121 www-google.lt
O1 - Hosts: 195.158.172.121 www-google.lu
O1 - Hosts: 195.158.172.121 www-google.lv
O1 - Hosts: 195.158.172.121 www-google.ly
O1 - Hosts: 195.158.172.121 www-google.mt
O1 - Hosts: 195.158.172.121 www-google.mu
O1 - Hosts: 195.158.172.121 www-google.mw
O1 - Hosts: 195.158.172.121 www-google.my
O1 - Hosts: 195.158.172.121 www-google.nf
O1 - Hosts: 195.158.172.121 www-google.ni
O1 - Hosts: 195.158.172.121 www-google.nl
O1 - Hosts: 195.158.172.121 www-google.nz
O1 - Hosts: 195.158.172.121 www-google.pa
O1 - Hosts: 195.158.172.121 www-google.pe
O1 - Hosts: 195.158.172.121 www-google.pk
O1 - Hosts: 195.158.172.121 www-google.pl
O1 - Hosts: 195.158.172.121 www-google.pn
O1 - Hosts: 195.158.172.121 www-google.pr
O1 - Hosts: 195.158.172.121 www-google.pt
O1 - Hosts: 195.158.172.121 www-google.py
O1 - Hosts: 195.158.172.121 www-google.ru
O1 - Hosts: 195.158.172.121 www-google.rw
O1 - Hosts: 195.158.172.121 www-google.se
O1 - Hosts: 195.158.172.121 www-google.sg
O1 - Hosts: 195.158.172.121 www-google.sh
O1 - Hosts: 195.158.172.121 www-google.sk
O1 - Hosts: 195.158.172.121 www-google.sm
O1 - Hosts: 195.158.172.121 www-google.sv
O1 - Hosts: 195.158.172.121 www-google.td
O1 - Hosts: 195.158.172.121 www-google.tr
O1 - Hosts: 195.158.172.121 www-google.tw
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Programmi\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKLM\..\Run: [Logitechs] Logitechs.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmi\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programmi\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\RunServices: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKLM\..\RunServices: [Logitechs] Logitechs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MS MSN Menssenger 7.0] MSMSN7.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmi\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - C:\Programmi\crazyvegasMPP\MPPoker.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Avvio\Programmi\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Avvio\Programmi\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.venkplay.ro
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00000000-0023-0000-5400-320020040070} - http://66.240.181.129/gs/gsa0691.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c18.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.riverbelle.com/download_helper/Nyoko.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115558842335
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c3.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_1325_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{56240682-BC8E-45D8-8CBB-C1840C453842}: NameServer = 62.211.69.150 212.48.4.15
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe

C:\Programmi\ABC\ABC.exe (mi è sconosciuto)


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.file-webber.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.file-webber.de
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 195.158.172.121 www.file-webber.de
O1 - Hosts: 195.158.172.121 file-webber.de
O1 - Hosts: 195.158.172.121 www-google.ae
O1 - Hosts: 195.158.172.121 www-google.as
O1 - Hosts: 195.158.172.121 www-google.at
O1 - Hosts: 195.158.172.121 www-google.au
O1 - Hosts: 195.158.172.121 www-google.bi
O1 - Hosts: 195.158.172.121 www-google.br
O1 - Hosts: 195.158.172.121 www-google.ca
O1 - Hosts: 195.158.172.121 www-google.cc
O1 - Hosts: 195.158.172.121 www-google.cd
O1 - Hosts: 195.158.172.121 www-google.cg
O1 - Hosts: 195.158.172.121 www-google.ch
O1 - Hosts: 195.158.172.121 www-google.cl
O1 - Hosts: 195.158.172.121 www-google.co.cr
O1 - Hosts: 195.158.172.121 www-google.co.gg
O1 - Hosts: 195.158.172.121 www-google.co.hu
O1 - Hosts: 195.158.172.121 www-google.co.il
O1 - Hosts: 195.158.172.121 www-google.co.in
O1 - Hosts: 195.158.172.121 www-google.co.je
O1 - Hosts: 195.158.172.121 www-google.co.jp
O1 - Hosts: 195.158.172.121 www-google.co.kr
O1 - Hosts: 195.158.172.121 www-google.co.ls
O1 - Hosts: 195.158.172.121 www-google.co.nz
O1 - Hosts: 195.158.172.121 www-google.com
O1 - Hosts: 195.158.172.121 www-google.com.ae
O1 - Hosts: 195.158.172.121 www-google.com.au
O1 - Hosts: 195.158.172.121 www-google.com.ca
O1 - Hosts: 195.158.172.121 www-google.com.do
O1 - Hosts: 195.158.172.121 www-google.com.fj
O1 - Hosts: 195.158.172.121 www-google.com.gr
O1 - Hosts: 195.158.172.121 www-google.com.ly
O1 - Hosts: 195.158.172.121 www-google.com.mt
O1 - Hosts: 195.158.172.121 www-google.com.my
O1 - Hosts: 195.158.172.121 www-google.com.nf
O1 - Hosts: 195.158.172.121 www-google.com.ni
O1 - Hosts: 195.158.172.121 www-google.com.pa
O1 - Hosts: 195.158.172.121 www-google.com.pe
O1 - Hosts: 195.158.172.121 www-google.com.pk
O1 - Hosts: 195.158.172.121 www-google.com.pr
O1 - Hosts: 195.158.172.121 www-google.com.py
O1 - Hosts: 195.158.172.121 www-google.com.ru
O1 - Hosts: 195.158.172.121 www-google.com.sg
O1 - Hosts: 195.158.172.121 www-google.com.sv
O1 - Hosts: 195.158.172.121 www-google.com.tr
O1 - Hosts: 195.158.172.121 www-google.com.tw
O1 - Hosts: 195.158.172.121 www-google.com.vc
O1 - Hosts: 195.158.172.121 www-google.com.vn
O1 - Hosts: 195.158.172.121 www-google.cr
O1 - Hosts: 195.158.172.121 www-google.de
O1 - Hosts: 195.158.172.121 www-google.dj
O1 - Hosts: 195.158.172.121 www-google.do
O1 - Hosts: 195.158.172.121 www-google.es
O1 - Hosts: 195.158.172.121 www-google.fj
O1 - Hosts: 195.158.172.121 www-google.fr
O1 - Hosts: 195.158.172.121 www-google.gg
O1 - Hosts: 195.158.172.121 www-google.gl
O1 - Hosts: 195.158.172.121 www-google.gm
O1 - Hosts: 195.158.172.121 www-google.gr
O1 - Hosts: 195.158.172.121 www-google.hn
O1 - Hosts: 195.158.172.121 www-google.hu
O1 - Hosts: 195.158.172.121 www-google.ie
O1 - Hosts: 195.158.172.121 www-google.il
O1 - Hosts: 195.158.172.121 www-google.in
O1 - Hosts: 195.158.172.121 www-google.it
O1 - Hosts: 195.158.172.121 www-google.je
O1 - Hosts: 195.158.172.121 www-google.jp
O1 - Hosts: 195.158.172.121 www-google.kr
O1 - Hosts: 195.158.172.121 www-google.kz
O1 - Hosts: 195.158.172.121 www-google.ls
O1 - Hosts: 195.158.172.121 www-google.lt
O1 - Hosts: 195.158.172.121 www-google.lu
O1 - Hosts: 195.158.172.121 www-google.lv
O1 - Hosts: 195.158.172.121 www-google.ly
O1 - Hosts: 195.158.172.121 www-google.mt
O1 - Hosts: 195.158.172.121 www-google.mu
O1 - Hosts: 195.158.172.121 www-google.mw
O1 - Hosts: 195.158.172.121 www-google.my
O1 - Hosts: 195.158.172.121 www-google.nf
O1 - Hosts: 195.158.172.121 www-google.ni
O1 - Hosts: 195.158.172.121 www-google.nl
O1 - Hosts: 195.158.172.121 www-google.nz
O1 - Hosts: 195.158.172.121 www-google.pa
O1 - Hosts: 195.158.172.121 www-google.pe
O1 - Hosts: 195.158.172.121 www-google.pk
O1 - Hosts: 195.158.172.121 www-google.pl
O1 - Hosts: 195.158.172.121 www-google.pn
O1 - Hosts: 195.158.172.121 www-google.pr
O1 - Hosts: 195.158.172.121 www-google.pt
O1 - Hosts: 195.158.172.121 www-google.py
O1 - Hosts: 195.158.172.121 www-google.ru
O1 - Hosts: 195.158.172.121 www-google.rw
O1 - Hosts: 195.158.172.121 www-google.se
O1 - Hosts: 195.158.172.121 www-google.sg
O1 - Hosts: 195.158.172.121 www-google.sh
O1 - Hosts: 195.158.172.121 www-google.sk
O1 - Hosts: 195.158.172.121 www-google.sm
O1 - Hosts: 195.158.172.121 www-google.sv
O1 - Hosts: 195.158.172.121 www-google.td
O1 - Hosts: 195.158.172.121 www-google.tr
O1 - Hosts: 195.158.172.121 www-google.tw
O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - C:\Programmi\crazyvegasMPP\MPPoker.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Avvio\Programmi\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Avvio\Programmi\Absolute Poker\Absolute Poker.lnk
O15 - Trusted Zone: http://www.venkplay.ro
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00000000-0023-0000-5400-320020040070} - http://66.240.181.129/gs/gsa0691.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c18.cab
http://www.riverbelle.com/download_helper/Nyoko.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c3.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_1325_it.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

vedo che ha provveduto juninho ad analizzare il log che velocità... :D


però digli che deve fixare quello che gli hai segnato.

ho un pc che dopo una, due ore di utilizzo, specie se collegato a internet, comincia paurosamente a rallentare. questo è il log di hijackthis con pc in piena crisi. non so se sia in realtà un problema hardware. grazie.

