Condividi:        

Dialer web.exe

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Dialer web.exe

Postdi gauchio » 09/02/06 20:08

Il problema è il seguente:tutte le volte che mi connetto con la mia amatissima 56k :( dopo un po di tempo mi si disconette da solo e in automatico parte la riconessione ad un numero sconosciuto.Al che spengo il modem e avdoa vedere su c:e noto l'"apparizione" di un exe , per l'appunto web .exe
Vi posto il log di hijackfile , magari mi sapete dare una mano voi!!
Grazie


Logfile of HijackThis v1.99.1
Scan saved at 20.10.38, on 09/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\GetRight\GETRIGHT.EXE
C:\Programmi\GetRight\GETRIGHT.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\CMMON32.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Hanamici\IMPOST~1\Temp\Rar$EX00.250\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ftbar] typeconf.exe
O4 - HKLM\..\Run: [panel_its] pizda.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [licli] li.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CToolBar] 321102.exe
O4 - HKCU\..\Run: [Dest068] ATLIEHELPER.exe
O4 - HKCU\..\Run: [UserSp1] backd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.c ... hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{841CB115-2BA2-429D-BCD5-300930CFCB68}: NameServer = 193.70.192.25 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
gauchio
Utente Junior
 
Post: 41
Iscritto il: 28/10/05 09:03

Sponsor
 

Postdi Luke57 » 09/02/06 21:48

Ciao, per prima cosa metti l'eseguibile (.exe) di hijackthis in una cartella del disco fisso, ad es.C\HJT o C\Programmi\HJT, in modo che il programma possa fare una copia di backup delle voci rimosse. Avvii in modalità provvisoria (Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)
Apri hijackthis , premi “Open the misc Tools Section”, poi “open process manager”, cerchi il seguente processo, se c’è, :
CMMON32.EXE
Clicchi “kill process”
Poi premi “back”, “scan”, cerchi e metti il segno di spunta alle seguenti voci:
C:\WINDOWS\system32\CMMON32.EXE
O4 - HKLM\..\Run: [ftbar] typeconf.exe
O4 - HKLM\..\Run: [panel_its] pizda.exe
O4 - HKCU\..\Run: [CToolBar] 321102.exe
O4 - HKCU\..\Run: [Dest068] ATLIEHELPER.exe
O4 - HKCU\..\Run: [UserSp1] backd.exe
Premi “fix checked”
Rendi visibili file e cartelle nascosti (vai in start>impostazioni>pannello di controllo>opzioni cartella, e clicca su "visualizzazione". Seleziona "visualizza file e cartelle nascosti", "visualizza il contenuto delle cartelle di sistema" e deseleziona "nascondi file protetti e di sistema". Clicca su OK., cerchi ed elimini i seguenti file ( se ci sono):
C:\WINDOWS\system32\CMMON32.EXE
Elimini tutti i file temporanei di windows (temp e tmp à start>cerca>tutti i file e cartelle, copi e incolli *.temp;*.tmp, ed elimini tutti quelli trovati, poi elimini i file temporanei di IE, cookies , svuoti il cestino. Su pannello di controllo, installazioni\applicazioni, rimuovi tutti i programmi, se ci sono, non installati da te Fai una scansione antivirus con antivirus aggiornato. Posta nuovo log per follow up.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi gauchio » 10/02/06 20:39

grazie ci provo subito e faccio sapere
gauchio
Utente Junior
 
Post: 41
Iscritto il: 28/10/05 09:03

Postdi gauchio » 11/02/06 10:27

dunque ecco la mia procedura:
sono andato in mod provvisoria ed ho cercato con hijack cmmon32 ma non c'era dopodiche ho fatto tutti gli altri passaggi da te detti,solamente che nel levare il file cmmon32(scritto minuscolo non so se c'è differenza da quello maiuscolo)mi ha dato dei problemi alla connessione quindi l'ho dovuto rimettrere.Una volta essermi connesso mi ha ridato lo stesso proble..
Posto il mio nuovo log

Logfile of HijackThis v1.99.1
Scan saved at 10.16.17, on 11/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [licli] li.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.c ... hcImpl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

che devo fare???? :aaah
gauchio
Utente Junior
 
Post: 41
Iscritto il: 28/10/05 09:03

Postdi Luke57 » 11/02/06 11:09

Ciao, scusa ma hai fatto il log dalla modalaità provvisoria? Sembrerebbe, il numero dei processi in esecuzione è drasticamente diminuito. Se sì, rifallo dalla modalità normale. Intanto con hijakthis, cerca questa:
O4 - HKLM\..\Run: [licli] li.exe
premi "fix checked". Poi, sempre in modalità provvisoria, con la funzione "cerca", cerchi appunto questo file
li.exe
e se lo trovi lo elimini. Posta un nuovo log
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi gauchio » 11/02/06 14:33

