HiJackThis - Analisi Log - leggere Regole di Sezione

[nandox80]

ciao....mi dite cosa ne pensate di questo log? grazie


Logfile of HijackThis v1.99.1
Scan saved at 10.57.31, on 18/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\AntiVirusKit InternetSecurity\AVK\AVKService.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\Temp\kpvm3.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\AntiVirusKit InternetSecurity\AVK\AVKWCtl.exe
C:\Programmi\AntiVirusKit InternetSecurity\Webfilter\Webfilter.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\ANTIVI~1\WEBFIL~1\ADSCLE~1.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\nando\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: WebFilter-Leiste - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\PAKIEGUI.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [kpvm3.exe] C:\WINDOWS\Temp\kpvm3.exe
O4 - HKLM\..\Run: [kpvm4.exe] C:\WINDOWS\Temp\kpvm4.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: D-Link REG Utility.lnk = C:\Programmi\DWL-G650M Super G MIMO Wireless Notebook Adapter\Reg.exe
O4 - Global Startup: DWL-G650M Super G MIMO Wireless Notebook Adapter Utility.lnk = C:\Programmi\DWL-G650M Super G MIMO Wireless Notebook Adapter\AIRPLUS.exe
O4 - Global Startup: Filtro web.lnk = C:\Programmi\AntiVirusKit InternetSecurity\Webfilter\Webfilter.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add selected links to Link Container - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_collector_sel.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Show domain links - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_domain_links.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9070BABE-B3B9-4793-9799-532710446A9A}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{A883118C-4383-4EA1-A579-3A1EE8CC2AAB}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe (file missing)
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programmi\AntiVirusKit InternetSecurity\AVK\AVKService.exe
O23 - Service: Monitor di AVK (AVKWCtl) - Unknown owner - C:\Programmi\AntiVirusKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programmi\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

[juninho85]

Quote:

Originariamente inviato da nandox80

C:\WINDOWS\Temp\kpvm3.exe
O4 - HKLM\..\Run: [kpvm3.exe] C:\WINDOWS\Temp\kpvm3.exe
O4 - HKLM\..\Run: [kpvm4.exe] C:\WINDOWS\Temp\kpvm4.exe

falli analizzare qui

...aggiornare il sistema operativo non sarebbe una cattiva idea

[nandox80]

e lo so bene...è solo che non ho avuto proprio tempo. cmq faccio analizzare solo le voci che hai evidenziato?

[juninho85]

Quote:

Originariamente inviato da nandox80

e lo so bene...è solo che non ho avuto proprio tempo. cmq faccio analizzare solo le voci che hai evidenziato?

si

[nandox80]

per il file kpvm3 ho le seguenti righe:


AntiVir 7.3.0.21 01.17.2007 TR/Dialer.RM.71

AVG 386 01.18.2007 Dialer.DAM

ClamAV devel-20060426 01.18.2007 Dialer-754

DrWeb 4.33 01.18.2007 Dialer.Toten


le altre dice "no virus found".



Per il file kpvm4 invece ho:

AntiVir 7.3.0.21 01.17.2007 TR/Dialer.RM.71

AVG 386 01.18.2007 Dialer.DAM

ClamAV devel-20060426 01.18.2007 Dialer-754

DrWeb 4.33 01.18.2007 Dialer.Toten

Ikarus T3.1.0.27 01.09.2007 Trojan.Win32.Dialer.rm

Kaspersky 4.0.2.24 01.18.2007 Trojan.Win32.Dialer.rm

McAfee 4941 01.17.2007 QDial-45

NOD32v2 1988 01.18.2007 a variant of Win32/TrojanDownloader.Agent

Norman 5.80.02 01.17.2007 W32/Dialer.BCFT

Panda 9.0.0.4 01.17.2007 Dialer.IAX

Prevx1 V2 01.18.2007 Malicious

Sophos 4.13.0 01.17.2007 Dial/Addial-Gen


le altre voci dicono no virus found.

[juninho85]

che dici...gli eliminiamo?

[Mav73]

juninho85 cosa ne pensi del log ke ho postato sopra?...