Logfile of HijackThis v1.99.1
Scan saved at 0.33.55, on 16/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\winjava.exe
C:\WINNT\System32\pnpmgr.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\MSN Apps\Updater\01.03.0000.1005\it\msnappau.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\C6 Messenger\c6Messenger.exe
C:\antivirus\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://it.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://it.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://it.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe
O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\Run: [svcdata.exe] svcdata.exe
O4 - HKLM\..\Run: [MICROSFT RAMA UPDATE SUPPORT] MSED32.EXE
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\System32\winIogon.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.03.0000.1005\it\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [svcdata.exe] svcdata.exe
O4 - HKLM\..\RunServices: [MICROSFT RAMA UPDATE SUPPORT] MSED32.EXE
O4 - HKCU\..\Run: [svcdata.exe] svcdata.exe
O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Alice - {86B6D531-EED9-424F-82F7-8E41F7EAE5EB} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131303853730
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/download/DownloaderActiveX.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINNT\System32\dfrgfat32.exe (file missing)
O23 - Service: Enables Java Support (Java) - Unknown owner - C:\WINNT\System32\winjava.exe
O23 - Service: Universal Plug and Play Manager (PnP Manager) - Unknown owner - C:\WINNT\System32\pnpmgr.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Remote Procedure Call (RPC) Monitoring (RpcMon) - Unknown owner - C:\WINNT\System32\Rpcmon.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE

C:\WINNT\System32\winjava.exe
C:\WINNT\System32\pnpmgr.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O4 - HKLM\..\Run: [svcdata.exe] svcdata.exe
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] taskmngrs.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [svcdata.exe] svcdata.exe
O4 - HKLM\..\RunServices: [MICROSFT RAMA UPDATE SUPPORT] MSED32.EXE
O4 - HKCU\..\Run: [svcdata.exe] svcdata.exe
O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] IEXPL0RE.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Alice - {86B6D531-EED9-424F-82F7-8E41F7EAE5EB} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINNT\System32\dfrgfat32.exe (file missing)
O23 - Service: Enables Java Support (Java) - Unknown owner - C:\WINNT\System32\winjava.exe
O23 - Service: Remote Procedure Call (RPC) Monitoring (RpcMon) - Unknown owner - C:\WINNT\System32\Rpcmon.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE


per me tutte queste sono di dubbia provenienza...voi che dite?

vedo che ha provveduto juninho ad analizzare il log che velocità... :D


però digli che deve fixare quello che gli hai segnato.
quello è sottointeso :stordita:

vi sottopongo il mio log di hijackthis, ho già provato una marea di programmi antispyware e suit come kaspersky o pc cillin 12 ma continuo ad avere spywares che mi presentano finestre di popup, sia con IE che con Firefox.
Se lascio il pc collegato ad internet ma fermo immobile al desktop, pian piano mi appaiono popup su popup, sia in IE che Firefox.
Se da task manager chiudo svariati processi e lascio solo quelli di sistema (che non mi fa terminare) il problema continua....... :cry:

Potete darmi una mano o inizio a cantare un "de prufundis" a questo win?



Logfile of HijackThis v1.99.1
Scan saved at 9.12.24, on 17/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\ewido\security suite\ewidoctrl.exe
D:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
D:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
D:\Programmi\QuickTime\qttask.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Programmi\Microsoft AntiSpyware\gcasServ.exe
D:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
D:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
D:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Everest Labs\Spydefense\sdc.exe
C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programmi\PDF-XChangeSDKEU\PDFSaver.exe
D:\Programmi\Wacom\TabUserW.exe
D:\Programmi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - D:\PROGRA~1\COPERN~2\COPERN~1.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\PROGRA~1\COPERN~2\COPERN~1.DLL
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [gcasServ] "D:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NBJ] "D:\Programmi\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpyDefense] C:\Programmi\Everest Labs\Spydefense\sdc.exe /service
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = D:\Programmi\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: PDF-Capture.lnk = C:\Programmi\PDF-XChangeSDKEU\PDFSaver.exe
O4 - Global Startup: TabUserW.lnk = D:\Programmi\Wacom\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://D:\Programmi\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.flcgil.it
O15 - Trusted Zone: http://www.istruzione.it
O15 - Trusted Zone: http://www.trenitalia.it
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...b?1123057265750
O17 - HKLM\System\CCS\Services\Tcpip\..\{A42C95D7-0904-4BD1-81E6-CF7CE5A34E3A}: NameServer = 151.99.125.2,217.22.228.131
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\clmctl32.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\irj2l51o1.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\kmdazel.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

"La formattazione salverà le nostre anime."

(Terzo Testamento)

In ogni caso anch'io utilizzo Kasper ma non ho questo file (utilizzo Kaspersky Anti-Virus Personal Pro 5.0):

C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
EDIT: Solo ora vedo che tu hai l'anti-hacker...

O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\clmctl32.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\irj2l51o1.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\kmdazel.dll (file missing)
O15 - Trusted Zone: http://www.flcgil.it
O15 - Trusted Zone: http://www.istruzione.it
O15 - Trusted Zone: http://www.trenitalia.it
:)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\irj2l51o1.dll


disabilita il servizio di sistema di windows "messenger"

Fixate le righe da Voi citate.....
Terminato il servizio di messenger in background
Il problema si presenta acora.

Ormai la soluzione è rimasta una......format c:

una cosa:se hai il service pack 2 puoi bloccare da windows i popup,anche con firefox non dovresti avere problemi e bloccargli in automatico...sempre che si tratti di popup e non finestre ;)

Fixate le righe da Voi citate.....
Terminato il servizio di messenger in background
Il problema si presenta acora.

Ormai la soluzione è rimasta una......format c:
hai disabilitato il ripristino di sistema? se no fallo e vai in modalità prov a fixarli e poi nei back up di Hijackthis cancellali

cmq il problema è il file DLL :)

un'altra cosa:sicuro di aver disabilitato "messenger" e non "windows messenger"?

Ragazzi chi mi sa spiegare la voce 017 del mio log,usando l'analizzatore mi dice che è una voce sospetta e di verificare se gli indirizzi ip dei server appartengono alla mia rete o cose del genere,ho fatto una ricerca con google e il primo indirizzo ip mi porta ad una pagina internet con scritto"SITO INTERDETTO",che cavolo vuol dire???? preciso che una settimana fa ho dovuto formattare perchè il pc dava i numeri e in più quando mi collegavo al sto delle poste mi sembrava un sito clone dell'originale!comunque antivirus ewido,a-squared,ad-aware non hanno mai trovato nulla...

gfile of HijackThis v1.99.1
Scan saved at 7.21.48, on 18/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\Programmi\TIM UMTS Turbo Manager\TIM Turbo Manager.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\alessandro guarneri\Menu Avvio\Programmi\Internet\sicurezza internet\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hwupgrade.it/forum/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Programmi\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Programmi\Netcraft Toolbar\nctb.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Programmi\Trust\Ami Mouse 250S Series 2.0\mouse32a.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Invia a &Bluetooth - c:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131813490062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126212483796
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2597E03E-D1BF-478C-9943-3321D6FC638C}: NameServer = 213.230.128.222 213.230.129.94
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmi\File comuni\LightScribe\LSSrvc.exe

aggiungo che analizzando meglio l'indirizzo ip da un link di questo thread ho scoperto trattarsi del server della tim(io infatti ho una connessione tim umts),il problema è però che ora che mi ricordo bene quella voce 017 l'avevo già fixata e infatti se clicco su ulteriori inf della riga 017 mi dice alla fine
(action taken:Registry value is deleted),significa cioè che ho eliminato quella voce nel registro e se cosi' fosse che dovrei fare?
anche perchè dopo la formattazione(che in realtà è stata solo la sostituzione dei fali danneggiati tramite il cd di windows tramite la console di emergenza che ha fatto un mio amico pratico di pc)noto un rallentamento nell'apertura delle pagine web che prima non avevo,qualche idea su cosa dovrei fare?
(cioè devo ricreare la voce nel registro o forse creare una nuova connessione a internet con gli stessi parametri della attuale....?)

cut
il log è ok,quegli IP puo ianche non cancellarli,sono i dns del tuo provider ;)

Logfile of HijackThis v1.99.1
Scan saved at 21.16.02, on 18/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\User\Desktop\sicurezza pc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{836245A8-B348-48E7-B6D0-AB941F99EB00}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
questo è il log appena fatto...
c'è qualke speranza per il malato???

Il log e' pulito.

nn so se essere contento o meno.....
da cosa potrebbe dipendere questa difficoltà di navigazione o impossibilità di aprire alcuni siti?

Il mio log è ok?
grazie ;)

Logfile of HijackThis v1.99.1
Scan saved at 21.54.00, on 18/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Programmi\RedLine\Taskbar.exe
D:\Programmi\HP\hpcoretech\hpcmpmgr.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programmi\redline\gameutil.exe
D:\Programmi\BOINC\boincmgr.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\BOINC\projects\boinc.bakerlab.org_rosetta\rosetta_4.79_windows_intelx86.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\MSN Messenger\msnmsgr.exe
D:\Programmi\Windows Media Player\wmplayer.exe
D:\Documents and Settings\Valuk\Desktop\HijackThis1991.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RedLine Taskbar] D:\Programmi\RedLine\Taskbar.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: BOINC Manager.lnk = D:\Programmi\BOINC\boincmgr.exe
O4 - Global Startup: gameutil.exe.lnk = ?
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124526901942
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2F0880-5806-4EBD-B287-17BAF7979214}: NameServer = 85.37.17.14 151.99.125.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: BOINC - Space Sciences Laboratory - D:\Programmi\BOINC\boinc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

nn so se essere contento o meno.....
da cosa potrebbe dipendere questa difficoltà di navigazione o impossibilità di aprire alcuni siti?
Hai installato di recente qualche programma particolare?

scusate ma se per sbaglio si fixa una voce che succede?io per errore come ho già detto ho fixato la riga 017 (erano gli indirizzi ip del provider tim.....)e nel mio log guardando maggiori inf. su questa riga mi si dice alla fine:(action taken:Registry key is deleted)cosa significa?
ho fatto danni?e poi se una fixa una voce questa nei log successivi non dovrebbe sparire dal log?
tra l'altro ora la mia connessione è rallentata,c'è un nesso?

Il mio log è ok?
grazie ;)

Logfile of HijackThis v1.99.1
Scan saved at 21.54.00, on 18/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Programmi\RedLine\Taskbar.exe
D:\Programmi\HP\hpcoretech\hpcmpmgr.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programmi\redline\gameutil.exe
D:\Programmi\BOINC\boincmgr.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\BOINC\projects\boinc.bakerlab.org_rosetta\rosetta_4.79_windows_intelx86.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\MSN Messenger\msnmsgr.exe
D:\Programmi\Windows Media Player\wmplayer.exe
D:\Documents and Settings\Valuk\Desktop\HijackThis1991.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RedLine Taskbar] D:\Programmi\RedLine\Taskbar.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: BOINC Manager.lnk = D:\Programmi\BOINC\boincmgr.exe
O4 - Global Startup: gameutil.exe.lnk = ?
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124526901942
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2F0880-5806-4EBD-B287-17BAF7979214}: NameServer = 85.37.17.14 151.99.125.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: BOINC - Space Sciences Laboratory - D:\Programmi\BOINC\boinc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe


Il log e' ok.

