Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

stremato

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

stremato

Postdi metafora » 22/07/06 17:07

ciao

ho bisogno di un aiuto, sono davvero stremato, non riesco a venirne fuori

i pop-ups dei siti che mi si aprono sono i più diversi....

qcco il logo dell'hijack:

Logfile of HijackThis v1.99.1
Scan saved at 17.47.11, on 22/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINDOWS\etlisrv.exe
C:\WINDOWS\LogWatNT.exe
C:\Programmi\Marimba\Tuner\Tuner.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\Programmi\Marimba\Tuner\lib\jre\bin\java.exe
C:\PROGRA~1\NavNT\savroam.exe
C:\programmi\TNGSD\BIN\SDSERV.EXE
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\CA_APPSW\dts\bin\tngdoba.exe
C:\CA_APPSW\dts\bin\tngdta.exe
C:\programmi\TNGSD\BIN\TRIGGAG.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\SxpInst\sxplog32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\programmi\TNGSD\BIN\triggusr.exe
C:\Programmi\Enel.it\WebTVAlert\wtvalert.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\NavNT\vptray.exe
D:\HP Software Update\HPWuSchd2.exe
C:\Programmi\CA\eTrust Internet Security Suite\caissdt.exe
C:\Programmi\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\WINDOWS\system32\etlitr50.exe
D:\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Trend Micro\Tmas\Tmas.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\CA_APPSW\dts\cam\bin\cam.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
G:\Mozilla2\thunderbird.exe
C:\Programmi\Microsoft Office\OFFICE11\EXCEL.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programmi\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cww.enel/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cww.enel/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-centro.risorse.enel:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.enel;*.enel.it;*.session.rservices.com;*.quienel.net;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Programmi\SxpInst\sxplog32.exe
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [WTVAlert] C:\Programmi\Enel.it\WebTVAlert\wtvalert.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [vptray] C:\Programmi\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [defender] C:\\defender20.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpyBlocker] C:\Programmi\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\msncomm.exe /i
O4 - HKLM\..\Run: [VolControl] C:\WINDOWS\volumec.exe -i
O4 - HKLM\..\Run: [CaISSDT] "C:\Programmi\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programmi\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Programmi\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [Entrust/Direct Recovery] "C:\Programmi\Entrust\Direct Intranet\etdirrcv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Programmi\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Programmi\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = risorse.enel
O17 - HKLM\Software\..\Telephony: DomainName = risorse.enel
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = risorse.enel
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = risorse.enel
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\Player\__CDS2.dll (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\t88u0il9e8q.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Unicenter TNG Message Queuing Server (CA-MessageQueuing) - Unknown owner - C:\CA_APPSW\dts\cam\bin\cam.exe
O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - C:\WINDOWS\Lic98Rmt.exe
O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - C:\WINDOWS\Lic98RmtD.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Entrust Login Interface (ELIService) - Entrust(R) - C:\WINDOWS\etlisrv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: MarimbaEndpoint - Marimba, Inc. - C:\Programmi\Marimba\Tuner\Tuner.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\Rtvscan.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\ora81\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam - symantec - C:\PROGRA~1\NavNT\savroam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Accociates, Intl Inc. - C:\programmi\TNGSD\BIN\SDSERV.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Unicenter Data Object Agent (TNG-DOBA) - Computer Associates International, Inc. - C:\CA_APPSW\dts\bin\tngdoba.exe
O23 - Service: Unicenter Data Transport Metric Gatherer (TNG-DTMG) - Computer Associates International, Inc. - C:\CA_APPSW\dts\bin\tngdtmg.exe
O23 - Service: Unicenter Data Transport Agent (TNG-DTS) - Computer Associates International, Inc. - C:\CA_APPSW\dts\bin\tngdta.exe



c'è qualcuno che può aiutarmi?

grazie

gc
metafora
Newbie
 
Post: 3
Iscritto il: 22/07/06 17:03
Località: roma

Sponsor
 

Postdi andorra24 » 22/07/06 17:29

Metti la spunta nella casellina accanto alle seguenti voci e premi fix checked:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [defender] C:\\defender20.exe
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\Player\__CDS2.dll (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\t88u0il9e8q.dll
O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\msncomm.exe /i
O4 - HKLM\..\Run: [VolControl] C:\WINDOWS\volumec.exe -i

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php

Con killbox elimina i seguenti files exe:
C:\WINDOWS\system32\t88u0il9e8q.dll
C:\WINDOWS\msncomm.exe
C:\WINDOWS\volumec.exe

Fai una scansione con ewido:
http://www.grisoft.cz/softw/70/filedir/ ... 0.172b.exe
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Luke57 » 22/07/06 17:43

