xdos.exe

chry80 · 24-03-2006, 23:16

come faccio ad eliminarlo??? ho già provato a toglierlo ma lui riappare.....e poi i vari antivirus e spyware e ccleaner non lo riconoscono......

aiutatemi

....anche perchè non è il mio computer ma è quello della mia ragazza.....e mi sta facendo sclerare.......

chry80 · 24-03-2006, 23:19

..........sul firewall mi dice che si chiama project1 l'xdos.exe........
praticamente non mi fa vedere i siti.........

eraser · 24-03-2006, 23:24

http://www.hwupgrade.it/forum/showthread.php?t=623820

andorra24 · 24-03-2006, 23:26

Quote:

Originariamente inviato da chry80

come faccio ad eliminarlo??? ho già provato a toglierlo ma lui riappare.....e poi i vari antivirus e spyware e ccleaner non lo riconoscono......

aiutatemi

....anche perchè non è il mio computer ma è quello della mia ragazza.....e mi sta facendo sclerare.......

Hai gia' provato a fare una scansione con ewido?
http://download.ewido.net/ewido-setup.exe

Se non risolvi nemmeno con ewido cerca di eliminarlo con killbox:
http://www.bleepingcomputer.com/files/killbox.php

chry80 · 24-03-2006, 23:35

grazie eraser e andorra

........ma come spesso accade.....quando porti la macchina che ha un problema dal meccanico e quando sei li non fa più il rumore ti girano le pallottole e infatti.......il problema che avevo non c'è più.....se si ripresenta faccio divertire eraser e provo con il 2 link che mi hai dato andorra.....ewido non me l'ha trovato come antivir7 come S&D....e Ccleaner.....
ho solo modificato il firewall bloccando il server internet di service.exe.....magari ho fatto centro.......

chry80 · 24-03-2006, 23:55

niente da fare......è riapparso!!

andorra24 · 25-03-2006, 00:07

Quote:

Originariamente inviato da chry80

niente da fare......è riapparso!!

Se dici che ewido non te l'ha trovato allora cerca di eliminarlo con killbox:
http://www.bleepingcomputer.com/files/killbox.php
oppure con unlocker:http://www.ilsoftware.it/querydl.asp?ID=885

Se anche loro dovessero fallire allora fai una scansione con bitdefender free:
http://www.bitdefender.com/site/Down...adFile/340/EN/

eraser · 25-03-2006, 00:31

se dici che gli antivirus non lo riconoscono sollecito la richiesta di invio del file prima della rimozione

chry80 · 25-03-2006, 00:51

neanche con bitdefender

............

chry80 · 25-03-2006, 00:59

e-mail mandata eraser

....
devo disconnettermi ogni 2 minuti.....

eraser · 25-03-2006, 01:15

uff che schifezza che è

spettami 10 minuti che ti scrivo tutto quello che devi fare per rimuoverlo

eraser · 25-03-2006, 02:02

dunque

1) scarica QUESTO TOOL e lancialo. Lancia la scansione e clicca sempre su "yes to all" per rimuovere i virus

2) riavvia il sistema

3) scarica QUESTO TOOL e lancialo.

4) Fai tasto destro e poi copia sul riquadro qua sotto che contiene dei percorsi di files DOPO aver selezionato ovviamente tutte le righe

Codice:

C:\WINDOWS\DH.dll
C:\programmi\webHancer\programs\whiehlpr.dll
C:\programmi\webHancer\Programs\whagent.exe
C:\programmi\webHancer\Programs\whagent.exe
C:\PROGRA~1\FILECO~1\krwm\krwmm.exe
C:\WINDOWS\Installer.exe

5) Ritorna al programma di prima e clicca su FILE e poi su Paste from clipboard. sulla casella "Full Path of File to delete" ti compariranno tutti i files del riquadro precedente.

6) Clicca ora su "Delete on reboot" e spunta la voce "Unregister .dll before deleting". Clicca infine sul pulsante a forma di X bianca con sfondo rosso. Il programma ti cheiderà di riavviare il pc.

7) Riavviato il pc fai un log con HiJackThis e postalo qui. Gran parte delle robacce le hai tolte ma ancora non hai finito e da HiJackThis (e altri programmi da utilizzare) ci sarà da fixare.