Grazie :)

scusate ma se per sbaglio si fixa una voce che succede?io per errore come ho già detto ho fixato la riga 017 (erano gli indirizzi ip del provider tim.....)e nel mio log guardando maggiori inf. su questa riga mi si dice alla fine:(action taken:Registry key is deleted)cosa significa?
ho fatto danni?e poi se una fixa una voce questa nei log successivi non dovrebbe sparire dal log?
tra l'altro ora la mia connessione è rallentata,c'è un nesso?
Tutto cio' che fixi con hijackthis puoi facilmente ripristinarlo perche' hijackthis di default crea il backup.

scusate tanto, credo che questo sia il posto giusto ove postare il mio log, non ci capisco un granche ed ho bisogno che qualcuno mi dica che problemi ho al mio pc..

posto di seguito il mio log, vi prego di aiutarmi, grazie.


Logfile of HijackThis v1.99.1
Scan saved at 22.20.57, on 18/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ZPOINT32.exe
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmi\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wisptis.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Norton AntiVirus\OPScan.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\mauro\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [\\PORTATILE\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P43 "\\PORTATILE\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Opware12] "C:\Programmi\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows AdControl] C:\Documents and Settings\mauro\Desktop\download DAP\WinAdCtl.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AFDC9D4-FEFE-4CFC-A89E-C2E9D8396371}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

"Tutto cio' che fixi con hijackthis puoi facilmente ripristinarlo perche' hijackthis di default crea il backup"

scusa andorra ma dov'è il backup?nella casella backup quando eseguo hijackthis.exe la pagina è vuota?

scusate tanto, credo che questo sia il posto giusto ove postare il mio log, non ci capisco un granche ed ho bisogno che qualcuno mi dica che problemi ho al mio pc..

posto di seguito il mio log, vi prego di aiutarmi, grazie.


Logfile of HijackThis v1.99.1
Scan saved at 22.20.57, on 18/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ZPOINT32.exe
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmi\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wisptis.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Norton AntiVirus\OPScan.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\mauro\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [\\PORTATILE\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P43 "\\PORTATILE\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Opware12] "C:\Programmi\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows AdControl] C:\Documents and Settings\mauro\Desktop\download DAP\WinAdCtl.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\Programmi\Star Downloader\sdie.htm
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AFDC9D4-FEFE-4CFC-A89E-C2E9D8396371}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe


Fixa questa:
O4 - HKLM\..\Run: [Windows AdControl] C:\Documents and Settings\mauro\Desktop\download DAP\WinAdCtl.exe

ti consiglio di scansionare su jotti questo file per vedere se e' pulito ''Wintab32.exe'' : http://virusscan.jotti.org/

ho visto che hai messengerplus. Ti sei ricordato di togliere l'adware (cioe' lo sponsor) durante l'installazione?

fatto tutto ciò che mi hai detto...
fixato e scansionato il file, sembra ok..

si, non ho installato lo sponsor col messengerplus..

grazie mille

Scusate, mi hanno consigliato di spostare qui:
Ho avuto un crash di sistema,formattato e reinstallato;connesso ad internet,aggiornato antivirus,dopo un pò,l'antivirus mi ha rilevato e messo nel cestino i seguenti:
1- winabra.exe
C\WINDOWS\System32\
Trojan horse IRC\BackDoor.SdBot.GSK
2- System.exe
C\WINDOWS\System32\
Trojan horse BackDoor.Generic.TZZ
3- A0000955.exe
C\System Volume Information\restore
Trojan Horse IRC\BackDoor.SdBot.GSK
4- msnmsgs.exe
C\WINDOWS\System32\
Could be infected Packed.gen
5- eraseme_58702.exe
C\WINDOWS\System32\
Trojan HorseIRC\BackDoor.SdBot.NPA
6- scvhost9.exe
C\WINDOWS\System32\
Trojan horse IRC\BackDoor.SdBot.FHQ
7- md32.exe
C\WINDOWS\System32\
Trojan horseIRC\BackDoor.SdBot.186.AD
8- NeroFilter.exe
C\WINDOWS\System32\
Trojan horse BackDoor.Generic.OBN
9- cAp.exe
C\WINDOWS\System32\
Trojan horse IRC\BackDoor.SdBot.KAQ

Poi,connesso ad internet, dopo un pò sul Task Manager, "svchost.exe-system" mi prende il 100% di cpu e l'antivirus mi ritorna a segnalare un paio di quelli sopra.
Siccome è da ieri che mi "meno"con sta roba ed è la prima volta che mi becco qualcosa,qualcuno è in grado d'aiutarmi?

Logfile of HijackThis v1.99.1
Scan saved at 13.47.06, on 20/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\ArabaFenice\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [Service] System.exe
O4 - HKLM\..\RunServices: [Service] System.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.acer.com
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

Ora stò navigando,con la connessione tradizionale e,X adesso,non è successo niente ed è la seconda volta.Più tardi proverò con l'ADSL.
Vi ringrazio se mi date una mano. :(
Domanda: che cos'è Real.exe?

Innanzitutto devi aggiornare il tuo sistema operativo tramite il windows update, questo è fondamentale.

Nel tuo log sono da fixare questi due
O4 - HKLM\..\Run: [Service] System.exe
O4 - HKLM\..\RunServices: [Service] System.exe

Rifai anche una scansione in modalità provvisoria con ewido ed eventualmente una scansione antivirus online.
Ti consiglio anche di usare firefox o opera al posto di IE.

Real.exe potrebbe essere un processo aggiunto dal Lovegate worm o dal legmir-au worm.

Ciao

O4 - HKLM\..\Run: [Service] System.exe
O4 - HKLM\..\RunServices: [Service] System.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
installati il service pack 2 ;)

juninho85
devo fixare quelli sopra?
I problemi li ho con l'ADSL con la connessione normale non c'è traccia di rotture.

Dunque,non ho risolto;ho reinstallato tutto.Tutto normale con la connessione lenta,poi quando installo alice,dopo pochi minuti la cpu mi và a 100 col processo svchost.exe e rimane lì oppure mi appare una finestra "NT Authority Sistem servizio RPC è terminato in modo imprevisto il sistema sarà riavviato".
E mi si riavvia.Domanda:cos'è"tivial file transfert che mi segnala Sygate con l'ADSL?
Scansione con Ewido e AVG non segnala niente;ora stò navigando tranquillamente..., con la connessione modem tradizionale.
L'attuale è questo:
Logfile of HijackThis v1.99.1
Scan saved at 16.24.09, on 22/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\RANDOM.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Documents and Settings\ArabaFenice\Documenti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [Microsoft Intrenet Explorer] RANDOM.exe
O4 - HKLM\..\RunServices: [Microsoft Intrenet Explorer] RANDOM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.acer.com
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

Grazie. :cry:

queste sono da fixare

C:\WINDOWS\System32\RANDOM.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Microsoft Intrenet Explorer] RANDOM.exe
O4 - HKLM\..\RunServices: [Microsoft Intrenet Explorer] RANDOM.exe

C\WINDOWS\System32\random.exe non c'è le altre le ho fixate.
Logfile of HijackThis v1.99.1
Scan saved at 16.52.03, on 22/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Programmi\Opera\Opera.exe
C:\Documents and Settings\ArabaFenice\Documenti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.acer.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F7743B0-89A1-4A06-849C-DADA45EF6047}: NameServer = 193.70.152.25 193.70.192.25
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

Quel trivial file transfert sai cos'è? E Xchè i problemi nascono solo con l'ADSL?
E' da venerdì che continuo a installare e reinstallare il sistema e non sò più cosa fare!

Quel trivial file transfert sai cos'è? E Xchè i problemi nascono solo con l'ADSL?
E' da venerdì che continuo a installare e reinstallare il sistema e non sò più cosa fare!

il log è ok
trivial file transfert è il protocollo tftp
per il tuo problema non saprei ma in ogni caso dovresti davvero mettere il SP2 ;)

il modem è adsl?

Dunque: vi ringrazio innanzi tutto!
Sono tre anni che ho un computer, senza service pack 2,Con AVG,Avast, Ewido,Spy Bot,Peer Guardian,XP antispy,etc._Non ho mai beccato un C...o,fino a giovedì sera quando spegnendo il computer ha cominciato a riavviarmi; ho fatto scansioni anche in mod.provv. niente questo con Avast residente e AVG non res.
Dopo un pò Avast ha cominciato a spararmi avvisi di un trojan, mi pare deko deko o neko neko,che era in tutti i file del comp.;fino ad arrivare al punto di riavviarsi. Da quel momento non potevo più accedere al sistema neanche in modalità provv.
Reinstallo il tutto,tenendo presente che l'Acer non mi ha messo i CD di Windows, ma un'immagine Ghost.
Adesso,...la scansione in mod.provv. con Ewido e AVG,non segnala niente,stò navigando normalmente e lentamente; con l'ADSL Alice Gate và normalmente X pochi minuti poi dopo clicco allow su quel trivial... dopo poco nel Task manager svchost.exe và a 100% cpu mi disconnetto e li rimane fino a quando non riavvio.
Ho telefonato al 187,Xchè ho pensato che siccome non mi ricordo più la password di alice e la connessione l'ho fatta col classico "aliceadsl" non essendo i valori della registrazione originale,fosse quello che mi dava dei problemi.
Il service pack 2,quando ho reinstallato X la prima volta, l'avevo messo per scrupolo ma, è il colmo, riavviando mi mandava in cerash il sistema e quindi.

il fattoche non hai mai beccato nulla anche senza SP2 non significa che tu abbia sempre fatto bene,anzi....magari i crash li avevi perchè non lo installavi a s.o. fresco di installazione ;)

La prima volta è stata due giorni fà. Se quando riavvio dopo l'installazione del service pack due mi crasha cosa posso fare!

Logfile of HijackThis v1.99.1
Scan saved at 14.57.22, on 21/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\GetRight\getright.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\MSN Messenger new\MSNP13Downgrader.exe
C:\Program Files\MSN Messenger new\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Mark\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: SuperBar - {DA0AFCDB-53B9-432A-ADCF-8A63A3B3DE6F} - C:\Program Files\SUPERBAR\SUPERBAR.dll (file missing)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [inomrsw] c:\windows\system32\rrztuf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MSNP13 Downgrader.lnk = ?
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://pietrun.altervista.org
O15 - Trusted Zone: http://www.ilgalileo.tk
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.atlanteitaliano.it/ecwplugins/ncs.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2A22FD6-EECC-4336-845B-29C61A81BD1E}: NameServer = 85.37.17.42 151.99.125.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\ir48l5hu1.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\f00olad31d0.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFyaw\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


cosa ne pensate???

