HiJackThis - Analisi Log - leggere Regole di Sezione - Pagina 332

Gle89 · 27-09-2007, 19:47

Nanok

puoi fissare queste voci:

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmi\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Rainlendar2] C:\Programmi\Rainlendar2\Rainlendar2.exe

Il log è pulito.
Meglio cambiare il tuo antivirus. Togli Avast e metti AntiVir,scaricalo dalla mia firma, poi sempre dalla firma vai sulla guida per settarlo in modo giusto!

tullalà · 27-09-2007, 19:58

Quote:

Originariamente inviato da Gle89

Sembra rimosso... hai ancora i problemi al pc?

Hijackthis lo segnala ancora,è meglio fixarlo?

Gle89 · 27-09-2007, 19:59

Quote:

Originariamente inviato da Super Vegetto

Mi sa tanto che la copia di mio cugino non è autentica, ma la mia lo è: però quando vado a fare l'aggiornamento del suo pc mi chiede ovviamente i product key, che faccio glieli metto i miei? Non è che poi avrò problemi io con la mia copia di Windows? Ok dare una mano, ma non sacrifico la mia copia!

Non saprei... senti nella sezione di XP

Quote:

Per IE penso che il problema sia analogo, e di installer completi non ne trovo: però lì si può ovviare con Firefox, sempre che io riesca a farglielo digerire.

molto più sicuro di IE

Quote:

Ora è in scansione con A-SQUARED, siamo ancora alla prima tacca e già 130 oggetti trovati...

NON tutti i files trovati dal programma vanno cancellati. Devi cancellare tutti files trovati ECCETTO quelli riguardanti scanner, fotocamere, videocamere ecc...

Quote:

P.S.
Ah, per la scansione on-line con Virustotal al momento non posso farla perchè il suo pc non è connesso alla rete, se la faccio quando glielo riporto a casa è un problema o va fatta per forza prima?

Allora puoi lasciare questa procedura in sospesa...fai le altre cose, quando potrai fare quella scansione dopo...

Ma non potresti attaccare la tua ADSL al suo pc, se te lo hai li con te?

Gle89 · 27-09-2007, 19:59

Quote:

Originariamente inviato da tullalà

Hijackthis lo segnala ancora,è meglio fixarlo?

si fissalo!

tullalà · 27-09-2007, 20:07

Quote:

Originariamente inviato da Gle89

si fissalo!

Grazie procedo immediatamente

Super Vegetto · 27-09-2007, 20:12

Quote:

Originariamente inviato da Gle89

Ma non potresti attaccare la tua ADSL al suo pc, se te lo hai li con te?

Beh, si!

Ma devo installare il modem, che barba...

Super Vegetto · 27-09-2007, 20:28

Nuovo report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.24.46, on 27/09/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\soundman.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\System32\igfxsvc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O12 - Plugin for .mpeg: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Administrator/Documenti/Massimo/IMMAGINI/Varie/Musica%20e%20Film/50%20Cent%20%26%20DMX/c2g_buddy_1_dmx2.gif
O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/Administrator/Documenti/Massimo/IMMAGINI/Varie/Musica%20e%20Film/50%20Cent%20%26%20DMX/c2g_buddy_1_dmx1.gif

--
End of file - 6460 bytes

Come va ora?

Gle89 · 27-09-2007, 21:26

c'è sempre quella voce sospetta da controllare su VIRUSTOTAL (consiglio di installare il modem su quel pc)
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\System32\igfxsvc.exe

adesso sono comparse anche queste:
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Administrator/Documenti/Massimo/IMMAGINI/V arie/Musica%20e%20Film/50%20Cent%20%26%20DMX/c2g_buddy_1_dmx2.gif
O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/Administrator/Documenti/Massimo/IMMAGINI/V arie/Musica%20e%20Film/50%20Cent%20%26%20DMX/c2g_buddy_1_dmx1.gif

io le fixerei, dovrebbero essere immagini, fai te.

Proviamo ora ad alleggerire l'avvio del sistema operativo,fissa questi:
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2
adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

Ma A-SQUARED ha rilevato qualcosa? Ha rimosso le cose che ha rilevato? e PREVX CSI?

