Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

problema dialer aiuto!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Postdi skabo » 02/10/07 21:32

skabo ha scritto:ecchime , fra poco posto le scansioni , una cosa:nella cartella c: ci sono i tre file che mi avevi detto di eliminare con hijackthis, li elimino anche da li? sono queste blhlmsdu fxbipckj irvfhogd... tutti e tre file batch




Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\BAK

0 File 0 byte
2 Directory 134.647.070.720 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\HP\KBD\BAK

0 File 0 byte
2 Directory 134.647.070.720 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\MSNMES~1\BAK

0 File 0 byte
2 Directory 134.647.066.624 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\QUICKT~1\BAK

0 File 0 byte
2 Directory 134.647.066.624 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\TOMTOM~1\BAK

0 File 0 byte
2 Directory 134.647.066.624 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\EHOME\BAK

0 File 0 byte
2 Directory 134.647.066.624 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\SYSTEM32\BAK

0 File 0 byte
2 Directory 134.647.066.624 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 134.647.066.624 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\HP\HPSHAR~1\BAK

0 File 0 byte
2 Directory 134.647.066.624 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\CREATIVE\SOUNDB~1\DVDAUDIO\BAK

0 File 0 byte
2 Directory 134.647.066.624 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\CREATIVE\SOUNDB~1\VOLUME~1\BAK

0 File 0 byte
2 Directory 134.647.066.624 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\FILECO~1\PCSUITE\DATALA~1\BAK

0 File 0 byte
2 Directory 134.647.066.624 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

0 File 0 byte
2 Directory 134.647.066.624 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\HPPHOT~1\HPHINS~1\UNIPATCH\BAK

0 File 0 byte
2 Directory 134.647.062.528 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\JAVA\JRE15~2.0_1\BIN\BAK

15/12/2006 04.23 75.520 jusched.exe
1 File 75.520 byte
2 Directory 134.647.062.528 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\PINNACLE\SHARED~1\PROGRAMS\WEBUPD~1\BAK

0 File 0 byte
2 Directory 134.647.062.528 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

0 File 0 byte
2 Directory 134.647.062.528 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe"


end of report

Logfile of HijackThis v1.99.1
Scan saved at 22.31.16, on 02/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
c:\programmi\internet explorer\iexplore.exe
C:\DOCUME~1\HP_ADM~1\IMPOST~1\Temp\Directory temporanea 26 per hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmi\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Programmi\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5598734109
O16 - DPF: {D3538D36-EEDA-4BC7-9C8D-8C1D066EBC56} (SonicActivator Class) - http://hp.sonic.com/SonicActivation.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF3D6539-5CE2-467D-8843-1E418887E149}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

CHE DICI SONO SULLA VIA DI GUARIGIONE? CHE FACCIO DEI TRE FILE BATCH IN C: ?
skabo
Utente Junior
 
Post: 25
Iscritto il: 25/01/06 19:13

Sponsor
 

Postdi skabo » 02/10/07 22:02

INCREDIBILE SI E' AUTORIPRODOTTO 10 MINUTI FA AWF ERA PULITO E ORA GUARDA...........DEVO RIFARE TUTTO NON E' POSSIBILE!!!!
ma cosa e' successo???belin ma che sfiga nera!!!!! :-(((((((((


Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\BAK

0 File 0 byte
2 Directory 134.641.012.736 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\HP\KBD\BAK

02/02/2005 16.44 61.440 KBD.EXE
1 File 61.440 byte
2 Directory 134.641.012.736 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\MSNMES~1\BAK

19/01/2007 12.54 5.674.352 MsnMsgr.Exe
1 File 5.674.352 byte
2 Directory 134.641.008.640 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\QUICKT~1\BAK

29/06/2007 06.24 286.720 qttask.exe
1 File 286.720 byte
2 Directory 134.641.008.640 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\TOMTOM~1\BAK

14/03/2007 16.52 3.770.024 TomTomHOME.exe
1 File 3.770.024 byte
2 Directory 134.641.008.640 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\EHOME\BAK

17/08/2005 22.40 64.512 ehtray.exe
1 File 64.512 byte
2 Directory 134.641.008.640 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\SYSTEM32\BAK

06/09/2004 23.00 15.360 ctfmon.exe
20/06/2002 20.37 339.968 hphmon04.exe
10/11/2003 17.06 406.016 PSDrvCheck.exe
3 File 761.344 byte
2 Directory 134.641.008.640 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 134.641.008.640 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\GRISOFT\AVGANT~1.5\BAK

11/06/2007 11.25 6.731.312 avgas.exe
1 File 6.731.312 byte
2 Directory 134.641.008.640 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\HP\HPSHAR~1\BAK

17/04/2002 11.42 69.632 hpgs2wnd.exe
1 File 69.632 byte
2 Directory 134.641.008.640 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\SONY\SONICS~1\BAK

20/09/2007 22.53 24.592 SsAAD.exe
1 File 24.592 byte
2 Directory 134.641.008.640 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\CREATIVE\SOUNDB~1\DVDAUDIO\BAK

18/06/2003 01.00 45.056 CTDVDDET.EXE
1 File 45.056 byte
2 Directory 134.641.004.544 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\CREATIVE\SOUNDB~1\VOLUME~1\BAK

14/10/2005 11.01 122.880 VolPanel.exe
1 File 122.880 byte
2 Directory 134.641.004.544 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\FILECO~1\PCSUITE\DATALA~1\BAK

0 File 0 byte
2 Directory 134.641.004.544 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

20/07/2006 10.44 180.269 realsched.exe
1 File 180.269 byte
2 Directory 134.641.004.544 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\HPPHOT~1\HPHINS~1\UNIPATCH\BAK

24/05/2002 14.47 49.152 hphupd04.exe
1 File 49.152 byte
2 Directory 134.641.004.544 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\JAVA\JRE15~2.0_1\BIN\BAK

15/12/2006 04.23 75.520 jusched.exe
1 File 75.520 byte
2 Directory 134.641.004.544 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

12/07/2007 04.00 132.496 jusched.exe
1 File 132.496 byte
2 Directory 134.641.004.544 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\PINNACLE\SHARED~1\PROGRAMS\MEDIAC~1\BAK

08/06/2006 10.42 65.536 PMC.Service.Main.exe
1 File 65.536 byte
2 Directory 134.641.004.544 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\PINNACLE\SHARED~1\PROGRAMS\WEBUPD~1\BAK

08/06/2006 09.40 385.024 WebUpdater.exe
1 File 385.024 byte
2 Directory 134.641.004.544 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

24/05/2002 14.17 188.416 hpztsb05.exe
1 File 188.416 byte
2 Directory 134.641.004.544 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28176 2 Oct 2007 "C:\hp\KBD\KBD.EXE"
61440 2 Feb 2005 "C:\hp\KBD\bak\KBD.EXE"
28176 2 Oct 2007 "C:\Programmi\MSN Messenger\MsnMsgr.Exe"
5674352 19 Jan 2007 "C:\Programmi\MSN Messenger\bak\MsnMsgr.Exe"
28176 2 Oct 2007 "C:\Programmi\QuickTime\qttask.exe"
286720 29 Jun 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
28176 2 Oct 2007 "C:\Programmi\TomTom HOME\TomTomHOME.exe"
3770024 14 Mar 2007 "C:\Programmi\TomTom HOME\bak\TomTomHOME.exe"
10068744 20 Nov 2006 "C:\Documents and Settings\HP_Administrator\Documenti\installazioni\TomTomHOMEwinlatest.exe"
64512 17 Aug 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 17 Aug 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 6 Sep 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 6 Sep 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
28176 2 Oct 2007 "C:\WINDOWS\system32\hphmon04.exe"
339968 20 Jun 2002 "C:\WINDOWS\system32\bak\hphmon04.exe"
28176 2 Oct 2007 "C:\WINDOWS\system32\PSDrvCheck.exe"
406016 10 Nov 2003 "C:\WINDOWS\system32\bak\PSDrvCheck.exe"
28176 2 Oct 2007 "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
6731312 11 Jun 2007 "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe"
28176 2 Oct 2007 "C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe"
69632 17 Apr 2002 "C:\Programmi\HP\HP Share-to-Web\bak\hpgs2wnd.exe"
28176 2 Oct 2007 "C:\Programmi\Sony\SonicStage\SsAAD.exe"
24592 20 Sep 2007 "C:\Programmi\Sony\SonicStage\bak\SsAAD.exe"
28176 2 Oct 2007 "C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
45056 18 Jun 2003 "C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\bak\CTDVDDET.EXE"
28176 2 Oct 2007 "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe"
122880 14 Oct 2005 "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\bak\VolPanel.exe"
28176 2 Oct 2007 "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"
180269 20 Jul 2006 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
185632 20 Jul 2007 "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temp\~rnsetup\RNADMIN\realsched.exe"
28176 2 Oct 2007 "C:\Programmi\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
49152 24 May 2002 "C:\Programmi\HP Photosmart 11\hphinstall\UniPatch\bak\hphupd04.exe"
28176 2 Oct 2007 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe"
28176 2 Oct 2007 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe"
65536 8 Jun 2006 "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe1190321297"
65536 8 Jun 2006 "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\bak\PMC.Service.Main.exe"
28176 2 Oct 2007 "C:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe"
385024 8 Jun 2006 "C:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\bak\WebUpdater.exe"
28176 2 Oct 2007 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe"
188416 24 May 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe"


