Spoolsv32

[juninho85]

posta pure te un log di hijackthis

[mdc83]

eccolo:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.28.29, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\LifeView TVR\remote.exe
C:\Programmi\LifeView TVR\RecSche.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnp2std.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Remote] "C:\Programmi\LifeView TVR\remote.exe"
O4 - HKLM\..\Run: [RecSche] "C:\Programmi\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1801674531-2146984249-725345543-1005\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" (User 'A & R')
O4 - HKUS\S-1-5-21-1801674531-2146984249-725345543-1005\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background (User 'A & R')
O4 - HKUS\S-1-5-21-1801674531-2146984249-725345543-1005\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe (User 'A & R')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://annydc80.spaces.live.com//Pho...d/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1178641319796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176796955531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF784365-E20D-4E65-9FCB-BA9525432516}: NameServer = 85.37.17.11 85.38.28.69
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 8111 bytes

[juninho85]

sto spoolsv32 sta facendo stragi...
prova con avenger
Files to delete:
C:\WINDOWS\svchost.exe
C:\WINDOWS\svchost.dll
C:\WINDOWS\csrs.exe
C:\WINDOWS\csrss.dll
C:\Documents and Settings\utente\Impostazioni locali\Temp\spoolsv32.exe
Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|5T19I3B27A

al posto di utente devi mettere il tuo nome utente

[wizard1993]

fixa
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKUS\S-1-5-21-1801674531-2146984249-725345543-1005\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe (User 'A & R')
riavvia
e fai una scan online con bitdefender

[mdc83]

Quote:

Originariamente inviato da wizard1993

fixa
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKUS\S-1-5-21-1801674531-2146984249-725345543-1005\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe (User 'A & R')
riavvia
e fai una scan online con bitdefender

...fatto!ora posto il nuovo rapporto di bitdefender,cmq nn mi riesce a disinfettare od eliminare i files ke diceva juninho 85,ovvero csrs.dll e csrs.exe!
x quanto riguarda avenger,mi dice ke bisogna saper settarlo bene,altrim si riskia di combinare qualke casino...infatti ke io sappia, i files "svchost", sono file di sistema,nn credete sia pericoloso eliminarli???
attendo vs. notizie!

[mdc83]

ops...dimenticavo il rapporto:

BitDefender Online Scanner



Scan report generated at: Wed, Jul 11, 2007 - 15:20:53





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
01:33:26

Files
222681

Folders
6161

Boot Sectors
4

Archives
4550

Packed Files
14991




Results

Identified Viruses
5

Infected Files
7

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
6




Engines Info

Virus Definitions
657963

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Programmi\BitTorrent Fastest Tool\BitDownload-3.0-setup.exe=>(Instyler o)=>(Instyler Module 12)
Infected with: Trojan.Obfuscated.G

C:\Programmi\BitTorrent Fastest Tool\BitDownload-3.0-setup.exe=>(Instyler o)=>(Instyler Module 12)
Disinfection failed

C:\Programmi\BitTorrent Fastest Tool\BitDownload-3.0-setup.exe=>(Instyler o)=>(Instyler Module 12)
Deleted

C:\Programmi\BitTorrent Fastest Tool\BitDownload-3.0-setup.exe=>(Instyler o)
Update failed

C:\Programmi\ESET\infected\0F4ZMABA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0001
Infected with: Trojan.Hotbar.A

C:\Programmi\ESET\infected\0F4ZMABA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0001
Disinfection failed

C:\Programmi\ESET\infected\0F4ZMABA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0001
Deleted

C:\Programmi\ESET\infected\0F4ZMABA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_nsis0017=>(NSIS o)
Update failed

C:\Programmi\ESET\infected\0F4ZMABA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0006=>(NSIS g)=>zlib_nsis0001
Infected with: Trojan.Hotbar.A

C:\Programmi\ESET\infected\0F4ZMABA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0006=>(NSIS g)=>zlib_nsis0001
Disinfection failed

C:\Programmi\ESET\infected\0F4ZMABA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0006=>(NSIS g)=>zlib_nsis0001
Deleted

C:\Programmi\ESET\infected\0F4ZMABA.NQF=>(Quarantine-PE)=>(NSIS o)=>lzma_nsis0017=>(NSIS o)=>zlib_nsis0006=>(NSIS g)
Update failed

C:\Programmi\ESET\infected\ZLE1LHAA.NQF=>(Quarantine-PE)
Infected with: Trojan.Clicker.Agent.NJ

C:\Programmi\ESET\infected\ZLE1LHAA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Programmi\ESET\infected\ZLE1LHAA.NQF=>(Quarantine-PE)
Deleted

