HiJackThis - Analisi Log - leggere Regole di Sezione

[juninho85]

...linkoptimizer ha colpito ancora

[ValterManetta]

Quote:

Originariamente inviato da juninho85

...linkoptimizer ha colpito ancora

---------------------------------------------------------
non so se ti sei rivolto a me, ma ci ho impiegato mezz'ora x caricare su imageshack l'immagine di esplora risorse, ma questa volta il link non funzionava, allora ho dovuto tagliare lo screen una ventina di volte x portarlo alla dimensione inferiore ai 25 KB.

OT c'è nel forum una guida ke insegna come ridurre le dimensioni dei KB. ma ke resti lo stesso grande in risoluzione??? tipo 800 x 600.
grazie!!

[rebelia]

buongiorno a tutti

sto cercando di disinfestare una macchina con wink2; non ho idea di quanto sia aggiornato il so (la macchina non e' mia); sono riuscita a rimuovere buona parte delle schifezze, ma ce n'e' una che sembra immune a tutto

ogni volta che riavvio, crea un file nuovo che pero' riesco agevolmente a cancellare; solo command.exe e asapsprv.dll presenti nella stessa cartella non sono cancellabili cosi' come non lo e' la directory che li contiene, ovviamente; ho provato anche a cancellarlo in modalita' provvisoria, ma non c'e' stato verso; in un thread del forum ho trovato segnalato il programma cureit.exe: volevo sapere se c'erano cose particolari da sapere prima di farlo girare (a parte farlo in modalita' provvisoria, intendo)

ulteriore problema comparso - secondo il proprietario - da poco:

Quote:

errore durante il caricamento di w003eaaf.dll - impossibile trovare il modulo specificato

non ho trovato nulla in rete relativo a questo file

ho fatto la scansione con hijackthis, vi posto il log:

Logfile of HijackThis v1.99.1
Scan saved at 9.51.07, on 22/08/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\U2VyZ2lvIFNpcmFnbmE\command.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\VEXPLITE\viritsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\msjava.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINNT\system32\ctfmon.exe
C:\VEXPLITE\VIRITEXP.EXE
C:\Documents and Settings\Sergio Siragna\Desktop\morena\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe msjava.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,msjava.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sys33] Sys33.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [newname] C:\\nwnmc_2.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_2.exe
O4 - HKLM\..\Run: [ewr7d71d] RUNDLL32.EXE w003eaaf.dll,n 0017d71c0000000a003eaaf
O4 - HKLM\..\RunServices: [sys33] Sys33.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msjava.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [ntdll.dll] ctfmon.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msjava.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: H323TSP - C:\WINNT\system32\e820lifm182a.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\U2VyZ2lvIFNpcmFnbmE\command.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINNT\services.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

grazie a chiunque mi possa dare una mano

[juninho85]

Quote:

Originariamente inviato da ValterManetta

---------------------------------------------------------
non so se ti sei rivolto a me, ma ci ho impiegato mezz'ora x caricare su imageshack l'immagine di esplora risorse, ma questa volta il link non funzionava, allora ho dovuto tagliare lo screen una ventina di volte x portarlo alla dimensione inferiore ai 25 KB.

OT c'è nel forum una guida ke insegna come ridurre le dimensioni dei KB. ma ke resti lo stesso grande in risoluzione??? tipo 800 x 600.
grazie!!

si era riferito a te....per rimuoverlo dovresti aspettare qualche giorno,mi pare che eraser stia buttando giù una guida per eliminarlo

[juninho85]

Quote:

Originariamente inviato da rebelia

C:\WINNT\U2VyZ2lvIFNpcmFnbmE\command.exe
C:\VEXPLITE\viritsvc.exe
C:\VEXPLITE\MONLITE.EXE
C:\VEXPLITE\VIRITEXP.EXE
F2 - REG:system.ini: Shell=Explorer.exe msjava.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,msjava.exe
O4 - HKLM\..\Run: [sys33] Sys33.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [newname] C:\\nwnmc_2.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_2.exe
O4 - HKLM\..\Run: [ewr7d71d] RUNDLL32.EXE w003eaaf.dll,n 0017d71c0000000a003eaaf
O4 - HKLM\..\RunServices: [sys33] Sys33.exe
O20 - Winlogon Notify: H323TSP - C:\WINNT\system32\e820lifm182a.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\U2VyZ2lvIFNpcmFnbmE\command.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

elimina

[ValterManetta]

Quote:

Originariamente inviato da juninho85

si era riferito a te....per rimuoverlo dovresti aspettare qualche giorno,mi pare che eraser stia buttando giù una guida per eliminarlo