end of report
skabo
Utente Junior
 
Post: 25
Iscritto il: 25/01/06 19:13

Postdi skabo » 03/10/07 12:23

ho rifatto tutta la procedura , il rapporto findawf e' di nuovo pulito , tolta l'ultima cartella bak nella nuova versione java , eliminati sempre in provvisoria le tre cartelle in c dei filebatch sospetti blhlmsdu fxblpckj irvfhogd , eseguito deldomains , riavviato e ora e' ok , vediamo quanto dura, ieri sera volevo aprire il progamma tom tom home per il navigatore e non si apriva e neppure messenger , facendo una nuova scansione con findawf mi sono ritrovato di nuovo le carte bak, da cosa puo' dipendere?
grazie mille per l'aiuto fin qui dato....
skabo
Utente Junior
 
Post: 25
Iscritto il: 25/01/06 19:13

Postdi Luke57 » 03/10/07 12:44

Ciao, elimina tutti i file temporanei di windows e di IE, poi apri la cartella C:\windows\tasks, vai su avanzate>spunti "visualizza operazioni nascoste", se nella cartella ci sono file con estrensione .job, eliminali.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi skabo » 03/10/07 17:27

fatto, ho eliminato la voce applesoftwareupdate.job ....speriamo davvero , sei stato utilissimo , non sapevo piu dove sbattere la testa , nel menu' di avvio ho questa strano voce che ho spuntato per non farla partire..C: MPCJAKGS.BAT puo' essere nociva?
skabo
Utente Junior
 
Post: 25
Iscritto il: 25/01/06 19:13

Postdi skabo » 03/10/07 17:50

skabo ha scritto:fatto, ho eliminato la voce applesoftwareupdate.job ....speriamo davvero , sei stato utilissimo , non sapevo piu dove sbattere la testa , nel menu' di avvio ho questa strano voce che ho spuntato per non farla partire..C: MPCJAKGS.BAT puo' essere nociva?


mpcjakgs.bat software/microsoft/windows/current version/run.....

lo cercato tramite START ACERCA FILE O CARTELLE niente........
skabo
Utente Junior
 
Post: 25
Iscritto il: 25/01/06 19:13

Postdi skabo » 05/10/07 12:13

NIENTE DA FARE, STAMATTINA L'INFAME SI E' RIPRESENTATO, MA E' COSI DIFFICILE DA DEBELLARE???!!!

Logfile of HijackThis v1.99.1
Scan saved at 13.09.09, on 05/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
c:\programmi\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\DOCUME~1\HP_ADM~1\IMPOST~1\Temp\Directory temporanea 30 per hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TB Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Programmi\WinBudget\bin\matrix.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmi\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Programmi\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5598734109
O16 - DPF: {D3538D36-EEDA-4BC7-9C8D-8C1D066EBC56} (SonicActivator Class) - http://hp.sonic.com/SonicActivation.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF3D6539-5CE2-467D-8843-1E418887E149}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe




Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\BAK

0 File 0 byte
2 Directory 134.511.210.496 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\HP\KBD\BAK

02/02/2005 16.44 61.440 KBD.EXE
1 File 61.440 byte
2 Directory 134.511.210.496 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\MSNMES~1\BAK

0 File 0 byte
2 Directory 134.511.206.400 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\QUICKT~1\BAK

0 File 0 byte
2 Directory 134.511.206.400 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\TOMTOM~1\BAK

0 File 0 byte
2 Directory 134.511.206.400 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\EHOME\BAK

17/08/2005 22.40 64.512 ehtray.exe
1 File 64.512 byte
2 Directory 134.511.206.400 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\SYSTEM32\BAK

