LOG hijackthis

djlombardo · 16-08-2007, 16:13

ciao, un saluto al tutto il forum !!

questo è il mio primo msg !!!

Spybot mi rileva DRIVECLEANER 2006, correggo il pbl ma al riavvio lo rileva nuovamente !!
facendo un giro su Google, ho notato che trattasi di un prg fake che se eseguito agisce da malware/spyware !!!
Il fatto è che non ho ricevuto alcuna maschera di esecuzione del prg suddetto !!
Spybot pero' non riesce ad eliminare questa voce che sembra essersi insidiato nel registro !!!

premetto che mi collego con un PC (SERVER) collegato poi in LAN con un altro pc (CLIENTE). Il pbl è rilevato solo sul SERVER, il pc collegato al MODEM !!!
Nessuna traccia invece sul CLIENT !!!

L'unico pbl riscontrato è la disconnessione continua del SEVER ad internet !!
specie se collegato con il MULO !!!

Ho fatto tutte le scansioni in Mod. Provv., cancellato le tracce con CCLEANER, eliminato le voci inutili dal registro con Reegseeker !!
Fatti ieri gli aggiornamenti di Windows Update !!!
Inoltre ho scansionato con A-Squared/AVG antispyware/Spyware Terminator/McAfee Enterprise..........
trovati solo alcuni cookies che ho ripulito, per il resto niente di allarmante !!

il pbl delle disconnessioni pero' continua, cambiati pure i filtri adsl, ma niente !!

Vi posto i LOG di HIJACKTHIS sia del SERVER che del CLIENT..........
sperando che qualcuno mi aiuti !!!

GRAZIE !

p.s. ho intenzione di debellare completamente Google Toolbar dai pc in quanto le richieste di aggiornamento rilevate dal mio OUTPOST, sono diventate asfissianti !!!
un parere in merito ???

--------------------------------------------------------------------------

LOG SERVER:

Logfile of HijackThis v1.99.1
Scan saved at 15.58.52, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\SiteAdvisor\5020\SiteAdv.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
c:\programmi\a-squared free\a2service.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
C:\Programmi\SiteAdvisor\5020\SAService.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Upsmon\Upsag_nt.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\HIJACKTHIS 1.99.1 (FREEWARE) [PULITO]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/nwshp?hl=it&gl=it
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\5020\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Pictures - {8E929F51-5914-11D6-971F-0050FC3F9161} - C:\Programmi\Pictures Toolbar\Pictures.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\5020\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Programmi\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\5020\SiteAdv.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Regolazione rapida - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programmi\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1183762020901
O17 - HKLM\System\CCS\Services\Tcpip\..\{5746C320-FC5E-4854-B073-3C370232AF89}: NameServer = 85.37.17.39 85.38.28.71
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmi\SiteAdvisor\5020\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\programmi\a-squared free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programmi\SiteAdvisor\5020\SAService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Upsagent - UPS Monitor (Upsagent) - Unknown owner - C:\Programmi\Upsmon\Upsag_nt.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--------------------------------------------------------------------------

LOG CLIENT:

Logfile of HijackThis v1.99.1
Scan saved at 15.53.51, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\a-squared free\a2service.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Network Associates\Common

Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
C:\Programmi\SiteAdvisor\6066\SAService.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe
C:\Programmi\SiteAdvisor\6066\SiteAdv.exe
C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\Creative Live! Cam\Live! Cam

Manager\CTLCMgr.exe
C:\Programmi\AudioSystem EWX 2496\EwxCpl.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\HIJACKTHIS 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} -

C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

- C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

file)
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: McAfee SiteAdvisor -

{0BF43445-2F28-4351-9252-17FE6E806AA0} -

C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Pictures - {8E929F51-5914-11D6-971F-0050FC3F9161} -

C:\Programmi\Pictures Toolbar\Pictures.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck]

C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Executive

Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network

Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network

Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service]

"C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost

Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost

Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SpywareTerminator]

"C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox]

C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SiteAdvisor]

C:\Programmi\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Programmi\Creative\Creative

Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [Picasa Media Detector]

C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [swg]

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.ex

e
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager]

"C:\Programmi\Creative\Creative Live! Cam\Live! Cam

Manager\CTLCMgr.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File

comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk =

C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EWX 2496 ControlPanel.lnk = ?
O4 - Global Startup: Google Updater.lnk =

C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) -

{85d1f590-48f4-11d9-9669-0800200c9a66} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class)

- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

Class) -

http://www.update.microsoft.com/wind...ontrols/en/x86

/client/wuweb_site.cab?1183761817281
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary...AClient.cab569

07.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedia.com/ge.../flash/swflash

.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{AF20581D-BF65-4212-A224-57C4E6D

041FE}: NameServer = 192.168.0.1,151.99.125.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F}

- C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor -

{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} -

C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software

GmbH - c:\programmi\a-squared free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner -

C:\Programmi\File comuni\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. -

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc.

- C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: gearsec - GEAR Software -

C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) -

Network Associates, Inc. - C:\Programmi\Network Associates\Common

Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network

Associates, Inc. - C:\Programmi\Network

Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) -

Network Associates, Inc. - C:\Programmi\Network

Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) -

Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. -

C:\Programmi\SiteAdvisor\6066\SAService.exe
O23 - Service: Spyware Terminator Realtime Shield Service

(sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe

gian21391 · 16-08-2007, 16:22

c'è un processo che non mi convince
c:\VEXPLITE\MONLITE.exe

sai di cosa si tratta?

djlombardo · 16-08-2007, 16:28

Quote:

Originariamente inviato da gian21391

c'è un processo che non mi convince
c:\VEXPLITE\MONLITE.exe

sai di cosa si tratta?

si tratta di VIRIT LITE MONITOR........tutto ok !

djlombardo · 16-08-2007, 16:30

correzione LOG CLIENT:

Logfile of HijackThis v1.99.1
Scan saved at 16.29.04, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\a-squared free\a2service.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
C:\Programmi\SiteAdvisor\6066\SAService.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe
C:\Programmi\SiteAdvisor\6066\SiteAdv.exe
C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Programmi\AudioSystem EWX 2496\EwxCpl.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\HIJACKTHIS 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Pictures - {8E929F51-5914-11D6-971F-0050FC3F9161} - C:\Programmi\Pictures Toolbar\Pictures.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EWX 2496 ControlPanel.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1183761817281
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF20581D-BF65-4212-A224-57C4E6D041FE}: NameServer = 192.168.0.1,151.99.125.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\programmi\a-squared free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programmi\SiteAdvisor\6066\SAService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe

juninho85 · 16-08-2007, 17:07

devi postare qua

16-08-2007, 16:13	#1
djlombardo Junior Member Iscritto dal: Aug 2007 Messaggi: 18	LOG hijackthis ciao, un saluto al tutto il forum !! questo è il mio primo msg !!! Spybot mi rileva DRIVECLEANER 2006, correggo il pbl ma al riavvio lo rileva nuovamente !! facendo un giro su Google, ho notato che trattasi di un prg fake che se eseguito agisce da malware/spyware !!! Il fatto è che non ho ricevuto alcuna maschera di esecuzione del prg suddetto !! Spybot pero' non riesce ad eliminare questa voce che sembra essersi insidiato nel registro !!! premetto che mi collego con un PC (SERVER) collegato poi in LAN con un altro pc (CLIENTE). Il pbl è rilevato solo sul SERVER, il pc collegato al MODEM !!! Nessuna traccia invece sul CLIENT !!! L'unico pbl riscontrato è la disconnessione continua del SEVER ad internet !! specie se collegato con il MULO !!! Ho fatto tutte le scansioni in Mod. Provv., cancellato le tracce con CCLEANER, eliminato le voci inutili dal registro con Reegseeker !! Fatti ieri gli aggiornamenti di Windows Update !!! Inoltre ho scansionato con A-Squared/AVG antispyware/Spyware Terminator/McAfee Enterprise.......... trovati solo alcuni cookies che ho ripulito, per il resto niente di allarmante !! il pbl delle disconnessioni pero' continua, cambiati pure i filtri adsl, ma niente !! Vi posto i LOG di HIJACKTHIS sia del SERVER che del CLIENT.......... sperando che qualcuno mi aiuti !!! GRAZIE ! p.s. ho intenzione di debellare completamente Google Toolbar dai pc in quanto le richieste di aggiornamento rilevate dal mio OUTPOST, sono diventate asfissianti !!! un parere in merito ??? -------------------------------------------------------------------------- LOG SERVER: Logfile of HijackThis v1.99.1 Scan saved at 15.58.52, on 16/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe C:\VEXPLITE\MONLITE.EXE C:\Programmi\SiteAdvisor\5020\SiteAdv.exe C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe C:\Programmi\PeerGuardian2\pg2.exe C:\WINDOWS\system32\ctfmon.exe c:\programmi\a-squared free\a2service.exe C:\Programmi\Executive Software\Diskeeper\DkService.exe C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programmi\Network Associates\Common Framework\FrameworkService.exe C:\Programmi\Network Associates\VirusScan\Mcshield.exe C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe C:\Programmi\Agnitum\Outpost Firewall\outpost.exe C:\Programmi\SiteAdvisor\5020\SAService.exe C:\Programmi\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Upsmon\Upsag_nt.exe C:\VEXPLITE\viritsvc.exe C:\WINDOWS\System32\svchost.exe C:\HIJACKTHIS 1.99.1 (FREEWARE) [PULITO]\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/nwshp?hl=it&gl=it R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\5020\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Pictures - {8E929F51-5914-11D6-971F-0050FC3F9161} - C:\Programmi\Pictures Toolbar\Pictures.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\5020\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Outpost Firewall] "C:\Programmi\Agnitum\Outpost Firewall\outpost.exe" /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\5020\SiteAdv.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Regolazione rapida - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programmi\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1183762020901 O17 - HKLM\System\CCS\Services\Tcpip\..\{5746C320-FC5E-4854-B073-3C370232AF89}: NameServer = 85.37.17.39 85.38.28.71 O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmi\SiteAdvisor\5020\SiteAdv.dll O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\programmi\a-squared free\a2service.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programmi\SiteAdvisor\5020\SAService.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe O23 - Service: Upsagent - UPS Monitor (Upsagent) - Unknown owner - C:\Programmi\Upsmon\Upsag_nt.exe O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe -------------------------------------------------------------------------- LOG CLIENT: Logfile of HijackThis v1.99.1 Scan saved at 15.53.51, on 16/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programmi\a-squared free\a2service.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmi\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\system32\gearsec.exe C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programmi\Network Associates\Common Framework\FrameworkService.exe C:\Programmi\Network Associates\VirusScan\Mcshield.exe C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Agnitum\Outpost Firewall\outpost.exe C:\Programmi\SiteAdvisor\6066\SAService.exe C:\Programmi\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe C:\Programmi\SiteAdvisor\6066\SiteAdv.exe C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\V0220Mon.exe C:\Programmi\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Programmi\AudioSystem EWX 2496\EwxCpl.exe C:\Programmi\Google\Google Updater\GoogleUpdater.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\HIJACKTHIS 1.99.1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: Pictures - {8E929F51-5914-11D6-971F-0050FC3F9161} - C:\Programmi\Pictures Toolbar\Pictures.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [AVFX Engine] C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.ex e O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: EWX 2496 ControlPanel.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...ontrols/en/x86 /client/wuweb_site.cab?1183761817281 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...AClient.cab569 07.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge.../flash/swflash .cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AF20581D-BF65-4212-A224-57C4E6D 041FE}: NameServer = 192.168.0.1,151.99.125.2 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\programmi\a-squared free\a2service.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programmi\SiteAdvisor\6066\SAService.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe

16-08-2007, 16:22	#2
gian21391 Member Iscritto dal: Jul 2007 Messaggi: 47	c'è un processo che non mi convince c:\VEXPLITE\MONLITE.exe sai di cosa si tratta?

16-08-2007, 16:30	#4
djlombardo Junior Member Iscritto dal: Aug 2007 Messaggi: 18	correzione LOG CLIENT: Logfile of HijackThis v1.99.1 Scan saved at 16.29.04, on 16/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programmi\a-squared free\a2service.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmi\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\system32\gearsec.exe C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programmi\Network Associates\Common Framework\FrameworkService.exe C:\Programmi\Network Associates\VirusScan\Mcshield.exe C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Agnitum\Outpost Firewall\outpost.exe C:\Programmi\SiteAdvisor\6066\SAService.exe C:\Programmi\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe C:\Programmi\SiteAdvisor\6066\SiteAdv.exe C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\V0220Mon.exe C:\Programmi\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Programmi\AudioSystem EWX 2496\EwxCpl.exe C:\Programmi\Google\Google Updater\GoogleUpdater.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\HIJACKTHIS 1.99.1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: Pictures - {8E929F51-5914-11D6-971F-0050FC3F9161} - C:\Programmi\Pictures Toolbar\Pictures.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [AVFX Engine] C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: EWX 2496 ControlPanel.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1183761817281 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AF20581D-BF65-4212-A224-57C4E6D041FE}: NameServer = 192.168.0.1,151.99.125.2 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\programmi\a-squared free\a2service.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programmi\SiteAdvisor\6066\SAService.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe

16-08-2007, 17:07	#5
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 29028	devi postare qua

Strumenti
Mostra una versione stampabile Invia questa pagina per email