--------------------------------------------------------------------------
ho provato leggere le istruzioni nel 3D ufficiale di questo bestiale linkoptimizer
ma mi sono sembrate molto difficili e complicate.
Ho cominciato ad eliminare un centinaio di file collegati, nelle cartelle Temp e Tmp, ma credo sia fatica sprecata se non si fanno tutti i procedimenti in maniera cronologica.
in start>esegui>services.msc ho trovato due servizi ke nella colonna "connessione" riportavano il nome dei due account: ho provato disabilitarli ma mi è stato impedito l'accesso.
Speriamo ke l'ottimo MOD. Eraser trovi presto una soluzione semplificata, xkè mi sembra di aver letto un'art. in HWup ke si stia verificando un'infezione molto pericolosa a livello mondiale.
bye

[rebelia]

Quote:

Originariamente inviato da juninho85

elimina

ehm... virit e' un programma e anche piuttosto efficace; per 30 giorni di demo ti permette di eliminare direttamente i files infetti, mentre in seguito ti permette solo di individuarli, ma e' comunque molto utile imho e preferirei non rimuoverlo

questo invece:

Quote:

C:\WINNT\U2VyZ2lvIFNpcmFnbmE\command.exe

e' il file che mi crea casini e che *non* riesco a rimuovere in nessun modo, neanche con hijackthis

domanda: qual'e' la peggior cosa che puo' succedere se io riavvio usando un dischetto di win98 e cancello i files e la directory a mano?

[Kebold]

Salve, come ultimo tentivo di rimettere in piedi la mia connessione internet dopo averle provate tutte, mi limito a postare il mio log di hijackthis.
Spero che qualcuno mi possa aiutare:

Logfile of HijackThis v1.99.1
Scan saved at 15.20.22, on 22/08/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Programmi\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\devldr32.exe
C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Creative\SBLive2k\RemoteCenter\Rc\RcMan.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
E:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\Creative\SBLive2k\RemoteCenter\Rc\OSDMenu.EXE
C:\U.S.R.TurboGWLAN\USRWLANG.exe
C:\Programmi\Creative\SBLive2k\RemoteCenter\Rc\EAX.exe
C:\Programmi\Creative\SBLive2k\RemoteCenter\Center\RCenter.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\system32\LVComsX.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\eMule\emule.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\MDM.EXE
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.484\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eurocom.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteCenter] C:\Programmi\Creative\SBLive2k\RemoteCenter\Rc\RcMan.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Programmi\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\U.S.R.TurboGWLAN\USRWLANG.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1503E454-9EA8-4519-9293-FF4FC3A5E855}: NameServer = 192.168.1.254,212.216.112.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{1503E454-9EA8-4519-9293-FF4FC3A5E855}: NameServer = 192.168.1.254,212.216.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{1503E454-9EA8-4519-9293-FF4FC3A5E855}: NameServer = 192.168.1.254,212.216.112.112
O18 - Protocol: bw+0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

[halduemilauno]

Quote:

Originariamente inviato da Kebold

Salve, come ultimo tentivo di rimettere in piedi la mia connessione internet dopo averle provate tutte, mi limito a postare il mio log di hijackthis.
Spero che qualcuno mi possa aiutare:

Logfile of HijackThis v1.99.1
Scan saved at 15.20.22, on 22/08/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Programmi\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\devldr32.exe
C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Creative\SBLive2k\RemoteCenter\Rc\RcMan.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
E:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\Creative\SBLive2k\RemoteCenter\Rc\OSDMenu.EXE
C:\U.S.R.TurboGWLAN\USRWLANG.exe
C:\Programmi\Creative\SBLive2k\RemoteCenter\Rc\EAX.exe
C:\Programmi\Creative\SBLive2k\RemoteCenter\Center\RCenter.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\system32\LVComsX.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\eMule\emule.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\MDM.EXE
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.484\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eurocom.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteCenter] C:\Programmi\Creative\SBLive2k\RemoteCenter\Rc\RcMan.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Programmi\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\U.S.R.TurboGWLAN\USRWLANG.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1503E454-9EA8-4519-9293-FF4FC3A5E855}: NameServer = 192.168.1.254,212.216.112.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{1503E454-9EA8-4519-9293-FF4FC3A5E855}: NameServer = 192.168.1.254,212.216.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{1503E454-9EA8-4519-9293-FF4FC3A5E855}: NameServer = 192.168.1.254,212.216.112.112
O18 - Protocol: bw+0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3F0F9238-7B96-46FF-BC05-099050480F09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

butta tutti i 018. e riduci i processi.