06/09/2004 23.00 15.360 ctfmon.exe
20/06/2002 20.37 339.968 hphmon04.exe
10/11/2003 17.06 406.016 PSDrvCheck.exe
3 File 761.344 byte
2 Directory 134.511.206.400 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 134.511.206.400 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\HP\HPSHAR~1\BAK

17/04/2002 11.42 69.632 hpgs2wnd.exe
1 File 69.632 byte
2 Directory 134.511.206.400 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\SONY\SONICS~1\BAK

20/09/2007 22.53 24.592 SsAAD.exe
1 File 24.592 byte
2 Directory 134.511.206.400 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\CREATIVE\SOUNDB~1\DVDAUDIO\BAK

18/06/2003 01.00 45.056 CTDVDDET.EXE
1 File 45.056 byte
2 Directory 134.511.206.400 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\CREATIVE\SOUNDB~1\VOLUME~1\BAK

14/10/2005 11.01 122.880 VolPanel.exe
1 File 122.880 byte
2 Directory 134.511.206.400 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\FILECO~1\PCSUITE\DATALA~1\BAK

0 File 0 byte
2 Directory 134.511.202.304 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

20/07/2006 10.44 180.269 realsched.exe
1 File 180.269 byte
2 Directory 134.511.202.304 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\HPPHOT~1\HPHINS~1\UNIPATCH\BAK

24/05/2002 14.47 49.152 hphupd04.exe
1 File 49.152 byte
2 Directory 134.511.202.304 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

12/07/2007 04.00 132.496 jusched.exe
1 File 132.496 byte
2 Directory 134.511.202.304 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\PINNACLE\SHARED~1\PROGRAMS\MEDIAC~1\BAK

08/06/2006 10.42 65.536 PMC.Service.Main.exe
1 File 65.536 byte
2 Directory 134.511.202.304 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\PINNACLE\SHARED~1\PROGRAMS\WEBUPD~1\BAK

08/06/2006 09.40 385.024 WebUpdater.exe
1 File 385.024 byte
2 Directory 134.511.202.304 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

24/05/2002 14.17 188.416 hpztsb05.exe
1 File 188.416 byte
2 Directory 134.511.202.304 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28176 2 Oct 2007 "C:\Avenger\KBD.EXE"
28176 3 Oct 2007 "C:\hp\KBD\KBD.EXE"
61440 2 Feb 2005 "C:\hp\KBD\bak\KBD.EXE"
64512 17 Aug 2005 "C:\Avenger\ehtray.exe"
64512 17 Aug 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 17 Aug 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 6 Sep 2004 "C:\Avenger\ctfmon.exe"
15360 6 Sep 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 6 Sep 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
28176 2 Oct 2007 "C:\Avenger\hphmon04.exe"
28176 3 Oct 2007 "C:\WINDOWS\system32\hphmon04.exe"
339968 20 Jun 2002 "C:\WINDOWS\system32\bak\hphmon04.exe"
28176 2 Oct 2007 "C:\Avenger\PSDrvCheck.exe"
406016 10 Nov 2003 "C:\WINDOWS\system32\PSDrvCheck.exe"
406016 10 Nov 2003 "C:\WINDOWS\system32\bak\PSDrvCheck.exe"
28176 2 Oct 2007 "C:\Avenger\hpgs2wnd.exe"
28176 3 Oct 2007 "C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe"
69632 17 Apr 2002 "C:\Programmi\HP\HP Share-to-Web\bak\hpgs2wnd.exe"
28176 3 Oct 2007 "C:\Programmi\Sony\SonicStage\SsAAD.exe"
24592 20 Sep 2007 "C:\Programmi\Sony\SonicStage\bak\SsAAD.exe"
28176 2 Oct 2007 "C:\Avenger\CTDVDDET.EXE"
28176 3 Oct 2007 "C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
45056 18 Jun 2003 "C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\bak\CTDVDDET.EXE"
28176 2 Oct 2007 "C:\Avenger\VolPanel.exe"
28176 3 Oct 2007 "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe"
122880 14 Oct 2005 "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\bak\VolPanel.exe"
28176 2 Oct 2007 "C:\Avenger\realsched.exe"
28176 3 Oct 2007 "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"
180269 20 Jul 2006 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
185632 20 Jul 2007 "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temp\~rnsetup\RNADMIN\realsched.exe"
28176 2 Oct 2007 "C:\Avenger\hphupd04.exe"
28176 3 Oct 2007 "C:\Programmi\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
49152 24 May 2002 "C:\Programmi\HP Photosmart 11\hphinstall\UniPatch\bak\hphupd04.exe"
28176 3 Oct 2007 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe"
65536 8 Jun 2006 "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe1190321297"
65536 8 Jun 2006 "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\bak\PMC.Service.Main.exe"
28176 2 Oct 2007 "C:\Avenger\WebUpdater.exe"
385024 8 Jun 2006 "C:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe"
385024 8 Jun 2006 "C:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\bak\WebUpdater.exe"
28176 2 Oct 2007 "C:\Avenger\hpztsb05.exe"
28176 3 Oct 2007 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe"
188416 24 May 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe"