Bugs Bunny · 27-09-2007, 21:34

io direi che prima di fixare tutta quella roba,DEVI mettere il service pack 2 ed aggiornare internet explorer

Super Vegetto · 27-09-2007, 22:05

Per Gle 89:

Le due immagini le avevo già fissate, per gli altri crea qualche problema? Vedo che sono molti di HP, non è che poi non funziona?
Comunque il problema di fondo permane: ho fatto la scansione con A-squared e mi ha rilevato un sacco di roba, l'ho fatta anche con quello per i dialer (ma ormai non mi aveva rilevato più nulla), PREVX CSI non va perchè ci vuole il modem (ormai mi trovo costretto ad installarlo...), eppure ora ad una nuova scansione completa con antivir mi ritrova un sacco di robaccia, come quell' agent.abmp.1

Per Bugs Bunny:
purtroppo il pc non è mio e windows non è originale, è un bel casotto...

juninho85 · 27-09-2007, 22:16

Quote:

Originariamente inviato da Super Vegetto

Allora, avevo un problema all'avvio di windows xp prfessional e la guida di Gle89 è servita molto (grazie).
Ora al riavvio AntiVir mi segnala un sacco di virus che sono tutti i Trojan TR/Agent.36441 e TR/Agent.ABMP.1.

ho avuto a che farci propriò stasera,per qualche oretta

esegui avenger con questo script:

Codice:

Files to delete:
C:\windows\system32\igfxsvc.exe
C:\windows\system32\spoolw.exe
C:\Documents and Settings\SysAdmin\Menu Avvio\Programmi\Esecuzione automatica\imfe.exe
C:\Documents and Settings\SysAdmin\Menu Avvio\Programmi\Esecuzione automatica\infe.exe
C:\windows\system32\SVCH0ST.EXE
C:\windows\system32\sysmxgql.exe
C:\WINDOWS\w32dbg.exe
Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysmxgql
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|pzosea.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|autorun
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|spoolw
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|igfxsvc

inoltre crea parecchie chiavi nel registro di sistema alle voci:
-HKU\S-1-5-21-57989841-1214440339-725345543-1006\Software\Microsoft\Windows\ShellNoRoam
-HKU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
-HKU\S-1-5-21-57989841-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\

occhio anche al contenuto delle chiavi
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
e
HKU\Software\Microsoft\Windows\ShellNoRoam\MUICache

Super Vegetto · 27-09-2007, 22:25

Ok, installato il modem nell'altro pc e fatti i dovuti aggiornamenti dei software (IE e windows a parte, purtroppo), ora si riparte con tutta la trafila delle scansioni, se mi va bene per le 3 ho finito

P.S.
Grazie anche a te Juninho per l'informazione, farò anche quella

Super Vegetto · 27-09-2007, 23:15

Ultimo (si spera) log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.12.09, on 28/09/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\soundman.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Program Files\Libero\Adsl\dslstat.exe
C:\Program Files\Libero\Adsl\dslagent.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Libero\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O12 - Plugin for .mpeg: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5983 bytes

A-SQUARED

Super Vegetto · 27-09-2007, 23:18

Ultimo (si spera) log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.12.09, on 28/09/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\soundman.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Program Files\Libero\Adsl\dslstat.exe
C:\Program Files\Libero\Adsl\dslagent.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Libero\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O12 - Plugin for .mpeg: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5983 bytes

A-SQUARED mi ha trovato ancora un dialer e qualche altra robetta, prev csi non ha trovato nulla, il file che dovevo controllare con Virustotal è sparito (forse con l'aggiornamento dei software me lo hanno individuato), fatemi sapere se può andare.

Gle89 · 27-09-2007, 23:37

Il log ora è pulito. Ho visto che non hai fissato le cose che ti avevo detto prima. Le puoi fissare perchè sono superflue ALL'AVVIO del sistema operativo del pc. Ovvero NON vengono disisntallati i programmi, ma non vengono solamente all'avvio (che rallentano molto il pc quando si accende). Se poi si vuole accedere a quei programmi basta cliccarci sull icona del desktop o da star tutti i programmi

Super Vegetto · 27-09-2007, 23:42

Quote:

Originariamente inviato da Gle89

Il log ora è pulito. Ho visto che non hai fissato le cose che ti avevo detto prima. Le puoi fissare perchè sono superflue ALL'AVVIO del sistema operativo del pc. Ovvero NON vengono disisntallati i programmi, ma non vengono solamente all'avvio (che rallentano molto il pc quando si accende). Se poi si vuole accedere a quei programmi basta cliccarci sull icona del desktop o da star tutti i programmi

Ah, ok, pensavo che potesse portare a qualche malfunzionamento. Ti ringazio infinitamente per l'aiuto, ciao e grazie!

nanok · 28-09-2007, 08:55

Quote:

Originariamente inviato da Gle89

Nanok

puoi fissare queste voci:

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmi\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Rainlendar2] C:\Programmi\Rainlendar2\Rainlendar2.exe

Il log è pulito.
Meglio cambiare il tuo antivirus. Togli Avast e metti AntiVir,scaricalo dalla mia firma, poi sempre dalla firma vai sulla guida per settarlo in modo giusto!

Grazie tante Gle!!!
Se fisso quelle voci, quei programmi non partono piu' vero?

lo_straniero · 28-09-2007, 11:38

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.24.40, on 28/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ogbvshcy.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\__GameS__\medal airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Winamp\winamp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pack.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Diagnostica SpeedTouch USB] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\fbwpusov.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57F6F824-557B-480D-900B-60C81D672323}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{57F6F824-557B-480D-900B-60C81D672323}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Programmi\AOL\Active Virus Shield\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\ogbvshcy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\__GameS__\medal airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5513 bytes

ps ho 3 trojan TROJAN.WIN32.AGENT.BCK nel pc che KASPERSKY 7 non è riuscito a togliere ....active virus shield non li ha trovati nemmeno...a-squared li trova è una volta eliminati..tornano di nuovo ...zoneallarm non è riuscito a proteggere....antivir li trova ma non riesce ad eliminare....naturalmente tutti sti programmi sono stati aggiornati prima di fare la scanzione

sono schifato ...e pure sono gli antivirus piu gettonati ecc...

Bugs Bunny · 28-09-2007, 12:50

O23 - Service: DomainService - - C:\WINDOWS\system32\ogbvshcy.exe

O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\fbwpusov.dll",sitypnow

C:\WINDOWS\system32\ogbvshcy.exe

alvaruccio · 28-09-2007, 14:13

vedendo direttamente sul sito mi da tutte le voci davvero sicure...ma chiedo anche un parere a voi

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Fabio\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ITALIA version Toolbar - {323d5e65-9ec7-481e-a888-5bbe30b80dfb} - C:\Programmi\ITALIA_version\tbITAL.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: ITALIA version Toolbar - {323d5e65-9ec7-481e-a888-5bbe30b80dfb} - C:\Programmi\ITALIA_version\tbITAL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programmi\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188248804482
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1190202696968
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D039EC0D-3D1B-4810-90F1-DE267E2CA719}: NameServer = 85.37.17.11 85.38.28.69
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

27-09-2007, 19:47	#6621
Gle89 Senior Member Iscritto dal: Aug 2007 Città: Lucca Sesso: FEMMINA Messaggi: 2495	Nanok puoi fissare queste voci: O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmi\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [Rainlendar2] C:\Programmi\Rainlendar2\Rainlendar2.exe Il log è pulito. Meglio cambiare il tuo antivirus. Togli Avast e metti AntiVir,scaricalo dalla mia firma, poi sempre dalla firma vai sulla guida per settarlo in modo giusto! __________________ Disinfettare da disk knight.exe / Icone desktop sparite? / Guida Rimozione Virus MSN Guida "Impossibile installare alcuni aggiornamenti XP / Ultima modifica di Gle89 : 27-09-2007 alle 19:51.

27-09-2007, 20:28	#6627
Super Vegetto Senior Member Iscritto dal: Apr 2001 Città: Varese Messaggi: 294	Nuovo report: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21.24.46, on 27/09/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\soundman.exe C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Nikon\PictureProject\NkbMonitor.exe C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\a-squared Free\a2service.exe C:\Programmi\a-squared Anti-Dialer\a2service.exe C:\Programmi\a-squared Anti-Dialer\a2adguard.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60 O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\System32\igfxsvc.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll O12 - Plugin for .mpeg: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Administrator/Documenti/Massimo/IMMAGINI/Varie/Musica%20e%20Film/50%20Cent%20%26%20DMX/c2g_buddy_1_dmx2.gif O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/Administrator/Documenti/Massimo/IMMAGINI/Varie/Musica%20e%20Film/50%20Cent%20%26%20DMX/c2g_buddy_1_dmx1.gif -- End of file - 6460 bytes Come va ora? __________________ The screw, Is a tightening Atrocity - I shake, For the reeking flesh Is as romantic as hell The need, To have seen it all - The Voyeur of Utter Destruction, As beauty. I shake