[rebelia]

Quote:

Originariamente inviato da rebelia

ehm... virit e' un programma e anche piuttosto efficace; per 30 giorni di demo ti permette di eliminare direttamente i files infetti, mentre in seguito ti permette solo di individuarli, ma e' comunque molto utile imho e preferirei non rimuoverlo

questo invece:

e' il file che mi crea casini e che *non* riesco a rimuovere in nessun modo, neanche con hijackthis

domanda: qual'e' la peggior cosa che puo' succedere se io riavvio usando un dischetto di win98 e cancello i files e la directory a mano?

per i posteri: ho cancellato il cancellabile, vuotato cestini e altro
ho riavviato in modalita' provvisoria
ho fatto partire services.msc da start -> esegui
ho fatto tastodx -> proprieta' su ogni servizio presente
ho trovato il colpevole e l'ho disattivato
sono tornata in esplora risorse e l'ho cancellato
altro giretto con virit e look2me destroyer
cancellato di nuovo tutto il cancellabile
riavviato in modalita' normale
nuova scansione plurima per sicurezza, ma tutto sembra essersi risolto

grazie a tutti, alla prossima

[Macinastoned]

sembra che nessuno abbia dato un occhiata al mio log vi chiedo per cortesia se notate qualkosa di strano...... il mio problema è che a volte programmi come explorer o servicelyaer utilizzano anche 400.000kb anche nn essendo da me utilizzati scaldandomi cosi il processore e ho paura di lasciare acceso il comp e friggere la cpu.....

Logfile of HijackThis v1.99.1
Scan saved at 21.16.23, on 21/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ASUS\PC Probe II\Probe2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\progra~1\steam\steam.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\FBM Software\ZeroSpyware\ZeroSpyware.exe
C:\Programmi\Winamp\winamp.exe
C:\Programmi\Eset\nod32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mattia\Documenti\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programmi\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Programmi\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [ZSScheduler] rundll32.exe "C:\PROGRA~1\FBMSOF~1\ZEROSP~1\zsscheduler.dll", runScheduler C:\PROGRA~1\FBMSOF~1\ZEROSP~1\
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://macinastoned.spaces.msn.com/...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...can8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-euro...ivex/hcImpl.cab
O16 - DPF: {71D444A8-3642-4727-A951-C9AE826BFB84} - http://td8eau9td.com/0b22c0cf/50310/1/xp/FreeAccess.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84AAA03B-D8BD-4AA3-BDA0-5DB3B1774A97}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA675FAE-B4F9-4C5F-92BA-9B17A73C5020}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: zsnotify - C:\WINDOWS\SYSTEM32\zsnotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapfkinntap - Macrovision Corporation - (no file)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[manganese]

Quote:

Originariamente inviato da rebelia

per i posteri: ho cancellato il cancellabile, vuotato cestini e altro
ho riavviato in modalita' provvisoria
ho fatto partire services.msc da start -> esegui
ho fatto tastodx -> proprieta' su ogni servizio presente
ho trovato il colpevole e l'ho disattivato
sono tornata in esplora risorse e l'ho cancellato
cut

Come hai fatto a cancellare un servizio da esplora risorse?

[rebelia]

Quote:

Originariamente inviato da manganese

Come hai fatto a cancellare un servizio da esplora risorse?

l'ho prima disabilitato dal pannello di gestione dei servizi: a quel punto l'ho potuto cancellare normalmente

nel pannello dei servizi ci sono arrivata in modalita' provvisoria facendo
start -> esegui -> services.msc

[juninho85]

Quote:

Originariamente inviato da Macinastoned

qui di seguito vi posto il mio log...... il mio problema è che a volte programmi come explorer o servicelyaer utilizzano anche 400.000kb anche nn essendo da me utilizzati scaldandomi cosi il processore e ho paura di lasciare acceso il comp e friggere la cpu..... voi notate qualcosa di strano?

explorer NON è il programma che ti permette di navigare in internet(che si chiama iexplore),ma quello che ti carica l'interfaccia di windows

[manganese]

Ho paura che i problemi di Macinastoned siano ben peggiori
O16 - DPF: {71D444A8-3642-4727-A951-C9AE826BFB84} -http://td8eau9td.com/0b22c0cf/50310/1/xp/FreeAccess.ocx

vedi
http://www.malwarelist.org/startup/scheda.asp?num=3153

[Macinastoned]

bella li mi sono beccato uno malware e mo mi devo dare da fare a eliminarlo, mi puzzava infatti che avessi dei processi che skizzavano alle stelle senza usarli vedi iexplorer...