[tonibobrasta]

Salve ragazzi un saluto a tutti per iniziare
vi porgo il mio problema o formattato circa 2 mesi fa il mio portatile e adesso vedo che va sempre piu lento sia nel riavviamento che nel aprire pagine internet e programmi o provato a fare varie scannasioni con vari antivirus e spyware ma alla fine anche se trovato qualcosa non pericolosa il pc continua ad andare lento leggendo un po qua e la mi anno consigliato di fare un controllo con HiyackThis e questo e il risultato

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Eset\nod32krn.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programme\Sony\HotKey Utility\HKserv.exe
C:\Programme\Eset\nod32kui.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programme\Sony\HotKey Utility\HKWnd.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [freenetiPhone] c:\programme\freenetiphone\iPhoneStarter.exe -minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.comunet.it/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Programme\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Programme\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Mi date qualche consiglio in merito visto che sinceramente non ci capisco molto.
Grazie tonibobrasta

[alfonsog]

Ragazzi,
vi allego il login questione, in quanto da 2 giorni mi si aprovo delle pagine di explorer, di publicità, indesiderate e al quanto fastidiose.
Ho fatto pulizia con antivir, e avg anti-spyware 7.5, come suggerito da voi.
p.s.
ho collegamento adsl Tiscali, router Netgeare 834gt e firewall di xp.
Grazie infinite a tutti.

Logfile of HijackThis v1.99.1
Scan saved at 11.02.55, on 19/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 82.195.155.5 c3310.z1301.winmx.com c3311.z1301.winmx.com c3312.z1301.winmx.com c3313.z1301.winmx.com c3314.z1301.winmx.com c3315.z1301.winmx.com c3316.z1301.winmx.com c3317.z1301.winmx.com c3318.z1301.winmx.com c3319.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3310.z1302.winmx.com c3311.z1302.winmx.com c3312.z1302.winmx.com c3313.z1302.winmx.com c3314.z1302.winmx.com c3315.z1302.winmx.com c3316.z1302.winmx.com c3317.z1302.winmx.com c3318.z1302.winmx.com c3319.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3310.z1303.winmx.com c3311.z1303.winmx.com c3312.z1303.winmx.com c3313.z1303.winmx.com c3314.z1303.winmx.com c3315.z1303.winmx.com c3316.z1303.winmx.com c3317.z1303.winmx.com c3318.z1303.winmx.com c3319.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3310.z1304.winmx.com c3311.z1304.winmx.com c3312.z1304.winmx.com c3313.z1304.winmx.com c3314.z1304.winmx.com c3315.z1304.winmx.com c3316.z1304.winmx.com c3317.z1304.winmx.comc3318.z1304.winmx.com c3319.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3310.z1305.winmx.com c3311.z1305.winmx.com c3312.z1305.winmx.com c3313.z1305.winmx.com c3314.z1305.winmx.com c3315.z1305.winmx.com c3316.z1305.winmx.com c3317.z1305.winmx.com c3318.z1305.winmx.com c3319.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3310.z1306.winmx.com c3311.z1306.winmx.com c3312.z1306.winmx.com c3313.z1306.winmx.com c3314.z1306.winmx.com c3315.z1306.winmx.com c3316.z1306.winmx.com c3317.z1306.winmx.comc3318.z1306.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3520.z1301.winmx.com c3521.z1301.winmx.com c3522.z1301.winmx.com c3523.z1301.winmx.com c3524.z1301.winmx.com c3525.z1301.winmx.com c3526.z1301.winmx.com c3527.z1301.winmx.com c3528.z1301.winmx.com c3529.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3520.z1302.winmx.com c3521.z1302.winmx.com c3522.z1302.winmx.com c3523.z1302.winmx.com c3524.z1302.winmx.com c3525.z1302.winmx.com c3526.z1302.winmx.com c3527.z1302.winmx.com 3528.z1302.winmx.com c3529.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3520.z1303.winmx.com c3521.z1303.winmx.com c3522.z1303.winmx.com c3523.z1303.winmx.com c3524.z1303.winmx.com c3525.z1303.winmx.com c3526.z1303.winmx.com c3527.z1303.winmx.com c3528.z1303.winmx.com c3529.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3520.z1304.winmx.com c3521.z1304.winmx.com c3522.z1304.winmx.com c3523.z1304.winmx.com c3524.z1304.winmx.com c3525.z1304.winmx.com c3526.z1304.winmx.com c3527.z1304.winmx.com c3528.z1304.winmx.com c3529.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3520.z1305.winmx.com c3521.z1305.winmx.com c3522.z1305.winmx.com c3523.z1305.winmx.com c3524.z1305.winmx.com c3525.z1305.winmx.com c3526.z1305.winmx.com c3527.z1305.winmx.com c3528.z1305.winmx.com c3529.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3520.z1306.winmx.com c3521.z1306.winmx.com c3522.z1306.winmx.com c3523.z1306.winmx.comc3524.z1306.winmx.com c3525.z1306.winmx.com c3526.z1306.winmx.com c3527.z1306.winmx.com c3528.z1306.winmx.comc3529.z1306.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {998A7625-8E08-7C61-7C5F-155750A451F6} - C:\DOCUME~1\Alfredo\DATIAP~1\SHOWLO~1\peak gpl.exe (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [rulebasenewdoes] C:\Documents and Settings\All Users\Dati applicazioni\Drive Cdrom Rule Base\one thunk.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E808CD7-6373-4EB4-A10B-5371F5634194}: NameServer = 213.205.32.70,213.205.36.70
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

[juninho85]

Quote:

Originariamente inviato da alfonsog

O2 - BHO: (no name) - {998A7625-8E08-7C61-7C5F-155750A451F6} - C:\DOCUME~1\Alfredo\DATIAP~1\SHOWLO~1\peak gpl.exe (file missing)
O4 - HKLM\..\Run: [rulebasenewdoes] C:\Documents and Settings\All Users\Dati applicazioni\Drive Cdrom Rule Base\one thunk.exe

elimina

[alfonsog]

Grazie,
non speravo così veloce, scusami ma non sono molto esperto, come faccio ad eliminare le stringhe che mi hai citato? devo entrare nel registro?
Grazie ancora e scusa per l'incapacità

[juninho85]

Quote:

Originariamente inviato da alfonsog

Grazie,
non speravo così veloce, scusami ma non sono molto esperto, come faccio ad eliminare le stringhe che mi hai citato? devo entrare nel registro?
Grazie ancora e scusa per l'incapacità

devi selezionarli poi cliccare su fix checked items

[alfonsog]

Grazie 1000!!!!
lo faccio immediatamente e ti informo dei risultati. sono questi che causanno l'apertura delle pagine di explorer?
Salutoni

[juninho85]

Quote:

Originariamente inviato da alfonsog

Grazie 1000!!!!
lo faccio immediatamente e ti informo dei risultati. sono questi che causanno l'apertura delle pagine di explorer?
Salutoni

dovrebbe essere il secondo

[alfonsog]

Grazie ,
ho eliminato come mi hai indicato e al momento sembra aver risolto il problema ancora grazie infinite.
Se non è un disturbo ti aggiorno degli eventuali eventi.
Grazie e saluti

[juninho85]

fai pure,non preoccuparti

[FOXYLADY]

Quote:

Originariamente inviato da Mav73

Saluti a tutti...vorrei un parere su questo log nn molto pulito...
in particolare la voce
O2 - BHO: (no name) - {5D01E522-F60D-4732-BD3F-852D28B4DCEF} - D:\WINNT\system32\CTDEVCPN.DLL
non riesco a trovare riferimenti in merito
da dire ke da ieri dopo una ricerca su google di qualsiasi tipo, clikkando sul link del sito trovato mi collega spesso (nn sempre) ad un sito tedesco (.de)...
cmq ho notato ke è tornato il trojan da me già eliminato da poco (Trojan-Clicker.Win32.Small.kj), trovando in temp il file it_0220.exe....ufffaaaa...
vi posto il log fatto ora :

Quel file fallo controllare su virustotal
http://www.virustotal.com/en/indexf.html
nel caso sia infetto fixalo ed eliminalo manualmente

in hijack fixa questi
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B9499803B2A2303766A - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - d:\programmi\hbtools\hbtv\hbtvhelper.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - D:\Programmi\HbTools\Bin\4.8.2.0\HbtHostIE.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - D:\Programmi\HbTools\Bin\4.8.2.0\HbtHostIE.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

ed elimina il programma hbtools.