27-09-2007, 21:26	#6628
Gle89 Senior Member Iscritto dal: Aug 2007 Città: Lucca Sesso: FEMMINA Messaggi: 2495	c'è sempre quella voce sospetta da controllare su VIRUSTOTAL (consiglio di installare il modem su quel pc) O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\System32\igfxsvc.exe adesso sono comparse anche queste: O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Administrator/Documenti/Massimo/IMMAGINI/V arie/Musica%20e%20Film/50%20Cent%20%26%20DMX/c2g_buddy_1_dmx2.gif O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/Administrator/Documenti/Massimo/IMMAGINI/V arie/Musica%20e%20Film/50%20Cent%20%26%20DMX/c2g_buddy_1_dmx1.gif io le fixerei, dovrebbero essere immagini, fai te. Proviamo ora ad alleggerire l'avvio del sistema operativo,fissa questi: O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2 adguard.exe" O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60 O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog Ma A-SQUARED ha rilevato qualcosa? Ha rimosso le cose che ha rilevato? e PREVX CSI? __________________ Disinfettare da disk knight.exe / Icone desktop sparite? / Guida Rimozione Virus MSN Guida "Impossibile installare alcuni aggiornamenti XP /

27-09-2007, 22:05	#6630
Super Vegetto Senior Member Iscritto dal: Apr 2001 Città: Varese Messaggi: 294	Per Gle 89: Le due immagini le avevo già fissate, per gli altri crea qualche problema? Vedo che sono molti di HP, non è che poi non funziona? Comunque il problema di fondo permane: ho fatto la scansione con A-squared e mi ha rilevato un sacco di roba, l'ho fatta anche con quello per i dialer (ma ormai non mi aveva rilevato più nulla), PREVX CSI non va perchè ci vuole il modem (ormai mi trovo costretto ad installarlo...), eppure ora ad una nuova scansione completa con antivir mi ritrova un sacco di robaccia, come quell' agent.abmp.1 Per Bugs Bunny: purtroppo il pc non è mio e windows non è originale, è un bel casotto... __________________ The screw, Is a tightening Atrocity - I shake, For the reeking flesh Is as romantic as hell The need, To have seen it all - The Voyeur of Utter Destruction, As beauty. I shake

27-09-2007, 22:25	#6632
Super Vegetto Senior Member Iscritto dal: Apr 2001 Città: Varese Messaggi: 294	Ok, installato il modem nell'altro pc e fatti i dovuti aggiornamenti dei software (IE e windows a parte, purtroppo), ora si riparte con tutta la trafila delle scansioni, se mi va bene per le 3 ho finito P.S. Grazie anche a te Juninho per l'informazione, farò anche quella __________________ The screw, Is a tightening Atrocity - I shake, For the reeking flesh Is as romantic as hell The need, To have seen it all - The Voyeur of Utter Destruction, As beauty. I shake

27-09-2007, 21:34	#6629
Bugs Bunny Senior Member Iscritto dal: Aug 2005 Città: Genova Messaggi: 3391	io direi che prima di fixare tutta quella roba,DEVI mettere il service pack 2 ed aggiornare internet explorer

27-09-2007, 23:15	#6633
Super Vegetto Senior Member Iscritto dal: Apr 2001 Città: Varese Messaggi: 294	Ultimo (si spera) log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0.12.09, on 28/09/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Programmi\a-squared Anti-Dialer\a2service.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\soundman.exe C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\a-squared Anti-Dialer\a2adguard.exe C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WgaTray.exe C:\Programmi\a-squared Free\a2service.exe C:\Program Files\Libero\Adsl\dslstat.exe C:\Program Files\Libero\Adsl\dslagent.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avnotify.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60 O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Libero\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll O12 - Plugin for .mpeg: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 5983 bytes A-SQUARED __________________ The screw, Is a tightening Atrocity - I shake, For the reeking flesh Is as romantic as hell The need, To have seen it all - The Voyeur of Utter Destruction, As beauty. I shake

27-09-2007, 23:18	#6634
Super Vegetto Senior Member Iscritto dal: Apr 2001 Città: Varese Messaggi: 294	Ultimo (si spera) log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0.12.09, on 28/09/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Programmi\a-squared Anti-Dialer\a2service.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\soundman.exe C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\a-squared Anti-Dialer\a2adguard.exe C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WgaTray.exe C:\Programmi\a-squared Free\a2service.exe C:\Program Files\Libero\Adsl\dslstat.exe C:\Program Files\Libero\Adsl\dslagent.exe C:\Programmi\Avira\AntiVir PersonalEdition Classic\avnotify.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60 O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Libero\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll O12 - Plugin for .mpeg: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 5983 bytes A-SQUARED mi ha trovato ancora un dialer e qualche altra robetta, prev csi non ha trovato nulla, il file che dovevo controllare con Virustotal è sparito (forse con l'aggiornamento dei software me lo hanno individuato), fatemi sapere se può andare. __________________ The screw, Is a tightening Atrocity - I shake, For the reeking flesh Is as romantic as hell The need, To have seen it all - The Voyeur of Utter Destruction, As beauty. I shake