end of report
skabo
Utente Junior
 
Post: 25
Iscritto il: 25/01/06 19:13

Postdi Luke57 » 05/10/07 12:35

Ciao, non so, molto probabilmente vai in un sito che te lo ripropone.
Devi rifare tutta la procedura, prima apri hijackthis, premi "do a system scan only", cerca e spunta le voci seguenti:
O2 - BHO: TB Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Programmi\WinBudget\bin\matrix.dll
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com

premi fix checked.

Cerca ed elimina questo file:
C:\Programmi\WinBudget\bin\matrix.dll
Riesegui deldomains.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi skabo » 05/10/07 18:14

ok riprovo, scusa se sono un rompiballe ma sai ho un pc seminuovo e mi skazza gia formattare.......
grazie ancora!!
skabo
Utente Junior
 
Post: 25
Iscritto il: 25/01/06 19:13

Postdi skabo » 06/10/07 16:20

il rapporto findaw risulta sempre pulito ma quello di hijackthis no proprio quelle voci trusdet non se ne vogliono andare...incredibile


Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\BAK

0 File 0 byte
2 Directory 134.470.922.240 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\HP\KBD\BAK

0 File 0 byte
2 Directory 134.470.922.240 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\MSNMES~1\BAK

0 File 0 byte
2 Directory 134.470.918.144 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\QUICKT~1\BAK

0 File 0 byte
2 Directory 134.470.918.144 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\TOMTOM~1\BAK

0 File 0 byte
2 Directory 134.470.918.144 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\EHOME\BAK

0 File 0 byte
2 Directory 134.470.918.144 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\SYSTEM32\BAK

0 File 0 byte
2 Directory 134.470.918.144 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 134.470.918.144 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\HP\HPSHAR~1\BAK

0 File 0 byte
2 Directory 134.470.918.144 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\CREATIVE\SOUNDB~1\DVDAUDIO\BAK

0 File 0 byte
2 Directory 134.470.918.144 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\CREATIVE\SOUNDB~1\VOLUME~1\BAK

0 File 0 byte
2 Directory 134.470.918.144 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\FILECO~1\PCSUITE\DATALA~1\BAK

0 File 0 byte
2 Directory 134.470.918.144 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

0 File 0 byte
2 Directory 134.470.918.144 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\PROGRA~1\HPPHOT~1\HPHINS~1\UNIPATCH\BAK

0 File 0 byte
2 Directory 134.470.914.048 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 4458-E2B2

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

0 File 0 byte
2 Directory 134.470.914.048 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report


Logfile of HijackThis v1.99.1
Scan saved at 17.19.49, on 06/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\DOCUME~1\HP_ADM~1\IMPOST~1\Temp\Directory temporanea 34 per hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmi\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Programmi\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5598734109
O16 - DPF: {D3538D36-EEDA-4BC7-9C8D-8C1D066EBC56} (SonicActivator Class) - http://hp.sonic.com/SonicActivation.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF3D6539-5CE2-467D-8843-1E418887E149}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
skabo
Utente Junior
 
Post: 25
Iscritto il: 25/01/06 19:13

Postdi Luke57 » 06/10/07 17:03

Ciao, utilizza deldomaions per le voci 015.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi skabo » 06/10/07 17:06

Luke57 ha scritto:Ciao, utilizza deldomaions per le voci 015.

gia scaricato e utilizzato, sempre che non bisogna istallarno ogni volta....
skabo
Utente Junior
 
Post: 25
Iscritto il: 25/01/06 19:13

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "problema dialer aiuto!!":

Aiuto urgente!!!
Autore: templare77
Forum: Software Windows
Risposte: 1
Problema Windows 10
Autore: asso1998
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 10 ospiti