Fixa:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 - Toolbar: SuperBar - {DA0AFCDB-53B9-432A-ADCF-8A63A3B3DE6F} - C:\Program Files\SUPERBAR\SUPERBAR.dll (file missing)
O4 - HKLM\..\Run: [inomrsw] c:\windows\system32\rrztuf.exe
O15 - Trusted Zone: http://pietrun.altervista.org
O15 - Trusted Zone: http://www.ilgalileo.tk
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\ir48l5hu1.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\f00olad31d0.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFyaw\command.exe (file missing)

Ho visto che hai messengerplus. Ti sei ricordato di escludere lo sponsor prima di installarlo?

Mi potreste dire quello che c'è da fixare visto ke ho alcuni problemi con il pc? Thx


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\cFosSpeed\spd.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Rey\IMPOST~1\Temp\Rar$EX00.756\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:14000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,winexec32.com,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Spy Protector] C:\Programmi\Security Task Manager\SpyProtector.exe /autostart
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Programmi\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Programmi\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programmi\IrfanView\Ebay\Ebay.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130335786866
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCA883BB-0D42-4385-A234-19DF6593E0A8}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Programmi\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:14000
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,winexec32.com,
O4 - HKLM\..\Run: [Spy Protector] C:\Programmi\Security Task Manager\SpyProtector.exe /autostart
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKCU\..\Run: [Steam] C:\Programmi\Valve\Steam\\Steam.exe -silent
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Programmi\cFosSpeed\spd.exe" -service (file missing)

controlla le prime 5 voci se sono leggittime ;)

Aiuto ragazzi...


Logfile of HijackThis v1.99.1
Scan saved at 18.22.14, on 21/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\r_server.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmi\TopSearch\TopSearch.exe
C:\Programmi\WebRebates4\webrebates.exe
C:\Programmi\WebRebates4\w11150.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Giuseppe\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index.php?tpid=10244&ttid=104
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=11629379&id=5.20013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=11629379&id=5.20013
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=11629379&id=5.20013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.shopnav.com/sidesearch.cgi?uid=11629379&id=5.20013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.shopnav.com/sidesearch.cgi?uid=11629379&id=5.20013
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [updater] C:\Programmi\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [USBToolTip] "C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TopSearch] C:\Programmi\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [webrebates] "C:\Programmi\WebRebates4\webrebates.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: WinMessenger StartUp.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Web Rebates. - file://C:\Programmi\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://www.mps.it/CertRenewal/CertControl/ita/xenroll.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/240ca0ec9f3be660b105/netzip/RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097671763672
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE2DC20A-09AC-4FA8-BFED-D68280C25621}: NameServer = 193.70.192.25,193.70.152.25
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Fixa:
C:\Programmi\TopSearch\TopSearch.exe
C:\Programmi\WebRebates4\webrebates.exe
C:\Programmi\WebRebates4\w11150.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index...=10244&ttid=104
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidese...9379&id=5.20013
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidese...9379&id=5.20013
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidese...9379&id=5.20013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.shopnav.com/sidese...9379&id=5.20013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.shopnav.com/sidese...9379&id=5.20013
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O4 - HKLM\..\Run: [TopSearch] C:\Programmi\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [webrebates] "C:\Programmi\WebRebates4\webrebates.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: Web Rebates. - file://C:\Programmi\WebRebates4\websrebates\webtrebates\toprC0.htm
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Fixa:
C:\Programmi\TopSearch\TopSearch.exe
C:\Programmi\WebRebates4\webrebates.exe
C:\Programmi\WebRebates4\w11150.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index...=10244&ttid=104
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidese...9379&id=5.20013
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidese...9379&id=5.20013
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidese...9379&id=5.20013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.shopnav.com/sidese...9379&id=5.20013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.shopnav.com/sidese...9379&id=5.20013
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O4 - HKLM\..\Run: [TopSearch] C:\Programmi\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [webrebates] "C:\Programmi\WebRebates4\webrebates.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: Web Rebates. - file://C:\Programmi\WebRebates4\websrebates\webtrebates\toprC0.htm
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)



Grazie

ciao a tutti :D
datemi una mano please, ho eliminato un po di robaccia ma
....l"apertura rimane lentissima in avvio con innumerevoli blocchi {il portatile mi tocca spegnerlo manualmente}
da quando ho installato Kaspersky {anche se messo in non avvio}.. :mc:

Logfile of HijackThis v1.99.1
Scan saved at 19.17.58, on 21/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Compaq\Easy Access Button Support\StartEAK.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\Programmi\DU Meter\DUMeter.exe
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programmi\RamBoost XP\rambxpfr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\user\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programmi\Copernic 2000\Search Bar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Programmi\Copernic 2000\CopernicFind.dll
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: IEWebCatcher Class - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Programmi\DNS\Catcher.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Programmi\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmi\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [RAMBooster.Net] C:\Programmi\RAMBooster.Net\RAMBooster.exe -m
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Ricerca utilizzando Copernic - file://C:\Programmi\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Programmi\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115194644286
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4624/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEA98187-261A-4944-B06D-F4676C019EC2}: NameServer = 213.230.155.94 213.230.130.222
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

Fixa questa:
O2 - BHO: IEWebCatcher Class - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Programmi\DNS\Catcher.dll

Salve a tutti. Ho un problema. Dal log di Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 14.47.33, on 22/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\sysmon.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Opera\Opera.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?301
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\sysmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programmi\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132435449327
O17 - HKLM\System\CCS\Services\Tcpip\..\{4103392C-3168-40F1-AC77-AAAB09979636}: NameServer = 85.37.17.46 151.99.125.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Programmi\Spyware Doctor\sdhelp.exe

Non riesco a risolvere

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?301

Ho provato in modalità provvisoria reimpostando la pagina iniziale su google, poi settando tutti i controlli su "alto", ma riavviando ritorna tutto come prima, e si reinstalla sul desktop un collegamento ad archiviosex.net. Anche i tre O15 sono stati fixati in modalità provvisoria ma ricompaiono....cosa devo fare su questi problemi? Ne vedete altri dal log?
Grazie a tutti

C:\WINDOWS\System32\sysmon.exe
C:\WINDOWS\System32\wpabaln.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?301{B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\sysmon.exell
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz

ora non ricordo se spyware doctor era o meno nella blacklist degli antispyware....comunque rimuovi queste voci,esegui ewido e installati il service pack 2 ;)

wpabaln.exe non è da fixare :)

si tratta di un exe che avvisa della licenza del XP :)

mettiti subito anche Service Pack 2

Grazie ragazzi, due cose:
Prima di tutto, siete sicuri di Sysmon...dal sito CastleCops risulta che potrebbe essere anche un file che gestisce la CPU...cioè due varianti di questo file risultano buone...l'altra no...e non so come considerare la mia.
Secondo, ho già provato a eliminare i tre O15 e l'R0, ma non vanno via...neanche da modalità provvisoria...quindi o c'è una procedura particolare e precisa...o le cose fattibili le ho già fatte.
Grazie ciao

prova con ewido(dopo averlo aggiornato):te lo scarichi,lo aggiorni e fai uno scan completo

Grazie ragazzi, due cose:
Prima di tutto, siete sicuri di Sysmon...dal sito CastleCops risulta che potrebbe essere anche un file che gestisce la CPU...cioè due varianti di questo file risultano buone...l'altra no...e non so come considerare la mia.
Secondo, ho già provato a eliminare i tre O15 e l'R0, ma non vanno via...neanche da modalità provvisoria...quindi o c'è una procedura particolare e precisa...o le cose fattibili le ho già fatte.
Grazie ciao
hai disabilitato il ripristino di sistema?

Prima di tutto, siete sicuri di Sysmon...dal sito CastleCops risulta che potrebbe essere anche un file che gestisce la CPU...cioè due varianti di questo file risultano buone...l'altra no...e non so come considerare la mia.

Per tagliare la testa al toro scansiona il tuo sysmon.exe su jotti per vedere se e' pulito o infetto: http://virusscan.jotti.org/

Grazie
installati anche Service Pack 2

hai disabilitato il ripristino di sistema?

Si l'ho fatto...ora provo con questo ewido...è tipo registry mechanic?

Si l'ho fatto...ora provo con questo ewido...è tipo registry mechanic?
no,si tratta un programma che rimuove malware,uno dei migliori secondo e disponibili sul mercato(contando che è free per 15 giorni)

no,si tratta un programma che rimuove malware,uno dei migliori secondo e disponibili sul mercato(contando che è free per 15 giorni)

Quindi tipo ad-aware e spyware doctor...li ho ma forse non li uso bene...ora tra l'altro, ho fatto analizzare il mio sysmon dal sito che mi avete consigliato, e guarda un po è affetto da troiaN...il bello è che antivir non lo vede...forse è perchè non gli ho fatto analizzare tutto il disco (cosa fatta decine di volte negli ultimi giorni, da quando ho l'ADSL), ma ho fatto un trascina del file dentro antivir...lo vede, lo analizza, ma non trova niente...cmq ora che so che è malato riprovo con hijack...

Salve ecco la mia configurazione: XP SP2, Microsoft Antispyware, Sygate e AVG free. Da alcune settimane mi si aprono finestre da sole, si avvia la calcolatrice, nei word processor si scrivono caratteri da soli, e l'altoparlante del PC emmette in continuazioend dei beep. Vi mando il log di hijack sperando che mi possiate aiutare ve ne sarei molto grato.


Logfile of HijackThis v1.99.1
Scan saved at 17.27.12, on 22/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trust\CnxDslTb.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lissy\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Trust\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQ5\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesit.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ5\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ5\ICQLite.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114129520526
O17 - HKLM\System\CCS\Services\Tcpip\..\{64DA85CC-6512-42EC-B977-9A5BE833EB59}: NameServer = 85.37.17.17 151.99.125.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Quindi tipo ad-aware e spyware doctor...li ho ma forse non li uso bene...ora tra l'altro, ho fatto analizzare il mio sysmon dal sito che mi avete consigliato, e guarda un po è affetto da troiaN...il bello è che antivir non lo vede...forse è perchè non gli ho fatto analizzare tutto il disco (cosa fatta decine di volte negli ultimi giorni, da quando ho l'ADSL), ma ho fatto un trascina del file dentro antivir...lo vede, lo analizza, ma non trova niente...cmq ora che so che è malato riprovo con hijack...
dammi retta,ewido non è neanche paragonabile a ad-aware e spyware doctor,provare per credere ;)

dammi retta,ewido non è neanche paragonabile a ad-aware e spyware doctor,provare per credere ;)
ok ti ringrazio per il consiglio...ora lo provo

Fixa questa:
O2 - BHO: IEWebCatcher Class - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Programmi\DNS\Catcher.dll



;) G R A Z I E!!!
[avevo anche io dei sospetti su tale BHO]
..rimane il fatto che non posso piu' accedere al regedit [alla pagina tradizionale
mi compare una finestra nera di windows\system32\regedit.com
a scomparsa immediata....bho!!]

ahia.....prova a ripristinare il backup di hiajckthis ;)

;) G R A Z I E!!!
[avevo anche io dei sospetti su tale BHO]
..rimane il fatto che non posso piu' accedere al regedit [alla pagina tradizionale
mi compare una finestra nera di windows\system32\regedit.com
a scomparsa immediata....bho!!]
Questo mi pare strano. Il bho che hai fixato era da eliminare e lo dice anche qua:
http://castlecops.com/tk3857-Catcher_dll.html
Prova a ripristinare il backup e vedi se regedit funziona.

dammi retta,ewido non è neanche paragonabile a ad-aware e spyware doctor,provare per credere ;)

forse era meglio dire che sono gli altri due programmi ad essere non paragonabili ad ewido.
;)

no,si tratta un programma che rimuove malware,uno dei migliori secondo e disponibili sul mercato(contando che è free per 15 giorni)
e dopo 15 giorni rimane free per le scansioni On Demand

forse era meglio dire che sono gli altri due programmi ad essere non paragonabili ad ewido.
;)infatti

X bonannogiovanni:

Il tuo log e' pulito. Ti consiglio comunque di fare una scansione con ewido: http://download.ewido.net/ewido-setup.exe
e una scansione antivirus con bitdefender free: http://www.bitdefender.com/site/Download/downloadFile/340/EN/

forse era meglio dire che sono gli altri due programmi ad essere non paragonabili ad ewido.
;)
il senso è uguale...se dici "non puoi paragonare una seicento a una ferrari" oppure dici "non puoi paragonare una ferrai a una cinquecento" cosa cambia?:D

il senso è uguale...se dici "non puoi paragonare una seicento a una ferrari" oppure dici "non puoi paragonare una ferrai a una cinquecento" cosa cambia?:D

beh la ferrari è nota. quei programmi credo molto meno. cmq come dicevano i latini meglio abbondare che deficere. in questo caso con le info.
;)

dammi retta,ewido non è neanche paragonabile a ad-aware e spyware doctor,provare per credere ;)
Fantastico...ne ho provati tanti...ma questo è proprio efficace...come mai se ne parla poco???è un po che giro sul forum per questioni di questo genere...ma a parte qlc sporadica citazione ewido è assente!!!cmq lo consiglio...ha beccato tutto (credo)...il log di hijack che riporto di seguito sembra ora a posto. 26 problemi inividuati...26 risolti...mi rimane da capire qlc in più su loo'n'stop e sto a posto! a proposito...risulta anche a voi che l'antivirus "antivir" non ha la funzione di integrazione con il menù contestuale di windows? è ortodosso trascinare un file singolo dentro la finestra di antivir per fargli analizzare quel singolo file...funziona?

Logfile of HijackThis v1.99.1
Scan saved at 20.11.21, on 22/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\pctspk.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Programmi\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -

C:\Programmi\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -

C:\Programmi\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital

Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &ICQ Toolbar Search -

res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -

C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -

C:\Programmi\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132435449327
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -

C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -

C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security

suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security

suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Salve a tutti....non riesco a risolvere il mio problema...
Chi è così gentile da darmi una mano?

Logfile of HijackThis v1.99.1
Scan saved at 20.07.09, on 22/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sndmen.exe
C:\WINDOWS\timed.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\timed.exe
C:\Programmi\Microsoft Office\Office\Osa.exe
C:\Programmi\Date Manager\DateManager.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE
C:\Documents and Settings\Raffaele\Desktop\Sicurezza\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: IEHlprObj Class - {01FB9C55-FC66-4476-A199-389241193188} - C:\WINDOWS\SYSTEM32\ntVIpKf.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] C:\WINDOWS\sndmen.exe -i
O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\timed.exe /i
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Date Manager.lnk = C:\Programmi\Date Manager\DateManager.exe
O4 - Global Startup: Corel Family & Friends Reminders.LNK = C:\Programmi\Corel\Print House Magic\cffrem.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Win32 Classes -
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE

C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\sndmen.exe
C:\WINDOWS\timed.exe
C:\WINDOWS\timed.exe
O2 - BHO: IEHlprObj Class - {01FB9C55-FC66-4476-A199-389241193188} - C:\WINDOWS\SYSTEM32\ntVIpKf.dll
O4 - HKLM\..\Run: [SoundMan] C:\WINDOWS\sndmen.exe -i
O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\timed.exe /i
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

quel soundman mi suona strano...l'eseguibile corretto dovrebbe essere SOUNDMAN.EXE :wtf:
installa il service pack 2

C:\WINDOWS\System32\wpabaln.exe

prova a far analizzare questo file da jotty.org...com'è ewido?:D

quel soundman mi suona strano...l'eseguibile corretto dovrebbe essere SOUNDMAN.EXE :wtf:

infatti è robaccia:http://www.greatis.com/appdata/d/s/sndmen.exe.htm

Oltre alle voci indicate da juninho bisogna fixare anche queste 2:

C:\Programmi\Date Manager\DateManager.exe
O4 - Global Startup: Date Manager.lnk = C:\Programmi\Date Manager\DateManager.exe

X bonannogiovanni:

Il tuo log e' pulito. Ti consiglio comunque di fare una scansione con ewido: http://download.ewido.net/ewido-setup.exe
e una scansione antivirus con bitdefender free: http://www.bitdefender.com/site/Download/downloadFile/340/EN/


faccio subito come mi hai detto, ma a questo punto comincio a pensare che il computer venga controllato da remoto alla PCanywhere, magari è qualche servizio di windows che lo permette, che ne pensi?

faccio subito come mi hai detto, ma a questo punto comincio a pensare che il computer venga controllato da remoto alla PCanywhere, magari è qualche servizio di windows che lo permette, che ne pensi?
può darsi...prova a disabilitare telnet dai servizi di windows ;)

può darsi...prova a disabilitare telnet dai servizi di windows ;)

ho guardato e telnet è già disabilitato, hai altre idee?

ho guardato e telnet è già disabilitato, hai altre idee?
se hai telnet disabilitato puoi categoricamente escludere la possibilità che il tuo pc sia posseduto,utilizzi un firewall vero?

se hai telnet disabilitato puoi categoricamente escludere la possibilità che il tuo pc sia posseduto,utilizzi un firewall vero?

Uso sygate freeware, ma l'ho installato solo da quando si è presentato questo problema, e ovviamente non è cambiato nulla rispetto a prima.

allora il problema potrebbe essere hardware/software,non dovuto comunque a file maligni....esiste un trojan che apre pagine di I.E. in continuazione(a te si aprono delle finestre no?),prova a cercare nel forum,se ne parlò tempo fa ;)

allora il problema potrebbe essere hardware/software,non dovuto comunque a file maligni....esiste un trojan che apre pagine di I.E. in continuazione(a te si aprono delle finestre no?),prova a cercare nel forum,se ne parlò tempo fa ;)

è vero che mi si aprono finestre ma mai di ie, solo windows, tipo risorse del computer e search. Comunque ti ringrazio di aver pensato all'hardware, perchè mi hai fatto venire un'idea. Io uso da un'anno ormai, una tastiera ed un mouse wireless. Tutti i sintomi che riscontro, compresi i beep, potrebbero essere dovuti ad un errore di connessione di questi dispositivi, magari per le pile scariche non so?

allora si spiega tutto....se ne hai modo prova a utilizzare mouse e tastiera con fili

Questo mi pare strano. Il bho che hai fixato era da eliminare e lo dice anche qua:
http://castlecops.com/tk3857-Catcher_dll.html
Prova a ripristinare il backup e vedi se regedit funziona.

niente da fare
anche con il backup
il regedit...non funzia
Qualke tempo fa avevo trovato con ewido altra roba

ewido security suite - Rapporto Scansione
---------------------------------------------------------

+ Creato il: 23.39.11, 03/11/2005
+ Report-Checksum: 1E062431

+ Risultati scansione:

HKU\S-1-5-21-1220945662-1993962763-1060284298-1004\Software\DNS -> Adware.Shorty : Pulito con Backup
C:\Documents and Settings\user\Desktop\di T U T T O e di P I ù\bdevil40.RB0/anukers/icmpw.exe -> Not-A-Virus.Monitor.ICMP_Watch : Pulito con Backup
C:\Documents and Settings\user\Shared\AUTOROUTE ITALIANO.EXE -> Spyware.Hijacker.Generic : Pulito con Backup


::Fine Rapporto
_____________________________________________________________
....ora cmq va molto meglio a parte l'avvio resta il fatto
che senza il regedit il pc lo sento piu vulnerabile

che dite formatto?

Logfile of HijackThis v1.99.1
Scan saved at 16.33.00, on 23/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Compaq\Easy Access Button Support\StartEAK.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\Programmi\DU Meter\DUMeter.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\mspaint.exe
C:\Programmi\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\mspaint.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\user\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programmi\Copernic 2000\Search Bar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Programmi\Copernic 2000\CopernicFind.dll
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Programmi\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmi\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [RAMBooster.Net] C:\Programmi\RAMBooster.Net\RAMBooster.exe -m
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Ricerca utilizzando Copernic - file://C:\Programmi\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Programmi\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115194644286
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4624/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEA98187-261A-4944-B06D-F4676C019EC2}: NameServer = 83.224.65.134
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

BHO!!

niente da fare
anche con il backup
il regedit...non funzia
Qualke tempo fa avevo trovato con ewido altra roba

ewido security suite - Rapporto Scansione
---------------------------------------------------------

+ Creato il: 23.39.11, 03/11/2005
+ Report-Checksum: 1E062431

+ Risultati scansione:

HKU\S-1-5-21-1220945662-1993962763-1060284298-1004\Software\DNS -> Adware.Shorty : Pulito con Backup
C:\Documents and Settings\user\Desktop\di T U T T O e di P I ù\bdevil40.RB0/anukers/icmpw.exe -> Not-A-Virus.Monitor.ICMP_Watch : Pulito con Backup
C:\Documents and Settings\user\Shared\AUTOROUTE ITALIANO.EXE -> Spyware.Hijacker.Generic : Pulito con Backup


::Fine Rapporto
_____________________________________________________________
....ora cmq va molto meglio a parte l'avvio resta il fatto
che senza il regedit il pc lo sento piu vulnerabile

che dite formatto?