27-09-2007, 23:37	#6635
Gle89 Senior Member Iscritto dal: Aug 2007 Città: Lucca Sesso: FEMMINA Messaggi: 2495	Il log ora è pulito. Ho visto che non hai fissato le cose che ti avevo detto prima. Le puoi fissare perchè sono superflue ALL'AVVIO del sistema operativo del pc. Ovvero NON vengono disisntallati i programmi, ma non vengono solamente all'avvio (che rallentano molto il pc quando si accende). Se poi si vuole accedere a quei programmi basta cliccarci sull icona del desktop o da star tutti i programmi __________________ Disinfettare da disk knight.exe / Icone desktop sparite? / Guida Rimozione Virus MSN Guida "Impossibile installare alcuni aggiornamenti XP /

28-09-2007, 11:38	#6638
lo_straniero Senior Member Iscritto dal: May 2006 Città: MELMA Messaggi: 6729	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12.24.40, on 28/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\a-squared Free\a2service.exe C:\Programmi\AOL\Active Virus Shield\avp.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\ogbvshcy.exe C:\WINDOWS\system32\nvsvc32.exe C:\__GameS__\medal airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\AOL\Active Virus Shield\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\eMule\emule.exe C:\Programmi\Winamp\winamp.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pack.google.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Diagnostica SpeedTouch USB] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\fbwpusov.dll",sitypnow O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{57F6F824-557B-480D-900B-60C81D672323}: NameServer = 193.70.152.15 193.70.152.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{57F6F824-557B-480D-900B-60C81D672323}: NameServer = 193.70.152.15 193.70.152.25 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: Active Virus Shield (AVP) - AOL - C:\Programmi\AOL\Active Virus Shield\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: DomainService - - C:\WINDOWS\system32\ogbvshcy.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\__GameS__\medal airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5513 bytes ps ho 3 trojan TROJAN.WIN32.AGENT.BCK nel pc che KASPERSKY 7 non è riuscito a togliere ....active virus shield non li ha trovati nemmeno...a-squared li trova è una volta eliminati..tornano di nuovo ...zoneallarm non è riuscito a proteggere....antivir li trova ma non riesce ad eliminare....naturalmente tutti sti programmi sono stati aggiornati prima di fare la scanzione sono schifato ...e pure sono gli antivirus piu gettonati ecc... __________________ Ultima modifica di lo_straniero : 28-09-2007 alle 11:49.

28-09-2007, 12:50	#6639
Bugs Bunny Senior Member Iscritto dal: Aug 2005 Città: Genova Messaggi: 3391	O23 - Service: DomainService - - C:\WINDOWS\system32\ogbvshcy.exe O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\fbwpusov.dll",sitypnow C:\WINDOWS\system32\ogbvshcy.exe

28-09-2007, 14:13	#6640
alvaruccio Senior Member Iscritto dal: Jan 2005 Messaggi: 1586	vedendo direttamente sul sito mi da tutte le voci davvero sicure...ma chiedo anche un parere a voi Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programmi\Eset\nod32krn.exe C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe C:\Programmi\Spyware Doctor\svcntaux.exe C:\Programmi\Spyware Doctor\swdsvc.exe C:\Programmi\Spyware Doctor\SDTrayApp.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\Programmi\Eset\nod32kui.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\MSN Messenger\usnsvc.exe C:\Documents and Settings\Fabio\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ITALIA version Toolbar - {323d5e65-9ec7-481e-a888-5bbe30b80dfb} - C:\Programmi\ITALIA_version\tbITAL.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: ITALIA version Toolbar - {323d5e65-9ec7-481e-a888-5bbe30b80dfb} - C:\Programmi\ITALIA_version\tbITAL.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programmi\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europ...vex/hcImpl.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188248804482 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1190202696968 O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D039EC0D-3D1B-4810-90F1-DE267E2CA719}: NameServer = 85.37.17.11 85.38.28.69 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Strumenti
Mostra una versione stampabile Invia questa pagina per email