Ciao, hai nel computer anche una variante del Look2me

Scarica questo tool:
http://www.atribune.org/ccount/click.php?id=7

CITAZIONE
* Chiudere tutti i programmi prima di continuare.
* Cliccare su Look2Me-Destroyer.exe per eseguirlo.
* Mettere la spunta a "next to Run this program as a task"
* Riceverete un messaggio messaggio che Look2Me-Destroyer si chiuderà e riaprirà in 1 minuto. CliccateOK
* Quando Look2Me-Destroyer si riapre, Clicca sul bottone "Scan for L2M " , le icone del desktop scompariranno, questo è normale.
* Una volta fatta la scansione, cliccare su "Remove L2M".
* Riceverete il messaggio scansione effettuata, cliccare OK.
* Quando completato, vedrete messaggio: " Done removing infected files! Look2Me-Destroyer will now shutdown your computer", cliccare OK.

Esegui poi il resto delle operazioni suggerite.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi metafora » 22/07/06 19:25

grazie andorra 24, grazie look 57

credo stia meglio il computer

questo è il nuovo log di hijack, che ne dite?


gc

Logfile of HijackThis v1.99.1
Scan saved at 20.24.38, on 22/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\CA_APPSW\dts\cam\bin\cam.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINDOWS\etlisrv.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\LogWatNT.exe
C:\Programmi\Marimba\Tuner\Tuner.exe
C:\Programmi\Marimba\Tuner\lib\jre\bin\java.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\PROGRA~1\NavNT\savroam.exe
C:\programmi\TNGSD\BIN\SDSERV.EXE
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\CA_APPSW\dts\bin\tngdoba.exe
C:\CA_APPSW\dts\bin\tngdta.exe
C:\programmi\TNGSD\BIN\TRIGGAG.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\SxpInst\sxplog32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\programmi\TNGSD\BIN\triggusr.exe
C:\Programmi\Enel.it\WebTVAlert\wtvalert.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\NavNT\vptray.exe
D:\HP Software Update\HPWuSchd2.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\CA\eTrust Internet Security Suite\caissdt.exe
C:\Programmi\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\Programmi\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\WINDOWS\system32\etlitr50.exe
D:\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\Trend Micro\Tmas\Tmas.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cww.enel/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cww.enel/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-centro.risorse.enel:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.enel;*.enel.it;*.session.rservices.com;*.quienel.net;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Programmi\SxpInst\sxplog32.exe
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [WTVAlert] C:\Programmi\Enel.it\WebTVAlert\wtvalert.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [vptray] C:\Programmi\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpyBlocker] C:\Programmi\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Programmi\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programmi\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Programmi\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [Entrust/Direct Recovery] "C:\Programmi\Entrust\Direct Intranet\etdirrcv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Programmi\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Programmi\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = risorse.enel
O17 - HKLM\Software\..\Telephony: DomainName = risorse.enel
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = risorse.enel
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = risorse.enel
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Unicenter TNG Message Queuing Server (CA-MessageQueuing) - Unknown owner - C:\CA_APPSW\dts\cam\bin\cam.exe
O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - C:\WINDOWS\Lic98Rmt.exe
O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - C:\WINDOWS\Lic98RmtD.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Entrust Login Interface (ELIService) - Entrust(R) - C:\WINDOWS\etlisrv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: MarimbaEndpoint - Marimba, Inc. - C:\Programmi\Marimba\Tuner\Tuner.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\Rtvscan.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\ora81\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam - symantec - C:\PROGRA~1\NavNT\savroam.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Accociates, Intl Inc. - C:\programmi\TNGSD\BIN\SDSERV.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Unicenter Data Object Agent (TNG-DOBA) - Computer Associates International, Inc. - C:\CA_APPSW\dts\bin\tngdoba.exe
O23 - Service: Unicenter Data Transport Metric Gatherer (TNG-DTMG) - Computer Associates International, Inc. - C:\CA_APPSW\dts\bin\tngdtmg.exe
O23 - Service: Unicenter Data Transport Agent (TNG-DTS) - Computer Associates International, Inc. - C:\CA_APPSW\dts\bin\tngdta.exe
metafora
Newbie
 
Post: 3
Iscritto il: 22/07/06 17:03
Località: roma

Postdi andorra24 » 22/07/06 19:30

Il log e' pulito adesso.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi metafora » 22/07/06 19:41

grazie andorra 24
metafora
Newbie
 
Post: 3
Iscritto il: 22/07/06 17:03
Località: roma


Torna a Sicurezza e Privacy

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti