Dialer

johnnyglam · 09-03-2007, 14:04

Ho preso un fastidioso dialer che nn riesco a rimuovere del tutto. Ho Windows Xp, linea adsl. Il dialer si presenta creandomi un'icona sul desktop e si va a stabilire in temp e in windows/prefetch sempre con nomi diversi. Usando SD, Adware lo si rimuove, solo a volte... Ma puntualmente ricompare chiudendomi la connessione ad Alice. Qualcuno può essermi d'aiuto... Inizio a disperare

KingOfTheDark · 09-03-2007, 14:25

pprova a guardare inquesta discussione... si parla dello stesso problema...e anke li l'adsl è alice.. (anke se non + scritto)

johnnyglam · 09-03-2007, 14:36

grazie mille, stavo proprio leggendo quella discussione. Forse si ripresentava perchè lo eliminavo da mod. provvisoria senza disattivare il ripristino del sistema.

johnnyglam · 09-03-2007, 21:41

Ho installato anche a-squared antidialer, rimosso tutto in mod. provvisoria ma continua a tornare questo dialer... Con l'unica eccezione che avendo sempre l'antidialer attivo non mi fa disconnettere.
Se posto il log eseguito con Hijack This mi potete essere d'aiuto? Grazie mille

FOXYLADY · 09-03-2007, 21:44

Posta pure il log che gli diamo un occhiata

johnnyglam · 09-03-2007, 21:49

Grazie mille, l'ho appena effettuato ( ero connesso ad Internet, non so se andava bene... )
Tra l'altro... questo dialer, mi crea nella cronologia i link a pagine non aperte in quando fermate dall'antidialer ... e indicanti ovviamente siti a pagamento.

Logfile of HijackThis v1.99.1
Scan saved at 21.37.03, on 09/03/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\uTorrent\utorrent.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\johnny\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: JT's Blocks - http://download2.games.yahoo.com/gam...s/y/blt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/gam...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Fleet - http://download2.games.yahoo.com/gam.../y/fltt3_x.cab
O16 - DPF: Yahoo! Go - http://download2.games.yahoo.com/gam...ts/y/gt2_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/gam...ts/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/gam...ts/y/tt5_x.cab
O16 - DPF: Yahoo! MahJong - http://download2.games.yahoo.com/gam...ts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download2.games.yahoo.com/gam.../y/mjst4_x.cab
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/gam...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/poti_x.cab
O16 - DPF: Yahoo! Scopa - http://download.games.yahoo.com/game...s/y/sct5_x.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...nner371420.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CD50192-59F0-4A86-974F-2AC1485A1DAD}: NameServer = 212.216.112.112,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAE92F21-4922-4624-97B8-E08F8A209496}: NameServer = 85.37.17.8 85.38.28.73
O18 - Protocol: bw+0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {7E05F864-4331-432A-B531-37A1382D9D62} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Programmi\Dantz\Retrospect\retrorun.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

FOXYLADY · 09-03-2007, 22:00

Dal log che hai postato non si nota nessuna anomalia, è pulito....

Però tu hai una versione veramente obsoleta di windows xp, è anche possibile che i problemi siano dovuti a questo.....
Non riesci ad aggiornare il tuo sistema operativo al servicepack 2?

johnnyglam · 09-03-2007, 22:05

Innanzitutto grazie per la velocità.... Ehm non ne sono sicuro

Sicuramente non posso fare l'update...
Ma com'è possibile che mi si creino sti maledetti dialer se non ho voci infette

FOXYLADY · 09-03-2007, 22:14

Magari dico una minchiata

, ma non escluderei la possibilità che sfruttino bug del sistema operativo non patchato....

Prova a scaricare l'sp2 da qui
http://www.ilsoftware.it/querydl.asp?ID=627
e ad installarlo.
Prova anche a fare qualche scansione con questi software (se non li hai già provati).

http://www.ewido.net/en/download/
http://www.superantispyware.com/

johnnyglam · 10-03-2007, 18:24

Ho formattato in quanto il dialer è andato ad infettare tutti i files con estensione bak. Il dialer è andato via ma continuo ad avere problemi di trojan nel sys 32 di windows.... Posto di nuovo il log appena effettuato, spero di avere un aiuto.
La dll sospetta ed invisibile con Kill box è ssqomjk.dll ........ ma penso nn sia il solo problema

Logfile of HijackThis v1.99.1
Scan saved at 18.20.51, on 10/03/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Johnny\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {F57D8DBE-5520-46F3-8A0A-484F4E6F8F71} - C:\WINDOWS\system32\ssqomjk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD22EA3-3B18-4ECC-BE1C-FCFDD4B26E1F}: NameServer = 85.37.17.8 85.38.28.73
O20 - Winlogon Notify: ssqomjk - C:\WINDOWS\SYSTEM32\ssqomjk.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

KingOfTheDark · 10-03-2007, 18:30

Quote:

Originariamente inviato da johnnyglam

La dll sospetta ed invisibile con Kill box è ssqomjk.dll ........ ma penso nn sia il solo problema

non ho capito eesattamente cosa hai fatto cmq se quella dll è infetta allora fixa qst...
O2 - BHO: (no name) - {F57D8DBE-5520-46F3-8A0A-484F4E6F8F71} - C:\WINDOWS\system32\ssqomjk.dll

O20 - Winlogon Notify: ssqomjk - C:\WINDOWS\SYSTEM32\ssqomjk.dll

johnnyglam · 11-03-2007, 13:19

Ho provato a fixarla, ad eliminarla anche da mod. provv. disabilitando il ripristino ma mi si ripresenta sempre. Vorrei solo capire se questa ssqomjk.dll può creare casini e quindi devo eliminarla oppure posso tenerla. Riallego un mio log aggiornato per capire anche se ho altri problemi.
Tra l'altro, ogni volta mi ricollego ad Internet dopo poco avg trova questi trojan che metto in vault ed elimino... ma ad ogni connessione ricompaiono:

system 32\smcs.exe trojan horse IRC\Backdoor.SdBot2.VXD

TROJAN HORSE LOOP AX C:doc and sett\imp. locali\temp.internet file\Content.Ie5\SXE305A7\lo1 ( questo si ripresenta SEMPRE )

Poi un altro consiglio, ho eseguito il download del SP2 ( Grazie ), per installarlo devo eseguire procedimenti o accorgimenti particolari?

Grazie ancora per l'aiuto

Logfile of HijackThis v1.99.1
Scan saved at 13.09.45, on 11/03/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
c:\programmi\internet explorer\iexplore.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\uTorrent\utorrent.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Johnny\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {F57D8DBE-5520-46F3-8A0A-484F4E6F8F71} - C:\WINDOWS\system32\ssqomjk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/gam...ts/y/tt5_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD22EA3-3B18-4ECC-BE1C-FCFDD4B26E1F}: NameServer = 85.37.17.8 85.38.28.73
O20 - Winlogon Notify: ssqomjk - C:\WINDOWS\SYSTEM32\ssqomjk.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

KingOfTheDark · 11-03-2007, 18:50

allora il log è pulito ma cmq quel ssqomjk.dll è un malware... quindi bisogna trovare il modo di eliminarlo.... se lo analizzi con l'antivirus che ti dice?

wizard1993 · 11-03-2007, 20:20

si è smitfraud per la cronaca

http://siri.geekstogo.com/SmitfraudFix.php

johnnyglam · 12-03-2007, 03:09

Per la cronaca ho paura che non era solo Smitfraud.... ho eseguito istruzioni come sa sito e questo è il risultato:

SmitFraudFix v2.148

Scan done at 3.01.08,97, 12/03/2007
Run from C:\Documents and Settings\Johnny\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Questo invece il log... sempre dannatamente strano e con le solite chiavi sospette:

Logfile of HijackThis v1.99.1
Scan saved at 3.06.45, on 12/03/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Documents and Settings\Johnny\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {F57D8DBE-5520-46F3-8A0A-484F4E6F8F71} - C:\WINDOWS\system32\ssqomjk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/gam...ts/y/tt5_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: ssqomjk - C:\WINDOWS\SYSTEM32\ssqomjk.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

FOXYLADY · 12-03-2007, 11:20

Puoi provare a fare un tentativo con avenger
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.txt
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla questo script

Files to delete:
C:\WINDOWS\SYSTEM32\ssqomjk.dll

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente.

johnnyglam · 12-03-2007, 13:26

Grazie FoxLady finalmente è andata via:

Logfile of HijackThis v1.99.1
Scan saved at 13.21.40, on 12/03/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmi\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Johnny\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/gam...ts/y/tt5_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Dovrebbe essere ok?....
Questo nn è sospetto però?: C:\WINDOWS\web\related.htm

Grazie ancora per l'aiuto

FOXYLADY · 12-03-2007, 23:57

Adesso il log è pulito, quella voce che hai indicato è di alexa, la puoi fixare tranquillamente.

johnnyglam · 13-03-2007, 02:19

Si fatto, finalmente non ho più problemi, grazie mille

09-03-2007, 14:04	#1
johnnyglam Junior Member Iscritto dal: Oct 2005 Messaggi: 22	Dialer Ho preso un fastidioso dialer che nn riesco a rimuovere del tutto. Ho Windows Xp, linea adsl. Il dialer si presenta creandomi un'icona sul desktop e si va a stabilire in temp e in windows/prefetch sempre con nomi diversi. Usando SD, Adware lo si rimuove, solo a volte... Ma puntualmente ricompare chiudendomi la connessione ad Alice. Qualcuno può essermi d'aiuto... Inizio a disperare

09-03-2007, 14:25	#2
KingOfTheDark Member Iscritto dal: Mar 2007 Città: Bari... Messaggi: 129	pprova a guardare inquesta discussione... si parla dello stesso problema...e anke li l'adsl è alice.. (anke se non + scritto) __________________ Maybe I'm nobody...but nobody is like me

09-03-2007, 21:41	#4
johnnyglam Junior Member Iscritto dal: Oct 2005 Messaggi: 22	Ancora Problemi Dialer Aiuto Please. Ho installato anche a-squared antidialer, rimosso tutto in mod. provvisoria ma continua a tornare questo dialer... Con l'unica eccezione che avendo sempre l'antidialer attivo non mi fa disconnettere. Se posto il log eseguito con Hijack This mi potete essere d'aiuto? Grazie mille

09-03-2007, 21:44	#5
FOXYLADY Senior Member Iscritto dal: Oct 2004 Città: Milano Messaggi: 2641	Posta pure il log che gli diamo un occhiata __________________ FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci

09-03-2007, 22:00	#7
FOXYLADY Senior Member Iscritto dal: Oct 2004 Città: Milano Messaggi: 2641	Dal log che hai postato non si nota nessuna anomalia, è pulito.... Però tu hai una versione veramente obsoleta di windows xp, è anche possibile che i problemi siano dovuti a questo..... Non riesci ad aggiornare il tuo sistema operativo al servicepack 2? __________________ FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci

09-03-2007, 14:36	#3
johnnyglam Junior Member Iscritto dal: Oct 2005 Messaggi: 22	grazie mille, stavo proprio leggendo quella discussione. Forse si ripresentava perchè lo eliminavo da mod. provvisoria senza disattivare il ripristino del sistema.

09-03-2007, 22:05	#8
johnnyglam Junior Member Iscritto dal: Oct 2005 Messaggi: 22	Innanzitutto grazie per la velocità.... Ehm non ne sono sicuro Sicuramente non posso fare l'update... Ma com'è possibile che mi si creino sti maledetti dialer se non ho voci infette

09-03-2007, 22:14	#9
FOXYLADY Senior Member Iscritto dal: Oct 2004 Città: Milano Messaggi: 2641	Magari dico una minchiata , ma non escluderei la possibilità che sfruttino bug del sistema operativo non patchato.... Prova a scaricare l'sp2 da qui http://www.ilsoftware.it/querydl.asp?ID=627 e ad installarlo. Prova anche a fare qualche scansione con questi software (se non li hai già provati). http://www.ewido.net/en/download/ http://www.superantispyware.com/ __________________ FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci

10-03-2007, 18:24	#10
johnnyglam Junior Member Iscritto dal: Oct 2005 Messaggi: 22	Ho formattato in quanto il dialer è andato ad infettare tutti i files con estensione bak. Il dialer è andato via ma continuo ad avere problemi di trojan nel sys 32 di windows.... Posto di nuovo il log appena effettuato, spero di avere un aiuto. La dll sospetta ed invisibile con Kill box è ssqomjk.dll ........ ma penso nn sia il solo problema Logfile of HijackThis v1.99.1 Scan saved at 18.20.51, on 10/03/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\a-squared Anti-Dialer\a2adguard.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\WINDOWS\MXOALDR.EXE C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\Programmi\HP\hpcoretech\hpcmpmgr.exe C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\Johnny\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {F57D8DBE-5520-46F3-8A0A-484F4E6F8F71} - C:\WINDOWS\system32\ssqomjk.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD22EA3-3B18-4ECC-BE1C-FCFDD4B26E1F}: NameServer = 85.37.17.8 85.38.28.73 O20 - Winlogon Notify: ssqomjk - C:\WINDOWS\SYSTEM32\ssqomjk.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