C:\WINDOWS\csrs.dll
Infected with: Trojan.Clicker.MMX

C:\WINDOWS\csrs.dll
Disinfection failed

C:\WINDOWS\csrs.dll
Delete failed

C:\WINDOWS\csrs.exe
Infected with: Trojan.Clicker.MMX

C:\WINDOWS\csrs.exe
Disinfection failed

C:\WINDOWS\csrs.exe
Delete failed

C:\WINDOWS\system32\ActiveScan\pskahk.dll
Infected with: Generic.Malware.SIMDWYNVdprn.D9407F4E

C:\WINDOWS\system32\ActiveScan\pskahk.dll
Disinfection failed

C:\WINDOWS\system32\ActiveScan\pskahk.dll
Deleted

[juninho85]

Quote:

Originariamente inviato da mdc83

...fatto!ora posto il nuovo rapporto di bitdefender,cmq nn mi riesce a disinfettare od eliminare i files ke diceva juninho 85,ovvero csrs.dll e csrs.exe!

gli svchost più le altre stringhe invece son state rimosse?

Quote:

Originariamente inviato da mdc83

x quanto riguarda avenger,mi dice ke bisogna saper settarlo bene,altrim si riskia di combinare qualke casino...infatti ke io sappia, i files "svchost", sono file di sistema,nn credete sia pericoloso eliminarli???
attendo vs. notizie!

gli svchost che ti ho indicato non son file di sistema,giocano proprio sul fatto che il nome file sia identico ma collocato in una destinazione diversa da quella legittima,proprio per trarre in inganno
una volta ultimata la scansione con avenger posta il log

[wizard1993]

con avenger inserisci questo script ed eseguilo

Codice:

Files to delete:
C:\WINDOWS\csrs.dll
C:\WINDOWS\csrs.exe

[mdc83]

Quote:

Originariamente inviato da wizard1993

con avenger inserisci questo script ed eseguilo

Codice:

Files to delete:
C:\WINDOWS\csrs.dll
C:\WINDOWS\csrs.exe

...fatto! questo è il log:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\clkmijtx

*******************

Script file located at: \??\C:\nbpvhbux.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\csrs.dll deleted successfully.
File C:\WINDOWS\csrs.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

ora rimangono solo gli svchost,ma nn so se è necessario eliminarli,visto ke nod32 nn mi ha + notificato nulla all'accesso ad internet!
questo "avenger", è ottimo! vi ringrazio infinitamente,e cercherò di promuovere questo forum,ke è moolto efficiente!grazie,e a presto!

[wizard1993]

riposta un log di hijackthis per avere sicurezza

[helter-skelter]

Scusa Chill out, cosa vuol dire "FIXA"? Come faccio a fare quello che mi chiedi?

Grazie

[mdc83]

Quote:

Originariamente inviato da wizard1993

riposta un log di hijackthis per avere sicurezza

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.14.31, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\LifeView TVR\RecSche.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnp2std.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\LifeView TVR\remote.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Remote] "C:\Programmi\LifeView TVR\remote.exe"
O4 - HKLM\..\Run: [RecSche] "C:\Programmi\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\csrs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://annydc80.spaces.live.com//Pho...d/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1178641319796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176796955531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF784365-E20D-4E65-9FCB-BA9525432516}: NameServer = 85.37.17.11 85.38.28.69
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 7572 bytes
ecco fatto!!!

[Chill-Out]

Quote:

Originariamente inviato da helter-skelter

Scusa Chill out, cosa vuol dire "FIXA"? Come faccio a fare quello che mi chiedi?

Grazie

"Fixa questa voce: O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\csrs.exe
(click sul quadratino bianco in corrispondezza della voce suddetta -> click sul pulsante Fix checked) -> svuota il cestino.

Disinstalla Download Load Accelerator Plus la versione free contiene adware, quindi scarica a-squared da qui: http://download5.emsisoft.com/a2FreeSetup.exe e fai un deep scan (posta report). Poi riposta Log di Hijackthis ci vuole pazienza, ciao."

Lancia HijackThis -> Do a system scan and save log file poi procedi come sopra. Ciao.

[mdc83]

Quote:

Originariamente inviato da Chill-Out

"Fixa questa voce: O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\csrs.exe
(click sul quadratino bianco in corrispondezza della voce suddetta -> click sul pulsante Fix checked) -> svuota il cestino.

Disinstalla Download Load Accelerator Plus la versione free contiene adware, quindi scarica a-squared da qui: http://download5.emsisoft.com/a2FreeSetup.exe e fai un deep scan (posta report). Poi riposta Log di Hijackthis ci vuole pazienza, ciao."

Lancia HijackThis -> Do a system scan and save log file poi procedi come sopra. Ciao.

scusa,ma ti riferisci a me??? io credo di aver già risolto...