Ora me ne vado a nanna che sono anche le 3 di notte - straordinari anche oggi

Ciao

chry80 · 25-03-2006, 10:41

ecco i log

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\System32\dslagent.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0410/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSN Checker] msnchecker.exe
O4 - HKLM\..\Run: [Microsoft SDKb] mswinsdl.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Programmi\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe
O4 - HKLM\..\RunServices: [Microsoft SDKb] mswinsdl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSN Checker] msnchecker.exe
O4 - HKCU\..\Run: [Microsoft SDKb] mswinsdl.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1454fa154435b07...dxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130584120468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143238245093
O17 - HKLM\System\CCS\Services\Tcpip\..\{0334E19E-0C29-46EE-9F6B-F147B91879F4}: NameServer = 192.168.1.210,0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1B60210-D7FD-408F-BC1C-DA8BFDEB49FE}: NameServer = 85.37.17.41 85.38.28.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{0334E19E-0C29-46EE-9F6B-F147B91879F4}: NameServer = 192.168.1.210,0.0.0.0
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL instant messenger 7.0 (aol7.0) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe (file missing)
O23 - Service: MsLX32 - Unknown owner - C:\WINDOWS\MsLX32.exe (file missing)
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)

come virus avevo services.exe win32hllw.mybot

ti ringrazio già per avermi aiutato......ieri sera non ce la facevo più...dopo 3 ore che cercavo di eliminare il problema

chry80 · 25-03-2006, 10:44

l'unica cosa è che con killbox non mi metteva tutti file insieme....ma ho dovuto farlo uno per volta.....gli ultimi 3 non mi faceva più spuntare la casella Unregister .dll before deleting"......e non è apparso il messaggio di riavviare....

andorra24 · 25-03-2006, 10:49

Fixa:

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [MSN Checker] msnchecker.exe
O4 - HKLM\..\Run: [Microsoft SDKb] mswinsdl.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe
O4 - HKLM\..\RunServices: [Microsoft SDKb] mswinsdl.exe
O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1454fa154435b0...RdxIE601_it.cab
O23 - Service: AOL instant messenger 7.0 (aol7.0) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe (file missing)
O23 - Service: MsLX32 - Unknown owner - C:\WINDOWS\MsLX32.exe (file missing)
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)
O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)

chry80 · 25-03-2006, 10:52

cosa devo fare? faxare cosa vuol dire?
mi sento piccolo piccolo

andorra24 · 25-03-2006, 10:54

Quote:

Originariamente inviato da chry80

cosa devo fare? faxare cosa vuol dire?
mi sento piccolo piccolo

Metti la spunta nella casellina accanto alle voci che ti ho indicato sopra e dopo aver chiuso il browser e ogni altra applicazione aperta premi ''fix checked''.

chry80 · 25-03-2006, 11:10

scusa ma ci ho messo un po

ecco i log aggiornati

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\System32\dslagent.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0410/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Programmi\Unlocker\UnlockerAssistant.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft SDKb] mswinsdl.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130584120468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143238245093
O17 - HKLM\System\CCS\Services\Tcpip\..\{0334E19E-0C29-46EE-9F6B-F147B91879F4}: NameServer = 192.168.1.210,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{0334E19E-0C29-46EE-9F6B-F147B91879F4}: NameServer = 192.168.1.210,0.0.0.0
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL instant messenger 7.0 (aol7.0) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)

andorra24 · 25-03-2006, 11:15

Fixa queste:

O4 - HKCU\..\Run: [Microsoft SDKb] mswinsdl.exe
O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe
O23 - Service: AOL instant messenger 7.0 (aol7.0) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)

chry80 · 25-03-2006, 11:23

riaggiornato

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\System32\dslagent.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0410/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Programmi\Unlocker\UnlockerAssistant.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130584120468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143238245093
O17 - HKLM\System\CCS\Services\Tcpip\..\{0334E19E-0C29-46EE-9F6B-F147B91879F4}: NameServer = 192.168.1.210,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{0334E19E-0C29-46EE-9F6B-F147B91879F4}: NameServer = 192.168.1.210,0.0.0.0
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL instant messenger 7.0 (aol7.0) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)

non me li elimina alcuni

24-03-2006, 23:16	#1
chry80 Senior Member Iscritto dal: Mar 2006 Messaggi: 572	xdos.exe come faccio ad eliminarlo??? ho già provato a toglierlo ma lui riappare.....e poi i vari antivirus e spyware e ccleaner non lo riconoscono...... aiutatemi ....anche perchè non è il mio computer ma è quello della mia ragazza.....e mi sta facendo sclerare.......