11-03-2007, 13:19	#12
johnnyglam Junior Member Iscritto dal: Oct 2005 Messaggi: 22	Ho provato a fixarla, ad eliminarla anche da mod. provv. disabilitando il ripristino ma mi si ripresenta sempre. Vorrei solo capire se questa ssqomjk.dll può creare casini e quindi devo eliminarla oppure posso tenerla. Riallego un mio log aggiornato per capire anche se ho altri problemi. Tra l'altro, ogni volta mi ricollego ad Internet dopo poco avg trova questi trojan che metto in vault ed elimino... ma ad ogni connessione ricompaiono: system 32\smcs.exe trojan horse IRC\Backdoor.SdBot2.VXD TROJAN HORSE LOOP AX C:doc and sett\imp. locali\temp.internet file\Content.Ie5\SXE305A7\lo1 ( questo si ripresenta SEMPRE ) Poi un altro consiglio, ho eseguito il download del SP2 ( Grazie ), per installarlo devo eseguire procedimenti o accorgimenti particolari? Grazie ancora per l'aiuto Logfile of HijackThis v1.99.1 Scan saved at 13.09.45, on 11/03/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\a-squared Anti-Dialer\a2adguard.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\WINDOWS\MXOALDR.EXE C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\Programmi\HP\hpcoretech\hpcmpmgr.exe C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Logitech\SetPoint\SetPoint.exe C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE c:\programmi\internet explorer\iexplore.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\uTorrent\utorrent.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Johnny\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {F57D8DBE-5520-46F3-8A0A-484F4E6F8F71} - C:\WINDOWS\system32\ssqomjk.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/gam...ts/y/tt5_x.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD22EA3-3B18-4ECC-BE1C-FCFDD4B26E1F}: NameServer = 85.37.17.8 85.38.28.73 O20 - Winlogon Notify: ssqomjk - C:\WINDOWS\SYSTEM32\ssqomjk.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

11-03-2007, 18:50	#13
KingOfTheDark Member Iscritto dal: Mar 2007 Città: Bari... Messaggi: 129	allora il log è pulito ma cmq quel ssqomjk.dll è un malware... quindi bisogna trovare il modo di eliminarlo.... se lo analizzi con l'antivirus che ti dice? __________________ Maybe I'm nobody...but nobody is like me

11-03-2007, 20:20	#14
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	si è smitfraud per la cronaca http://siri.geekstogo.com/SmitfraudFix.php __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

12-03-2007, 03:09	#15
johnnyglam Junior Member Iscritto dal: Oct 2005 Messaggi: 22	Non va via!!!!! Per la cronaca ho paura che non era solo Smitfraud.... ho eseguito istruzioni come sa sito e questo è il risultato: SmitFraudFix v2.148 Scan done at 3.01.08,97, 12/03/2007 Run from C:\Documents and Settings\Johnny\Desktop\SmitfraudFix OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Questo invece il log... sempre dannatamente strano e con le solite chiavi sospette: Logfile of HijackThis v1.99.1 Scan saved at 3.06.45, on 12/03/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\a-squared Anti-Dialer\a2adguard.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\WINDOWS\MXOALDR.EXE C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\Programmi\HP\hpcoretech\hpcmpmgr.exe C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Programmi\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\Documents and Settings\Johnny\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {F57D8DBE-5520-46F3-8A0A-484F4E6F8F71} - C:\WINDOWS\system32\ssqomjk.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/gam...ts/y/tt5_x.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: ssqomjk - C:\WINDOWS\SYSTEM32\ssqomjk.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

12-03-2007, 11:20	#16
FOXYLADY Senior Member Iscritto dal: Oct 2004 Città: Milano Messaggi: 2641	Puoi provare a fare un tentativo con avenger http://swandog46.geekstogo.com/avenger.zip Decomprimi l'archivio Avvia il file avenger.txt Seleziona l'opzione "Input Script Manually" Clicca sulla lente di ingrandimento Ti si apre una finestra "View/edit script" All'interno del box bianco,copia e incolla questo script Files to delete: C:\WINDOWS\SYSTEM32\ssqomjk.dll Clicca sul pulsante Done Clicca sull'icona del semaforo verde Rispondi due volte Yes Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente. __________________ FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci

12-03-2007, 13:26	#17
johnnyglam Junior Member Iscritto dal: Oct 2005 Messaggi: 22	Grazie FoxLady finalmente è andata via: Logfile of HijackThis v1.99.1 Scan saved at 13.21.40, on 12/03/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\a-squared Anti-Dialer\a2adguard.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\WINDOWS\MXOALDR.EXE C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\Programmi\HP\hpcoretech\hpcmpmgr.exe C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Logitech\SetPoint\SetPoint.exe C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Programmi\HP\hpcoretech\comp\hptskmgr.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Johnny\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/gam...ts/y/tt5_x.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Dovrebbe essere ok?.... Questo nn è sospetto però?: C:\WINDOWS\web\related.htm Grazie ancora per l'aiuto

12-03-2007, 23:57	#18
FOXYLADY Senior Member Iscritto dal: Oct 2004 Città: Milano Messaggi: 2641	Adesso il log è pulito, quella voce che hai indicato è di alexa, la puoi fixare tranquillamente. __________________ FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci

13-03-2007, 02:19	#19
johnnyglam Junior Member Iscritto dal: Oct 2005 Messaggi: 22	Si fatto, finalmente non ho più problemi, grazie mille

Strumenti
Mostra una versione stampabile Invia questa pagina per email