Fai una scansione con avg antispyware.

[Pike4ever]

Ciao ragazzi,vi metto un'altra scansione,questa volta del pc di mia cognata ,se mi fate il favore di darci un'occhiata:

Logfile of HijackThis v1.99.1
Scan saved at 10.40.58, on 04/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Winamp3\winampa.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Temp\pstc7.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programmi\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\Programmi\Palm\HOTSYNC.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
E:\software\security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tiscali.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tiscali -
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {E6104239-596E-7D57-457E-BD846C5CD3EE} - C:\WINDOWS\meflk1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [TiscaliParam] C:\Programmi\Tiscali\Dialer\bootparam.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [pstc5.exe] C:\WINDOWS\Temp\pstc5.exe
O4 - HKLM\..\Run: [pstc6.exe] C:\WINDOWS\Temp\pstc6.exe
O4 - HKLM\..\Run: [pstc7.exe] C:\WINDOWS\Temp\pstc7.exe
O4 - HKLM\..\Run: [pstc8.exe] C:\WINDOWS\Temp\pstc8.exe
O4 - HKLM\..\Run: [pstc9.exe] C:\WINDOWS\Temp\pstc9.exe
O4 - HKLM\..\Run: [pstc10.exe] C:\WINDOWS\Temp\pstc10.exe
O4 - HKLM\..\Run: [pstc11.exe] C:\WINDOWS\Temp\pstc11.exe
O4 - HKLM\..\Run: [pstc12.exe] C:\WINDOWS\Temp\pstc12.exe
O4 - HKLM\..\Run: [pstc13.exe] C:\WINDOWS\Temp\pstc13.exe
O4 - HKLM\..\Run: [pstc14.exe] C:\WINDOWS\Temp\pstc14.exe
O4 - HKLM\..\Run: [pstc15.exe] C:\WINDOWS\Temp\pstc15.exe
O4 - HKLM\..\Run: [pstc16.exe] C:\WINDOWS\Temp\pstc16.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - Startup: HotSync Manager.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Programmi\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125563816421
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1BD092F-DCD0-4132-B47A-7AFD162A3FC6}: NameServer = 195.70.32.131,212.40.96.96
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

grazie

[juninho85]

Quote:

Originariamente inviato da Pike4ever

C:\WINDOWS\Temp\pstc7.exe
O2 - BHO: Class - {E6104239-596E-7D57-457E-BD846C5CD3EE} - C:\WINDOWS\meflk1.dll (file missing)
O4 - HKLM\..\Run: [pstc5.exe] C:\WINDOWS\Temp\pstc5.exe
O4 - HKLM\..\Run: [pstc6.exe] C:\WINDOWS\Temp\pstc6.exe
O4 - HKLM\..\Run: [pstc7.exe] C:\WINDOWS\Temp\pstc7.exe
O4 - HKLM\..\Run: [pstc8.exe] C:\WINDOWS\Temp\pstc8.exe
O4 - HKLM\..\Run: [pstc9.exe] C:\WINDOWS\Temp\pstc9.exe
O4 - HKLM\..\Run: [pstc10.exe] C:\WINDOWS\Temp\pstc10.exe
O4 - HKLM\..\Run: [pstc11.exe] C:\WINDOWS\Temp\pstc11.exe
O4 - HKLM\..\Run: [pstc12.exe] C:\WINDOWS\Temp\pstc12.exe
O4 - HKLM\..\Run: [pstc13.exe] C:\WINDOWS\Temp\pstc13.exe
O4 - HKLM\..\Run: [pstc14.exe] C:\WINDOWS\Temp\pstc14.exe
O4 - HKLM\..\Run: [pstc15.exe] C:\WINDOWS\Temp\pstc15.exe
O4 - HKLM\..\Run: [pstc16.exe] C:\WINDOWS\Temp\pstc16.exe

elimina questi

[alfonsog]

Quote:

Originariamente inviato da juninho85

fai pure,non preoccuparti

Tutto funzionante grazie 1000!!! juninho85