Fai un tentativo di ripristino di sistema. Se non ti riesce neanche quello allora forse e' il caso di formattare cosi te ne esci.

Logfile of HijackThis v1.99.1
Scan saved at 16.33.00, on 23/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Compaq\Easy Access Button Support\StartEAK.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\Programmi\DU Meter\DUMeter.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\mspaint.exe
C:\Programmi\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\mspaint.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\user\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programmi\Copernic 2000\Search Bar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Programmi\Copernic 2000\CopernicFind.dll
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Programmi\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmi\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [RAMBooster.Net] C:\Programmi\RAMBooster.Net\RAMBooster.exe -m
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Ricerca utilizzando Copernic - file://C:\Programmi\Copernic 2000\Search Extension.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Programmi\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115194644286
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4624/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEA98187-261A-4944-B06D-F4676C019EC2}: NameServer = 83.224.65.134
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

BHO!!
che problemi hai??? :mbe:

X §ur√i√or

Fixa:
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

X §ur√i√or

Fixa:
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
fixato ..niente

C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
come li fixo...non mi compaiono nel log

fra l 'altro sul desktop del log salvato ...ho due copie
hijackthis.log primo 4.txt
e un'altra copia
~$jackthis.log primo 4.txt

.....di sicuro il malware e' ancora attivo :rolleyes:

ma usi un Antivirus , Antispyware % firewall???

dal log non mi sembra :mbe:

installati Antivir Ewido e Zone Alarm o Sygate ;)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
fixato ..niente

C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
come li fixo...non mi compaiono nel log

fra l 'altro sul desktop del log salvato ...ho due copie
hijackthis.log primo 4.txt
e un'altra copia
~$jackthis.log primo 4.txt

.....di sicuro il malware e' ancora attivo :rolleyes:

Fai qualche altra scansione antispyware e naviga con firefox altrimenti ti becchi chissa' quante altre cose. Disattiva sempre il ripristino di sistema ed esegui le scansioni in safe mode.

Help! Mi compare continuamente un box del servizio di messaggistica immediata....
Messaggio da system alert stop! windows required immediate attention
e mi dice di collegarmi a un sito per scaricare un programma per riparare il registro...che si deve fare? :)

Help! Mi compare continuamente un box del servizio di messaggistica immediata....
Messaggio da system alert stop! windows required immediate attention
e mi dice di collegarmi a un sito per scaricare un programma per riparare il registro...che si deve fare? :)
Per disattivare il servizio di messaggistica immediata fai cosi:
- Apri il pannello di controllo
- Doppio click su "Strumenti di Amministrazione"
- Doppio click sull'icona "Servizi"
- Scorri la lista fino a trovare "Messenger"
- Tasto destro su "Messenger" e scegli "Proprietà dal menù
- Dalla finestra che appare sotto "Tipo di Avvio" seleziona "Disabilitato" e premi Ok.

Fatti una scansione con ewido: http://download.ewido.net/ewido-setup.exe

il ripristino di config. risulta il 3 novembre [il solo attivo ]
dopo ewido/scan


ma usi un Antivirus , Antispyware % firewall???

dal log non mi sembra :mbe:

installati Antivir Ewido e Zone Alarm o Sygate ;)

Ewido[non piu' attivabile]
ad/aware
Spybot - Search & Destroy
avast [disattivato]
kaspersky
firewall di windows

C:\WINDOWS\system32\osk.exe

questo?

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
fixato ..niente

C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
come li fixo...non mi compaiono nel log

fra l 'altro sul desktop del log salvato ...ho due copie
hijackthis.log primo 4.txt
e un'altra copia
~$jackthis.log primo 4.txt

.....di sicuro il malware e' ancora attivo :rolleyes:
la prima chiave puoi anche lasciarla,non è nula di grave....quel file li potrebbe essere temporaneo

questo?

osk e' la tastiera sullo schermo !

ops
dimenticavo quella alfabetica non accentata funzia
insieme ai segni d'interpunzione no!

stramaledi......ne d' un accidenti a sta sottospecie che va da Bill....a Bushhh...

me tocca upformat :mad:

osk e' la tastiera sullo schermo !


osk.exe e' anche uno spyware:
http://www.processlibrary.com/directory/files/osk/
http://www.liutilities.com/products/wintaskspro/processlibrary/osk/
http://securityresponse.symantec.com/avcenter/venc/data/adware.findwhatever.html

allora si spiega tutto....se ne hai modo prova a utilizzare mouse e tastiera con fili

Ho provato con i fili e in effetti nessun sintomo riscontrato, incredibile, un errato collegamento rf mi ha fatto temere il peggio, grazie a voi ho risolto, ciao e al prossimo problema

Fatti una scansione con ewido: http://download.ewido.net/ewido-setup.exe
Ok! grazie mille....un'ottima medicina ewido :)

Ragazzi aiuto. Non so se il mio problema è direttamente riferibile alle discussioni di questo thread...ma ci provo...aiutatemi come potete. Ho scaricato la demo di Acronis true image 9, +/- tutto bene finchè, quasi alla fine dell'istallazione mi compare un messaggio del genere impossibile scrivere *** nella chiave \software\microsoft\windows\current version\run. :confused: Metto gli asterischi perchè nel caso di true image non ricordo quali file tentasse di scrivere...ma le chiavi a cui non ho accesso erano due. Ignorandole il programma interrompeva l'istallazione. Ho desistito ma oggi, tentando di istallare la demo di nero 7, il problema si è ripresentato, è in questo caso o scritto il nome del file:nerofiltercheck. Che cosa significa??? :cry: se avete bisogno di sapere che file richiama acronis, ritento l' istallazione e ve lo dico...Help
Vi pasto il log di Hikack...a me sembra pulito...ma non sono ferrato!!!

Logfile of HijackThis v1.99.1
Scan saved at 1.14.00, on 27/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\pctspk.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Programmi\Opera\Opera.exe
C:\Programmi\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Programmi\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [GhostSecuritySuite] "C:\Programmi\GhostSecuritySuite\gss.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132435449327
O17 - HKLM\System\CCS\Services\Tcpip\..\{4103392C-3168-40F1-AC77-AAAB09979636}: NameServer = 85.37.17.46 151.99.125.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Il log e' pulito. Ma per caso hai toccato il registro?

Il log e' pulito. Ma per caso hai toccato il registro?
Non personalmente, ma magari con qualche programma alla registry cleaner, o altri che ho è sto sperimentando...come poteri risolvere???!!!

Non personalmente, ma magari con qualche programma alla registry cleaner, o altri che ho è sto sperimentando...come poteri risolvere???!!!
Spero che almeno hai fatto i back up :mbe:

Non personalmente, ma magari con qualche programma alla registry cleaner, o altri che ho è sto sperimentando...come poteri risolvere???!!!
hai fatto il backup di quello che hai tolto?

.
1)il log è pulito
2)installati il service pack 2
3)sicuro c he regseeker non abbia qualche funzione(o magari tramite l teatimer di spybot)per evitare che si aggiungano programmi in autorun?

risolto....

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe

:fuck: fixati!!

risolto....

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe

:fuck: fixati!!
:mbe:

risolto....

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe

:fuck: fixati!!
guarda che non vanno fixati :mbe:

Spero che almeno hai fatto i back up :mbe:
si i backup li faccio sempre...ma se non so di preciso cosa ripristinare...forse dovrei riprostinare tutto!!!comunque ho provato anche ad interrompere tutti i processi di programmi legati al controllo del registro..ma niente!!!

si i backup li faccio sempre...ma se non so di preciso cosa ripristinare...forse dovrei riprostinare tutto!!!comunque ho provato anche ad interrompere tutti i processi di programmi legati al controllo del registro..ma niente!!!
beh,si.ti conviene ripristinare tutto se nn sai cosa è stato..

non so cosa centri ma sicuramente ma almeno questo
HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe

mi impediva di visualizzare il registro


eppure mi sembrava affidabile....bho
http://www.java.com/it/download/installed.jsp

cmq tutto sommato non e' indispensabile :cool:

grazie ragazzi...ci sto lavorando ma per ora niente :muro:

non so cosa centri ma sicuramente ma almeno questo
HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe

mi impediva di visualizzare il registro


eppure mi sembrava affidabile....bho
http://www.java.com/it/download/installed.jsp

cmq tutto sommato non e' indispensabile :cool:
serve per aggiornare la piattaforma java runtime environment automaticamente, non credo sia pericoloso se non è infetto.
Si può togliere da msconfig comunque e gli aggiornamenti farli a mano dal pannello di controllo di tanto in tanto

Logfile of HijackThis v1.99.1
Scan saved at 20.34.21, on 28/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
D:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
D:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\Radmin\radmin.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Giuseppe\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Programmi\FlashFXP\IEFlash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Programmi\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Programmi\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "e:\programmi\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AtiTrayTools] "D:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: PC Alert 4.lnk = C:\Programmi\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Post-it® Software Notes.lnk = D:\Programmi\3M\PSNotes\psn.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O17 - HKLM\System\CCS\Services\Tcpip\..\{98A5221F-3C95-44F2-A60A-AB3276C25BEC}: NameServer = 193.70.192.25,193.70.152.25
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe (file missing)

Fixa:
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O10 - Hijacked Internet access by New.Net
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe (file missing)

Metti il SP2.

Questo Radmin l'hai installato tu?

Si grazie ho risolto tutto

Scusate se intervengo qui per questo argomento...ma nn riesco a trovare visibilità altrove è il problema è urgente(ho altri 4 gg per darlo indietro)...Ho acquistato un notebook Hp Pavilion zv6245ea e ho riscontrato che una delle due ventole di cui è dotato rimane sempre accesa. Intendo dire dal momento dell'accensione al momento dello spegnimento, ininterrottamente, a meno dei momenti in cui mando in stand-by. Devo considerarlo normale? Il servizio assistenza mi ha prontamente invitato ad aggiornare il bios, senza però darmi informazioni precise, dicendomi in modo vago che comunque le ventole dovrebbero accendersi per raffreddare il Pc (ma va???). Ho aggiornato immediatamente il bios alla versione f.1b, ma il (eventuale) problema persiste. Se qualcuno conosce anche non direttamente il Note in questione sa dirmi se è plausibile che una ventola sia sempre accesa!!!grazie ancora

controlla i processi attivi e l'utilizzo della cpu (ctrl+alt+canc):
se l'utilizzo medio è elevato devi togliere un po' di processi in avvio e vedere
se l'attività è medio bassa allora non è normale
senti comunque da ti te lo hs venduto

controlla i processi attivi e l'utilizzo della cpu (ctrl+alt+canc):
se l'utilizzo medio è elevato devi togliere un po' di processi in avvio e vedere
se l'attività è medio bassa allora non è normale
senti comunque da ti te lo hs venduto
I processi sono pochi e comunque non sono in grado di far lavorare così tanto il pc...tra parentesi la ventola parte già prima che i primi processi si carichino...cioè appena premuto il tasto di accensione. Cmq ora provo a toglierli +/- tutti...magari cambia qualcosa...cmq secondo la tua esperienza è anomalo che una ventola sia sempre accesa???

Scusate se intervengo qui per questo argomento...ma nn riesco a trovare visibilità altrove è il problema è urgente(ho altri 4 gg per darlo indietro)...Ho acquistato un notebook Hp Pavilion zv6245ea e ho riscontrato che una delle due ventole di cui è dotato rimane sempre accesa. Intendo dire dal momento dell'accensione al momento dello spegnimento, ininterrottamente, a meno dei momenti in cui mando in stand-by. Devo considerarlo normale? Il servizio assistenza mi ha prontamente invitato ad aggiornare il bios, senza però darmi informazioni precise, dicendomi in modo vago che comunque le ventole dovrebbero accendersi per raffreddare il Pc (ma va???). Ho aggiornato immediatamente il bios alla versione f.1b, ma il (eventuale) problema persiste. Se qualcuno conosce anche non direttamente il Note in questione sa dirmi se è plausibile che una ventola sia sempre accesa!!!grazie ancora
non per fare il bacchettone ma...pertinenza col thread?:D

Microsoft Antispyware mi blocca questi script in continuazione:
_DelItX.bat dove al posto della X mette tutte le lettere dell'alfabeto. :(
Una volta editato con Notepad il file contiene questo:

:Loop
DEL "C:\WINDOWS\mstse.exe"
IF EXIST "C:\WINDOWS\mstse.exe" GOTO Loop
DEL "C:\WINDOWS\_DelItX.bat"

Uso AD-AWARE, SPYBOT S&D, ewido ma non mi segnalano granche' salvo i soliti cookie.

Ho l'antivirus ANTIVIR PE.

Questo e' il mio file di log con Hijackthis:

Mi puzza un po' quell'about:blank :cry:


Logfile of HijackThis v1.99.1
Scan saved at 23.35.09, on 26/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\GSICON.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programmi\Babylon\Babylon.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\WINDOWS\msncomm.exe
C:\WINDOWS\volumec.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Creative\SBLive\PlayCenter2\CTNMRun.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\msncomm.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org1.1.2\program\soffice.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\luciano\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [CTAvTray] C:\Programmi\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WINPROC AUDIT] C:\OEMCUST\TOOLS\WIN32\WINPROC.EXE C:\CABS\SCRIPTS\PROCESS\AUDIT.SCR C:\DRIVERS\PROCESS.TXT /TRACE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\ctnotify.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [AHQInit] C:\Programmi\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Timer] C:\WINDOWS\msncomm.exe /i
O4 - HKLM\..\Run: [VolControl] C:\WINDOWS\volumec.exe -i
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Programmi\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Programmi\Creative\SBLive\PlayCenter2\CTNMRun.exe"
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Programmi\OpenOffice.org1.1.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{592555C3-0436-46A2-A5B0-1B3D3C48A5D5}: NameServer = 85.37.17.57 151.99.125.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Grazie in anticipo per l'eventuale aiuto.

C:\WINDOWS\msncomm.exe
C:\WINDOWS\volumec.exe
C:\WINDOWS\msncomm.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - HKLM\..\Run: [Timer] C:\WINDOWS\msncomm.exe /i
O4 - HKLM\..\Run: [VolControl] C:\WINDOWS\volumec.exe -i
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab

controlla con google la provenienza di queste stringhe ;)

Scusate se intervengo qui per questo argomento...ma nn riesco a trovare visibilità altrove è il problema è urgente(ho altri 4 gg per darlo indietro)...Ho acquistato un notebook Hp Pavilion zv6245ea e ho riscontrato che una delle due ventole di cui è dotato rimane sempre accesa. Intendo dire dal momento dell'accensione al momento dello spegnimento, ininterrottamente, a meno dei momenti in cui mando in stand-by. Devo considerarlo normale? Il servizio assistenza mi ha prontamente invitato ad aggiornare il bios, senza però darmi informazioni precise, dicendomi in modo vago che comunque le ventole dovrebbero accendersi per raffreddare il Pc (ma va???). Ho aggiornato immediatamente il bios alla versione f.1b, ma il (eventuale) problema persiste. Se qualcuno conosce anche non direttamente il Note in questione sa dirmi se è plausibile che una ventola sia sempre accesa!!!grazie ancora
D
non per fare il bacchettone ma...pertinenza col thread?:D
Avete ragione ma ho 900 e passa euri in mano a trony per un pc che non so se è buono o no...e questo è uno dei thread più frequentati...cmq ok...non quoto più...ma se potete aiutatemi

Msncomm e volumec addirittura backdoors.
E' proprio il far west.
Pclescheduled.exe lo ho cancellato ma e' ritornato. :eek:

Adesso dovrei essere (quasi)pulito:

Logfile of HijackThis v1.99.1
Scan saved at 23.22.49, on 28/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\GSICON.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programmi\Babylon\Babylon.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Creative\SBLive\PlayCenter2\CTNMRun.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org1.1.2\program\soffice.exe
C:\Documents and Settings\luciano\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [CTAvTray] C:\Programmi\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WINPROC AUDIT] C:\OEMCUST\TOOLS\WIN32\WINPROC.EXE C:\CABS\SCRIPTS\PROCESS\AUDIT.SCR C:\DRIVERS\PROCESS.TXT /TRACE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\ctnotify.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [AHQInit] C:\Programmi\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Programmi\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Programmi\Creative\SBLive\PlayCenter2\CTNMRun.exe"
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Programmi\OpenOffice.org1.1.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O no? :stordita:
Grazie, grazie un bel po'. :)

Msncomm e volumec addirittura backdoors.
E' proprio il far west.
Pclescheduled.exe lo ho cancellato ma e' ritornato. :eek:
e te credo..ho sbagliato io quotando :muro:
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

nulla di preoccupante;)...hai una creative installata?

Si ho una creative SB LIVE, che faccio la tolgo quella stringa?

Si ho una creative SB LIVE, che faccio la tolgo quella stringa?
si

Salve ho un problema con il pc in ufficio:
- sfondo di winxp sparito, è stato sostituito da una pagina html bianca...e se provo ad accedere alle impostazioni del monitor, manca la scheda "desktop";
- all'avvio compare in systray uno scudo rosso con croce bianca, non è il centro di sicurezza di xp..è un tarocco, ed avvisa che sono potenzialmente infetto....(norton antivirus aggiornato ad oggi, non ha rilevato alcun virus!)
- alcune applicazioni (tipo autocad lt 2000) generano messaggi di errori in caso di scrittura su alcuni file...
- pagina di avvio di internet explorer sostituita...ed è impossibile cambiarla (ad ogni riavvio viene ripristinata)

Spero possiate aiutarmi, non vorrei dover formattare tutto!!

Ho lancioato Hijack-this e questo è il log:

Logfile of HijackThis v1.99.1
Scan saved at 16.09.37, on 29/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Utente\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdochp.dll/defAPI.htm#privacy;x32;
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MyBHO - {784aa380-13f2-422e-8540-f2280f1dd4f1} - C:\WINDOWS\System32\bhoimpl.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130333989140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130333961500
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA52C4C-DD8F-40B8-A503-B4EA32F05ADF}: NameServer = 212.216.112.112,212.216.162.72
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CA52C4C-DD8F-40B8-A503-B4EA32F05ADF}: NameServer = 212.216.112.112,212.216.162.72
O17 - HKLM\System\CS2\Services\Tcpip\..\{1CA52C4C-DD8F-40B8-A503-B4EA32F05ADF}: NameServer = 212.216.112.112,212.216.162.72
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdochp.dll/defAPI.htm#privacy;x32;
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: MyBHO - {784aa380-13f2-422e-8540-f2280f1dd4f1} - C:\WINDOWS\System32\bhoimpl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

da mettere anche SP2 ;)

I processi sono pochi e comunque non sono in grado di far lavorare così tanto il pc...tra parentesi la ventola parte già prima che i primi processi si carichino...cioè appena premuto il tasto di accensione. Cmq ora provo a toglierli +/- tutti...magari cambia qualcosa...cmq secondo la tua esperienza è anomalo che una ventola sia sempre accesa???

il pavillion che ho tra le mani io sventola solo su trasferimento dati lan o con gordian knot
nel normale utilizzo è silenzioso, o al massimo ventola al primo stadio (leggero ronzio)

Con riferimento a questa discussione:
http://www.hwupgrade.it/forum/showthread.php?t=1076065

=======================
Logfile of HijackThis v1.99.1
Scan saved at 18.26.39, on 30/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\File comuni\TerraTec\Scheduler\TTTimer.exe
C:\Programmi\File comuni\TerraTec\Remote\TTTVRC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\FreePOPs\freepopsd.exe
D:\Mario\software\DTemp\DTemp.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Microsoft Office\Office\WINWORD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Mario\software\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [TerraTec Scheduler] "C:\Programmi\File comuni\TerraTec\Scheduler\TTTimer.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programmi\File comuni\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [StatusClient] C:\Programmi\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Programmi\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Collegamento a freepopsd.exe.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: DTemp.exe.lnk = D:\Mario\software\DTemp\DTemp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120770184750
O17 - HKLM\System\CCS\Services\Tcpip\..\{4020262A-4900-427A-BA4F-904A0F2A7842}: NameServer = 85.37.17.10 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4020262A-4900-427A-BA4F-904A0F2A7842}: NameServer = 85.37.17.10 151.99.125.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Programmi\Kerio\Personal Firewall\persfw.exe

O4 - Startup: DTemp.exe.lnk = D:\Mario\software\DTemp\DTemp.exe

questo(come pure il file in esecuzione) sono sospetti

Quello è solo un programmino che rileva la temperatura dell'hard disk (l'ho installato e messo in esecuzione automatica questa estate, quando l'hard disk raggiungeva delle temperature sui 47 / 48 gradi).