24-03-2006, 23:24	#3
eraser Senior Member Iscritto dal: Nov 2001 Città: Bastia Umbra (PG) Messaggi: 6395	http://www.hwupgrade.it/forum/showthread.php?t=623820 __________________ :: Il miglior argomento contro la democrazia è una conversazione di cinque minuti con l'elettore medio ::

25-03-2006, 00:31	#8
eraser Senior Member Iscritto dal: Nov 2001 Città: Bastia Umbra (PG) Messaggi: 6395	se dici che gli antivirus non lo riconoscono sollecito la richiesta di invio del file prima della rimozione __________________ :: Il miglior argomento contro la democrazia è una conversazione di cinque minuti con l'elettore medio ::

25-03-2006, 01:15	#11
eraser Senior Member Iscritto dal: Nov 2001 Città: Bastia Umbra (PG) Messaggi: 6395	uff che schifezza che è spettami 10 minuti che ti scrivo tutto quello che devi fare per rimuoverlo __________________ :: Il miglior argomento contro la democrazia è una conversazione di cinque minuti con l'elettore medio ::

25-03-2006, 02:02	#12
eraser Senior Member Iscritto dal: Nov 2001 Città: Bastia Umbra (PG) Messaggi: 6395	dunque 1) scarica QUESTO TOOL e lancialo. Lancia la scansione e clicca sempre su "yes to all" per rimuovere i virus 2) riavvia il sistema 3) scarica QUESTO TOOL e lancialo. 4) Fai tasto destro e poi copia sul riquadro qua sotto che contiene dei percorsi di files DOPO aver selezionato ovviamente tutte le righe Codice: C:\WINDOWS\DH.dll C:\programmi\webHancer\programs\whiehlpr.dll C:\programmi\webHancer\Programs\whagent.exe C:\programmi\webHancer\Programs\whagent.exe C:\PROGRA~1\FILECO~1\krwm\krwmm.exe C:\WINDOWS\Installer.exe 5) Ritorna al programma di prima e clicca su FILE e poi su Paste from clipboard. sulla casella "Full Path of File to delete" ti compariranno tutti i files del riquadro precedente. 6) Clicca ora su "Delete on reboot" e spunta la voce "Unregister .dll before deleting". Clicca infine sul pulsante a forma di X bianca con sfondo rosso. Il programma ti cheiderà di riavviare il pc. 7) Riavviato il pc fai un log con HiJackThis e postalo qui. Gran parte delle robacce le hai tolte ma ancora non hai finito e da HiJackThis (e altri programmi da utilizzare) ci sarà da fixare. Ora me ne vado a nanna che sono anche le 3 di notte - straordinari anche oggi Ciao __________________ :: Il miglior argomento contro la democrazia è una conversazione di cinque minuti con l'elettore medio :: Ultima modifica di eraser : 25-03-2006 alle 02:19.

24-03-2006, 23:19	#2
chry80 Senior Member Iscritto dal: Mar 2006 Messaggi: 572	..........sul firewall mi dice che si chiama project1 l'xdos.exe........ praticamente non mi fa vedere i siti.........

24-03-2006, 23:35	#5
chry80 Senior Member Iscritto dal: Mar 2006 Messaggi: 572	grazie eraser e andorra ........ma come spesso accade.....quando porti la macchina che ha un problema dal meccanico e quando sei li non fa più il rumore ti girano le pallottole e infatti.......il problema che avevo non c'è più.....se si ripresenta faccio divertire eraser e provo con il 2 link che mi hai dato andorra.....ewido non me l'ha trovato come antivir7 come S&D....e Ccleaner..... ho solo modificato il firewall bloccando il server internet di service.exe.....magari ho fatto centro.......

24-03-2006, 23:55	#6
chry80 Senior Member Iscritto dal: Mar 2006 Messaggi: 572	niente da fare......è riapparso!!

25-03-2006, 00:51	#9
chry80 Senior Member Iscritto dal: Mar 2006 Messaggi: 572	neanche con bitdefender ............

25-03-2006, 00:59	#10
chry80 Senior Member Iscritto dal: Mar 2006 Messaggi: 572	e-mail mandata eraser .... devo disconnettermi ogni 2 minuti.....