[juninho85]

Quote:

Originariamente inviato da mdc83

scusa,ma ti riferisci a me??? io credo di aver già risolto...

a quanto pare no,nel log di hijackthis c'è ancora traccia della chiave

Quote:

O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\csrs.exe

ora fixala con hijackthis,riavvia il pc e per sicurezza prova a rilanciare avenger con il seguente script,vediamo se il culatone si rigenere:
Files to delete:
C:\WINDOWS\csrs.dll
C:\WINDOWS\csrs.exe
Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | 5T19I3B27A

[mdc83]

l'ho fixata...ma come si disistalla il download load accellerator,scaricando direttam a-squared??? ora posto il report di a-squared!

a-squared Free - Version 3.0
Last update: 12/07/2007 15.07.45

Impostazioni scansione:

Oggetti: Memoria, Tracce, Cookies, C:\WINDOWS\, C:\Programmi
Archivio scansioni: On
Scientifico: On
ADS Scan: On

Scansione avviata: 12/07/2007 15.07.54

c:\documents and settings\microsoft\impostazioni locali\temp\1.dll rilevati: Trace.File.WhenU.SaveNow
c:\documents and settings\a & r\impostazioni locali\temp\1.dll rilevati: Trace.File.WhenU.SaveNow
C:\Documents and Settings\Microsoft\Cookies\microsoft@190[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\[email protected][2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\[email protected][2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\microsoft@atdmt[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\[email protected][2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\microsoft@casalemedia[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\microsoft@cgi-bin[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\microsoft@doubleclick[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\microsoft@fastclick[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\[email protected][1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\microsoft@mediaplex[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\microsoft@serving-sys[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\[email protected][2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\microsoft@statcounter[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\microsoft@tradedoubler[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\microsoft@tribalfusion[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Cookies\microsoft@zedo[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Dati applicazioni\Mozilla\Firefox\Profiles\svpjwohi.default\cookies.txt:17 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Microsoft\Dati applicazioni\Mozilla\Firefox\Profiles\svpjwohi.default\cookies.txt:18 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Cookies\a & r@190[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Cookies\a & r@atdmt[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Cookies\a & [email protected][1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Cookies\a & r@common[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Cookies\a & [email protected][1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Cookies\a & r@doubleclick[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Cookies\a & [email protected][2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Cookies\a & r@mediaplex[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Cookies\a & r@pricegrabber[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Cookies\a & r@serving-sys[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Cookies\a & r@tradedoubler[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:5 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:6 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:7 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:8 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:9 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:10 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:11 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:12 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:15 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:30 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:44 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:63 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:65 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:66 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:67 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:68 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:69 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:70 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:71 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:72 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:73 rilevati: Trace.TrackingCookie
C:\Documents and Settings\A & R\Dati applicazioni\Mozilla\Firefox\Profiles\cslh84jc.default\cookies.txt:74 rilevati: Trace.TrackingCookie

Scansionati

Files: 16990
Tracce: 324559
Cookies: 515
Processi: 68

Rilevato

Files: 0
Tracce: 2
Cookies: 52
Processi: 0
Chiavi registro: 0

Fine scansione: 12/07/2007 16.23.18
Tempo scansione: 1.15.24

[juninho85]

fallo direttamente da pannello di controllo/installazione applicazioni

[mdc83]

ho rilanciato avenger,e fortunatamente le kiavi nn si sn rigenerate...ora posto anke un log di hijackthis,e spero di aver risolto definitivamente:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.24.25, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\LifeView TVR\RecSche.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnp2std.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\LifeView TVR\remote.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Remote] "C:\Programmi\LifeView TVR\remote.exe"
O4 - HKLM\..\Run: [RecSche] "C:\Programmi\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://annydc80.spaces.live.com//Pho...d/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1178641319796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176796955531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF784365-E20D-4E65-9FCB-BA9525432516}: NameServer = 85.37.17.11 85.38.28.69
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 7640 bytes

[wizard1993]

che è sta roba?
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

per me è da fixare

[mdc83]

Quote:

Originariamente inviato da wizard1993

che è sta roba?
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

per me è da fixare

fixata anke questa...ma com'è,sti virus si rigenerano ogni minuto???cmq il download load accelleretor nn lo trovo in istallaz applicaz,ma ho trovato molti programmi ke nn sapevo nemmeno l'esistenza,saranno tutti sti antivirus, adware,spyware ecc ke ho istallato!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.32.08, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\LifeView TVR\RecSche.exe
C:\WINDOWS\CameraFixer.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\LifeView TVR\remote.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Remote] "C:\Programmi\LifeView TVR\remote.exe"
O4 - HKLM\..\Run: [RecSche] "C:\Programmi\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://annydc80.spaces.live.com//Pho...d/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1178641319796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176796955531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF784365-E20D-4E65-9FCB-BA9525432516}: NameServer = 85.37.17.11 85.38.28.69
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 7528 bytes