Quello è solo un programmino che rileva la temperatura dell'hard disk (l'ho installato e messo in esecuzione automatica questa estate, quando l'hard disk raggiungeva delle temperature sui 47 / 48 gradi).

assolutamente normale, a me passa i 50 d'estate (è praticamente in mansarda)..

il pavillion che ho tra le mani io sventola solo su trasferimento dati lan o con gordian knot
nel normale utilizzo è silenzioso, o al massimo ventola al primo stadio (leggero ronzio)
Grazie Stev-o...ho trovato una mano su un thread che ho aperto su questo forum..fortunatamente ha avuto visibilità e ho risolto...ne è venuto fuori che la ventola sempre accesa (come dici tu "al primo stadio") non è un problema, anzi è un pregio in quanto tiene davvero basse le temp del mio note. Grazie dell'interessamento, ciao

@ferrari-m:

Sembrerebbe tutto ok con il log, l'unica cosa "sospetta" se vogliamo è quest'applicazione..

O4 - Startup: Collegamento a freepopsd.exe.lnk = C:\Programmi\FreePOPs\freepopsd.exe

@ferrari-m:

Sembrerebbe tutto ok con il log, l'unica cosa "sospetta" se vogliamo è quest'applicazione..

O4 - Startup: Collegamento a freepopsd.exe.lnk = C:\Programmi\FreePOPs\freepopsd.exe
non è sospetto,server a far funzionare la webmail in imap ;)

non è sospetto,server a far funzionare la webmail in imap ;)

Non lo sapevo.. In effetti ho scritto "sospetto" ;) ..

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdochp.dll/defAPI.htm#privacy;x32;
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: MyBHO - {784aa380-13f2-422e-8540-f2280f1dd4f1} - C:\WINDOWS\System32\bhoimpl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)


fatto..ma continuano ad esserci questi problemi:
- sfondo di winxp sparito, è stato sostituito da una pagina html bianca...e se provo ad accedere alle impostazioni del monitor, manca la scheda "desktop";
- all'avvio compare in systray uno scudo rosso con croce bianca, non è il centro di sicurezza di xp..è un tarocco, ed avvisa che sono potenzialmente infetto....(norton antivirus aggiornato ad oggi, non ha rilevato alcun virus!)



..mi sa che sono costretto a formattare e reinstallare tutto.. :muro:

fatto..ma continuano ad esserci questi problemi:
- sfondo di winxp sparito, è stato sostituito da una pagina html bianca...e se provo ad accedere alle impostazioni del monitor, manca la scheda "desktop";
- all'avvio compare in systray uno scudo rosso con croce bianca, non è il centro di sicurezza di xp..è un tarocco, ed avvisa che sono potenzialmente infetto....(norton antivirus aggiornato ad oggi, non ha rilevato alcun virus!)



..mi sa che sono costretto a formattare e reinstallare tutto.. :muro:

Ma chi te l'ha detto di bloccare quei processi ? Sono tutti attendibili. Qual è il tuo problema esattamente ?

ragassuoli,hijackthis mi ha trovato due voci ke nn so cosa sono

O9 - Extra button: Protezione IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Protezione IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll

in effetti in ie in strument c'è un pulsante: protezione IE,ma nn apre nulla,manco un processo,kasp nn rileva nulla,ewido idem,ho trovato su google che sto file è una libreria,ma che c'èentra?

ragassuoli,hijackthis mi ha trovato due voci ke nn so cosa sono

O9 - Extra button: Protezione IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Protezione IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll

in effetti in ie in strument c'è un pulsante: protezione IE,ma nn apre nulla,manco un processo,kasp nn rileva nulla,ewido idem,ho trovato su google che sto file è una libreria,ma che c'èentra?
regolari....è il plugin shockwave ;)

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130433402843
O17 - HKLM\System\CCS\Services\Tcpip\..\{44119968-6E07-4476-B65D-159845C6B4F9}: NameServer = 85.37.17.9 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{44119968-6E07-4476-B65D-159845C6B4F9}: NameServer = 85.37.17.9 151.99.125.1
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Non si vuole levare come faccio? mod provvisoria se ne va ma dopo un po torna .-.

Non si vuole levare come faccio? mod provvisoria se ne va ma dopo un po torna .-.
Disattiva il ripristino di sistema e ripeti il fix in modalita' provvisoria.

mai attivato il ripristino ogni volta che formatto disabilitato a vita :)

mai attivato il ripristino ogni volta che formatto disabilitato a vita :)
che programmi usi?

hai qualche programma che controlla il tuo registro per caso?

jv16powertools perche?o ti riferisci ad antispyware?cmq ho provato con ewido,lavasoft,spy-bot non trova niente di strano.Ho fatto una ricerca sulla stringa di quei caratteri e porta al coolwebsearch.. ho provato anche quel programma della trend micro CWShredder ma sono pulito..

fatto..ma continuano ad esserci questi problemi:
- sfondo di winxp sparito, è stato sostituito da una pagina html bianca...e se provo ad accedere alle impostazioni del monitor, manca la scheda "desktop";
- all'avvio compare in systray uno scudo rosso con croce bianca, non è il centro di sicurezza di xp..è un tarocco, ed avvisa che sono potenzialmente infetto....(norton antivirus aggiornato ad oggi, non ha rilevato alcun virus!)



..mi sa che sono costretto a formattare e reinstallare tutto.. :muro:

Un malware ti ha modificato le impostazioni di xp,capita :read:
Dopo esserti assicurato che non parte all'avvio nessun processo cattivo (es. co Starter ;) ) ti bastera' soltanto usare un nuovo utente.
ciao


PS: io denuncierei la norton per millantaggio,poi fai te :D

Un malware ti ha modificato le impostazioni di xp,capita :read:
Dopo esserti assicurato che non parte all'avvio nessun processo cattivo (es. co Starter ;) ) ti bastera' soltanto usare un nuovo utente.
ciao


PS: io denuncierei la norton per millantaggio,poi fai te :D
Quindi controllo i processi e (ad esemprio con startup control pannel) elimino dall'avvio tutto quello che è "strano" o comunque comparso di recente e/o non legato a winzoz e programmi che conosco...poi creo un nuovo utente e si sistema tutto?
Ma in questo modo, l'utente originario," l'administrator" resta inutilizzabile..o cmnq compromesso...finchè non reinstallo...no?

L'utente administrator rimane come lo hai lasciato,se lo vuoi lasciare.
Bisogna prestare attenzione perche' i processi cattivi possono usare percorsi non monitorati dai tool + in voga come hijackT. e spyB per autoavviarsi,quindi ogni volta si sta' da capo a 12.Devo dire cmq che controllando i log approfonditi di entrambi i programmi (solo ultime versioni) e utilizzando anche le altre funzionalita' (non solo "scan&remove" :stordita: ) si puo' risolvere la maggior parte delle situazioni rognose.
ciao

salve a tutti
volevo porvi un quesito sulle impostazioni di sicurezza di IE EX.
Premetto che ho tre pc in lan, e quello + vecchio ke fa da server era connesso ad internet con il modem D-Link302T, ora sostituito da un ericssonHM 120dp; alice flat 4M., SO WinXPpro con firewall, F-PROTantivirus, Spybot-Search & Destroy.
Tempo fa, aprendo le connessioni di rete, in remote ho trovato due icone: una attinente al modem B-Quick con il segno di spunta di predifinito; l'altra con il nome di "connessione predefinita" e con il n° tel (7020102463).
Quest'ultima l'ho eliminata subito anche se, sia prima ke dopo non mi sono mai accorto di malfunzionamenti a parte qualche disconnessione di linea che mi costringeva riavviare il pc.
Qualche giorno fa, leggendo questa discussione a pag. 25, post 487, l'utente matita parlava dello stesso n°, allora ho fatto una ricerca con google ed ho notato ke fa riferimento al sito web "sfondiitaliani.it dove si scaricano sfondi o suonerie, se non ricordo bene; non mi sono mai collegato a questo sito.
Nella stessa pag., consigliavano di entrare nel bowser, >Strumenti>OpzioniInternet>schedaProtezione>SitiAttendibili>Siti, e nella finestrella SitiWeb cancellare la suddetta voce.
Aperta, ho trovato le seguenti voci: Playitalia.com, Sfondissimi.net, Archiviosex.net, Sgrunt.biz, Skymasters.biz; le ho cancellate tutte.
Non so se ho fatto bene, o se ho ottenuto un effetto contrario, fatto stà che alla successiva connessione, mi è apparso un avviso che mi diceva che si stava reindirizzando la linea ad un altro collegamento telefonico.
Preso un pò dal panico, ho chiuso tutto ed ho staccato i cavi del modem.
Non riesco spiegarmi l'accaduto xkè se non sbaglio, con l'ADSL non si viene dirottati in altre linee a pagamento come le 702, ma non si sa mai!!!!
Sapete x favore darmi spiegazioni??
Non ho capito se nella scheda "Siti Web" ci sono le voci attendibili o quelle da tener sotto controllo.
Vi allego il file di log, chiedendovi di analizzarlo, e se al n° 017 dovrebbe apparire l'indirizzo IP client ke risulta nei dettagli scheda modem klikando sui due televisorini, il quale nel mio caso è completamente diverso, essendo un gruppo di 4 cifre, contro le 8 del log.
Vi ringrazio anticipatamente, Valter
---------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11.43.33, on 08/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\FSI\F-Prot\F-Sched.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\FSI\F-Prot\fpavupdm.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\FSI\F-Prot\F-StopW.exe
C:\Documents and Settings\Server Administrator\Desktop\HIJACKTHIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll (disabled by BHODemon)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmi\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Programmi\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094502777032
O17 - HKLM\System\CCS\Services\Tcpip\..\{80A56DA6-6123-4E3C-8009-DC145AE77348}: NameServer = 85.37.17.6 151.99.125.1
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programmi\FSI\F-Prot\fpavupdm.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~1\Serv-U\ServUDaemon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Il tuo log e' pulito. I dns della voce 017 sono di Alice adsl. Fai una scansione con ewido: http://download.ewido.net/ewido-setup.exe

Il tuo log e' pulito. I dns della voce 017 sono di Alice adsl. Fai una scansione con ewido: http://download.ewido.net/ewido-setup.exe
Grazie x la tempestività, :eek: adesso installo ewido e faccio una scansione
ciao :)