25-03-2006, 10:41	#13
chry80 Senior Member Iscritto dal: Mar 2006 Messaggi: 572	ecco i log Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\Programmi\ewido anti-malware\ewidoguard.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\IPM\Adsl\DataWay\dslstat.exe C:\WINDOWS\System32\dslagent.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\Unlocker\UnlockerAssistant.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\wuauclt.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\WinZip\winzip32.exe C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0410/bl7.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MSN Checker] msnchecker.exe O4 - HKLM\..\Run: [Microsoft SDKb] mswinsdl.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [UnlockerAssistant] C:\Programmi\Unlocker\UnlockerAssistant.exe O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe O4 - HKLM\..\RunServices: [Microsoft SDKb] mswinsdl.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MSN Checker] msnchecker.exe O4 - HKCU\..\Run: [Microsoft SDKb] mswinsdl.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1454fa154435b07...dxIE601_it.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130584120468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143238245093 O17 - HKLM\System\CCS\Services\Tcpip\..\{0334E19E-0C29-46EE-9F6B-F147B91879F4}: NameServer = 192.168.1.210,0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\..\{C1B60210-D7FD-408F-BC1C-DA8BFDEB49FE}: NameServer = 85.37.17.41 85.38.28.83 O17 - HKLM\System\CS1\Services\Tcpip\..\{0334E19E-0C29-46EE-9F6B-F147B91879F4}: NameServer = 192.168.1.210,0.0.0.0 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL instant messenger 7.0 (aol7.0) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing) O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing) O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe (file missing) O23 - Service: MsLX32 - Unknown owner - C:\WINDOWS\MsLX32.exe (file missing) O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe (file missing) O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing) come virus avevo services.exe win32hllw.mybot ti ringrazio già per avermi aiutato......ieri sera non ce la facevo più...dopo 3 ore che cercavo di eliminare il problema

25-03-2006, 10:44	#14
chry80 Senior Member Iscritto dal: Mar 2006 Messaggi: 572	l'unica cosa è che con killbox non mi metteva tutti file insieme....ma ho dovuto farlo uno per volta.....gli ultimi 3 non mi faceva più spuntare la casella Unregister .dll before deleting"......e non è apparso il messaggio di riavviare....

25-03-2006, 10:49	#15
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa: O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file) O4 - HKLM\..\Run: [MSN Checker] msnchecker.exe O4 - HKLM\..\Run: [Microsoft SDKb] mswinsdl.exe O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe O4 - HKLM\..\RunServices: [Microsoft SDKb] mswinsdl.exe O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1454fa154435b0...RdxIE601_it.cab O23 - Service: AOL instant messenger 7.0 (aol7.0) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing) O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing) O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe (file missing) O23 - Service: MsLX32 - Unknown owner - C:\WINDOWS\MsLX32.exe (file missing) O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing) O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe (file missing) O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing) Ultima modifica di andorra24 : 25-03-2006 alle 10:52.

25-03-2006, 10:52	#16
chry80 Senior Member Iscritto dal: Mar 2006 Messaggi: 572	cosa devo fare? faxare cosa vuol dire? mi sento piccolo piccolo

25-03-2006, 11:10	#18
chry80 Senior Member Iscritto dal: Mar 2006 Messaggi: 572	scusa ma ci ho messo un po ecco i log aggiornati Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\Programmi\ewido anti-malware\ewidoguard.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\IPM\Adsl\DataWay\dslstat.exe C:\WINDOWS\System32\dslagent.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Programmi\Unlocker\UnlockerAssistant.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\WinZip\winzip32.exe C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0410/bl7.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [UnlockerAssistant] C:\Programmi\Unlocker\UnlockerAssistant.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft SDKb] mswinsdl.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130584120468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143238245093 O17 - HKLM\System\CCS\Services\Tcpip\..\{0334E19E-0C29-46EE-9F6B-F147B91879F4}: NameServer = 192.168.1.210,0.0.0.0 O17 - HKLM\System\CS1\Services\Tcpip\..\{0334E19E-0C29-46EE-9F6B-F147B91879F4}: NameServer = 192.168.1.210,0.0.0.0 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL instant messenger 7.0 (aol7.0) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing) O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe (file missing) O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)

25-03-2006, 11:15	#19
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa queste: O4 - HKCU\..\Run: [Microsoft SDKb] mswinsdl.exe O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe O23 - Service: AOL instant messenger 7.0 (aol7.0) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing) O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing) O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe (file missing) O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)

25-03-2006, 11:23	#20
chry80 Senior Member Iscritto dal: Mar 2006 Messaggi: 572	riaggiornato Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\Programmi\ewido anti-malware\ewidoguard.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\IPM\Adsl\DataWay\dslstat.exe C:\WINDOWS\System32\dslagent.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Programmi\Unlocker\UnlockerAssistant.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0410/bl7.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [UnlockerAssistant] C:\Programmi\Unlocker\UnlockerAssistant.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130584120468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143238245093 O17 - HKLM\System\CCS\Services\Tcpip\..\{0334E19E-0C29-46EE-9F6B-F147B91879F4}: NameServer = 192.168.1.210,0.0.0.0 O17 - HKLM\System\CS1\Services\Tcpip\..\{0334E19E-0C29-46EE-9F6B-F147B91879F4}: NameServer = 192.168.1.210,0.0.0.0 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL instant messenger 7.0 (aol7.0) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing) O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe (file missing) O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing) non me li elimina alcuni

Strumenti
Mostra una versione stampabile Invia questa pagina per email