[ValterManetta]

Quote:

Originariamente inviato da ValterManetta

--------------------------------------------------------------------------
ho provato leggere le istruzioni nel 3D ufficiale di questo bestiale linkoptimizer
ma mi sono sembrate molto difficili e complicate.
Ho cominciato ad eliminare un centinaio di file collegati, nelle cartelle Temp e Tmp, ma credo sia fatica sprecata se non si fanno tutti i procedimenti in maniera cronologica.
in start>esegui>services.msc ho trovato due servizi ke nella colonna "connessione" riportavano il nome dei due account: ho provato disabilitarli ma mi è stato impedito l'accesso.
Speriamo ke l'ottimo MOD. Eraser trovi presto una soluzione semplificata, xkè mi sembra di aver letto un'art. in HWup ke si stia verificando un'infezione molto pericolosa a livello mondiale.
bye

--------------------------------------------------
Dopo aver trascorso l'intera giornata di ieri a leggermi i 3D relativi alla sicurezza, xkè qlc casino l'avevo fatto, e aspettando sempre ke MOD. ERASER posti una sua soluzione definitiva, con l'aiuto di lucas84, bReaKDoWn e un tool di Nod, devo aver debellato i due account fantasma ke mi apparivano sempre!!!
se avete strani sintomi leggetevi questo 3D:
http://www.hwupgrade.it/forum/showth...1254788&page=3

[shark-fr]

ragazzi ho un problema
ogni 7-8 ore mi si bloccano i browser e emule...mi funziona solo messenger....i browser sembrano ke siano sconnessi...mentre il pc è collegato....succede ogni 7-8 ore ....fisso....mi hanno consigliato di postare qui il mio file log di hijackthis


------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 12.39.50, on 24/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Programmi\Java\jre1.5.0_03\bin\jucheck.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\FirefoxPreloader\FirefoxPreloader.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\File comuni\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programmi\eMule\eMule.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\si.ma\Impostazioni locali\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Firefox Preloader.lnk = C:\Programmi\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{321A57C4-8335-4200-B03D-DAF848F53382}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{321A57C4-8335-4200-B03D-DAF848F53382}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programmi\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

[GiulioM]

Ciao
Mi aggiungo ai log

Ci sono 4 link che nn vanno bene, sono i primi 2, il 17 e il 23 con services ma anche se li elimino, quando riavvio dopo un po' me li ritrovo

Logfile of HijackThis v1.99.1
Scan saved at 16.46.30, on 24/08/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\ASUS\WLAN Card Utilities\Center.exe
C:\WINNT\system32\RunDLL32.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Miranda IM\miranda32.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\msiexec.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
D:\HackScan\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {AF35C38A-0357-9DB6-E8BD-BB20B49B12BB} - C:\WINNT\wlrab1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Control Center] C:\Programmi\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download using Download &Express - file://D:\Download Express\Add_Url.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1128447152027
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6701D5A5-BC37-4063-805E-7A9B3BB91AFA}: NameServer = 85.37.17.41 85.38.28.83
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LogQnh - Unknown owner - \\?\C:\Programmi\File comuni\System\com8.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: P1ug and P1ay (P1ugP1ay) - Unknown owner - C:\WINNT\system\services.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[halduemilauno]

Quote:

Originariamente inviato da GiulioM

Ciao
Mi aggiungo ai log

Ci sono 4 link che nn vanno bene, sono i primi 2, il 17 e il 23 con services ma anche se li elimino, quando riavvio dopo un po' me li ritrovo

Logfile of HijackThis v1.99.1
Scan saved at 16.46.30, on 24/08/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\ASUS\WLAN Card Utilities\Center.exe
C:\WINNT\system32\RunDLL32.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Miranda IM\miranda32.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\msiexec.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
D:\HackScan\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {AF35C38A-0357-9DB6-E8BD-BB20B49B12BB} - C:\WINNT\wlrab1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Control Center] C:\Programmi\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download using Download &Express - file://D:\Download Express\Add_Url.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1128447152027
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6701D5A5-BC37-4063-805E-7A9B3BB91AFA}: NameServer = 85.37.17.41 85.38.28.83
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LogQnh - Unknown owner - \\?\C:\Programmi\File comuni\System\com8.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: P1ug and P1ay (P1ugP1ay) - Unknown owner - C:\WINNT\system\services.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

l'r3 lo 02 e questo.
O23 - Service: P1ug and P1ay (P1ugP1ay) - Unknown owner - C:\WINNT\system\services.exe (file missing)
buttali.