HiJackThis - Analisi Log - leggere Regole di Sezione

[juninho85]

Quote:

Originariamente inviato da chevalier

C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe

elimina soltanto questo

[juninho85]

Quote:

Originariamente inviato da SerPaguroSniffa³

.

elimina quanto detto prima ma in modalità provvisoria e con il ripristino configurazione sistema disattivato

[juninho85]

Quote:

Originariamente inviato da Bugs Bunny

mai vista roba del genere:
O1 - Hosts: 205.238.40.2 www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3315.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3317.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com

senza quelle stringhe winmx non si connette....modifica necessaria per farlo girare dopo l'ormai famosa "rettata"

[juninho85]

Quote:

Originariamente inviato da andorra24

.

ne ero certo

[andorra24]

Quote:

Originariamente inviato da juninho85

ne ero certo

[kmarraff]

Salve a tutti, potete dare uno sguardo al mio log, facendolo analizzare mi dà delle voci sospette, mi sapete dare un consiglio?
Grazie anticipatamente

Logfile of HijackThis v1.99.1
Scan saved at 20.20.23, on 12/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmi\ProcessGuard\dcsuserprot.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmi\ProcessGuard\pgaccount.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Free Download Manager\fdm.exe
C:\Programmi\ProcessGuard\procguard.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Programmi\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [kis] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Programmi\ProcessGuard\procguard.exe" -minimize
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: Aggiungi a Kaspersky Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Programmi\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.5.1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1142808716821
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143595777348
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC035EED-05C4-4A74-B96B-0200A0298163}: NameServer = 85.37.17.46 85.38.28.84
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Programmi\ProcessGuard\dcsuserprot.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

[lucadue]

controlla di averlo consentito tu
O8 - Extra context menu item: Aggiungi a Kaspersky Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm

guarda se è un active x utile o se non t serve fixalo
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.ed...vex-2.0.5.1.cab

[kmarraff]

Si una è l'anti-banner del kis ed è stato abilitato da me, l'altro è un activex per scaricare windows vista è un "download manager".
Non capisco questa voce:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC035EED-05C4-4A74-B96B-0200A0298163}: NameServer = 85.37.17.46 85.38.28.84
Non credo sia pericolosa ma vorrei esserne sicuro!!!

[wgator]

Quote:

Originariamente inviato da kmarraff

Non capisco questa voce:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC035EED-05C4-4A74-B96B-0200A0298163}: NameServer = 85.37.17.46 85.38.28.84
Non credo sia pericolosa ma vorrei esserne sicuro!!!

Ciao,

sono i DNS di Telecom, se ti colleghi con Alice o altro abbonamento Telecom Italia è tutto ok

[lucadue]

numero dns del tuo provider internet

[Cheza89]

Quote:

Cheza89 fixa queste voci:

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Programmi\HbTools\Bin\4.7.7.0\HbtOEAddOn.exe
R1 – HKLM\Software\Microsoft\Internet Explorer\Main‚Default_Page_URL = http://desktop.presario.net/scripts/red … 410&ac
R1 – HKLM\Software\Microsoft\Internet Explorer\Main‚Search Bar = http://search.presario.net/scripts/redi … mp;ap=b204
R0 – HKLM\Software\Microsoft\Internet Explorer\Main‚Start Page = http://desktop.presario.net/scripts/red … 410&ac
R0 – HKLM\Software\Microsoft\Internet Explorer\Search‚SearchAssistant = http://resultsmaster.com/SmartOffers/Se … ftPane.htm
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:\Programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 – BHO: My Search BHO – {014DA6C1–189F–421a–88CD–07CFE51CFF10} – C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL
O2 – BHO: MySearch Search Assistant BHO – {04079851–5845–4dea–848C–3ECD647AA554} – C:\Programmi\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 – Toolbar: My Search Bar – {014DA6C9–189F–421a–88CD–07CFE51CFF10} – C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL
O4 – HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 – Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmi\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 – HKLM\..\Run: [WeatherOnTray] C:\Programmi\HbTools\Bin\4.7.7.0\HbtWeatherOnTray.exe
O4 – HKLM\..\Run: [HbTools] C:\Programmi\HbTools\Bin\4.7.7.0\HbtOEAddOn.exe
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.h … zeb01264IT
O9 – Extra button: Yahoo! Messenger – {E5D12C4E–7B4F–11D3–B5C9–0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 – Extra 'Tools' menuitem: Yahoo! Messenger – {E5D12C4E–7B4F–11D3–B5C9–0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O10 – Broken Internet access because of LSP provider 'c:\programmi\newdotnet\newdotnet7_22.dll' missing
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/fu … 8211;2.cab
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540006} (CInstall Class) – http://www.errorguard.com/installation/Install.cab

Fai una scansione con ewido:
http://download.ewido.net/ewido-setup.exe

ok ho fixato quelle voci e fatto la scansione con ewido come mi avevi detto (mi ha trovato 250 file infetti che ho poi cancellato) ma il problema non è risolto perchè explorer non funziona ancora. Non so più che fare...che depression!!!!!!
Ciauuu e grazie cmq

[wgator]

[quote=Cheza89... explorer non funziona ancora. Non so più che fare...che depression!!!!!!
Ciauuu e grazie cmq[/QUOTE]

Ciao,

prova a decomprimere il file allegato e lancialo. Serve per ripristinare I.E.

[kmarraff]

Quote:

Originariamente inviato da wgator

Ciao,

sono i DNS di Telecom, se ti colleghi con Alice o altro abbonamento Telecom Italia è tutto ok

Ti ringrazio wgator una domanda ho visto che hai consigliato di eliminare NoAdware4.0 in questa discussione:http://www.hwupgrade.it/forum/showthread.php?t=1220573
Come mai io lo ho disinstallato perchè mi dava incompatibilità con il kis ma mi sembrava ok!
Grazie.

[wgator]

Quote:

Originariamente inviato da kmarraff

Ti ringrazio wgator una domanda ho visto che hai consigliato di eliminare NoAdware4.0...

Ciao,

bè... le vecchie versioni di NoAdware, oltre ai falsi positivi erano anche un po' sospette, tant'è che le avevano inserite nelle "rogue list" di Spyware Warrior. Ora credo l'abbiano riabilitato un po' ma secondo me si possono usare prodotti più efficienti e affidabili

[Cheza89]

Quote:

Ciao,

prova a decomprimere il file allegato e lancialo. Serve per ripristinare I.E.
Allegati
IEreg.zip (656 Bytes, 0 visite)

Niente da fare...nn funziona nemmeno con qst programma....l'ho lanciato, 2 volte, ma quando apro explorer mi dice "impossibile trovare il server"...
Non so più dove sbattere la testa
Ciauciau

[juninho85]

Quote:

Originariamente inviato da kmarraff

O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

disintalla spyware terminator

[juninho85]

Quote:

Originariamente inviato da Cheza89

Niente da fare...nn funziona nemmeno con qst programma....l'ho lanciato, 2 volte, ma quando apro explorer mi dice "impossibile trovare il server"...
Non so più dove sbattere la testa
Ciauciau

hai provato a scansionare con ewido ?

[Sir Jey]

Ciao a tutti, un amico ha preso un virus che quando apre una pagina web gli si apre un banner porno e non si chiude se non dal task manager per poi riaprirsi. Ho fatto una scansione dei log cosa devo eliminare? Grazie

Logfile of HijackThis v1.99.1
Scan saved at 23.47.07, on 12/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.
00 SP2 (6.00.2900.2180)

(Unable to list running processes)
R0 -
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.
google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,
LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:
\WINDOWS\SYSTEM32\Userinit.exe,,C:\WINDOWS\SERVICES.EXE
O2 - BHO: (no
name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot -
Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32
cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Persistence] C:
\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [oeuai] C:\Documents
and Settings\Francesco\Dati applicazioni\tofareraci\systvmrs.exe
O4 -
HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 -
Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft
Office\Office\OSA9.EXE
O15 - Trusted Zone: www.adslconnection.name
O15
- Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xxx-content.
name
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl
Class) - http://update.microsoft.
com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?
1148497524060
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2B3797A-835B-
405A-9723-9106E1184DC8}: NameServer = 151.99.125.1,151.99.0.100
O18 -
Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:
\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify:
igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: avast! iAVS4
Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown
owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service:
avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service:
avast! Web Scanner - Unknown owner - C:\Programmi\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)

[juninho85]

Quote:

Originariamente inviato da Sir Jey

F2 - REG:system.ini: UserInit=C:
\WINDOWS\SYSTEM32\Userinit.exe,,C:\WINDOWS\SERVICES.EXE
O4 - HKLM\..\Run: [oeuai] C:\Documents
and Settings\Francesco\Dati applicazioni\tofareraci\systvmrs.exe
O4 -
HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O15 - Trusted Zone: www.adslconnection.name
O15
- Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xxx-content.
name

postateli come dio comanda
installati ed esegui ewido da modalità provvisoria,manca la parte più importante del log,quella con i processi in esecuzione.
inoltre leggi quanto scritto qua

[ValterManetta]

Quote:

Originariamente inviato da chry80

ben tornataaaa

QUOTO!!!!