Logfile of HijackThis v1.99.1
Scan saved at 14.33.59, on 11/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Hanamici\IMPOST~1\Temp\Rar$EX00.531\USBExtreme.exe
C:\Programmi\D-Tools\daemon.exe
C:\WINDOWS\system32\CMMON32.EXE
C:\Programmi\GetRight\GETRIGHT.EXE
C:\Programmi\GetRight\GETRIGHT.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.c ... hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{841CB115-2BA2-429D-BCD5-300930CFCB68}: NameServer = 193.70.192.25 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

questo è il nuovo log... eppure il file web.exe mi appare ancora
gauchio
Utente Junior
 
Post: 41
Iscritto il: 28/10/05 09:03

Postdi lucas/s » 11/02/06 15:08

Ciao start>esegui>digita cmd clicca su Ok
dove lampeggia il cursore digita
dir \we****.exe /a h /s > file.txt
notepad file.txt
Dai invio fino a quando non si apre il block notes,copia e incolla il contenuto del block notes
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi fabrizius » 11/02/06 15:13

Si che c'é differenza tra minisculo e maiuscolo,quello scitto in minuscolo
é una lima di windows e non va cancellata

1/cerca e termina questo processo nel task manager...CMMON32.EXE (se c'è)

Se la voce non la trovi dalla mod. provvisoria prova da quella normale

Apri hijack fai uno scan ed elimina questa voce:C:\WINDOWS\system32\CMMON32.EXE

2/Assicurati che cartelle e file nascosti siano visibili
(Pannello di controllo---> Opzioni Cartella ---> Visualizzazione)
metti la spunta su "visualizza file e cartelle nascoste.

poi ricerca ed elimina (se c'é) questo file:
C:\WINDOWS\system32\CMMON32.EXE
CMMON32.EXE

Dai anche una ripulita a file temp.Cache - Cookies e file prefetch (XP) fatti aiutare da Ccleaner che trovi nella sezione download:
http://www.pc-facile.com/download/?cat=54
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi fabrizius » 11/02/06 15:14

scusami Lucas ci siamo accavallati....se avrei visto la tua risposta non mi sarei permesso di postare dietro di te


ciao
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi lucas/s » 11/02/06 15:18

no no posta,dovevo vedere se il file è ancora presente niente di + ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi gauchio » 11/02/06 19:03

problema risolto per quanto riguarda il dialer...
pero ne è sorto un altro :-( sono andato in open misctool e ho eliminato il backup dei file risultato:quando spengo il pc dopo la schermata in cui mi dice chiusura di windows in corso, invece di spengersi ,mi dauna schermata nera e li si blocca....
come posso farlo ritornare come prima?
gauchio
Utente Junior
 
Post: 41
Iscritto il: 28/10/05 09:03

Postdi gauchio » 11/02/06 19:04

problema risolto per quanto riguarda il dialer...
pero ne è sorto un altro :-( sono andato in open misctool e ho eliminato il backup dei file:
O4 - HKLM\..\Run: [ftbar] typeconf.exe
O4 - HKLM\..\Run: [panel_its] pizda.exe
O4 - HKCU\..\Run: [CToolBar] 321102.exe
O4 - HKCU\..\Run: [Dest068] ATLIEHELPER.exe
O4 - HKCU\..\Run: [UserSp1] backd.exe
O4 - HKLM\..\Run: [licli] li.exe
risultato:quando spengo il pc dopo la schermata in cui mi dice chiusura di windows in corso, invece di spengersi ,mi dauna schermata nera e li si blocca....
come posso farlo ritornare come prima?
gauchio
Utente Junior
 
Post: 41
Iscritto il: 28/10/05 09:03

Postdi lucas/s » 11/02/06 20:03

Scarica Fixwareout
http://swandog46.geekstogo.com/Fixwareout.exe
Salvalo sul desktop
Avvia il programma clicca su Next poi su Install
assicurati che ci sia la spunta nella casella Run fixit e clicca su Finish
Il tool inizierà a girare,ti chiederà di riavviare,tu riavvia nota che il riavvio sarà + lento ma questo è normale

Adesso start>pannello di controllo
clicca su "Connessioni di rete"
Seleziona la tua connessione,tasto destro seleziona l'opzione propietà portati sul Tag "Rete" seleziona la voce "Protocollo internet (TCP/IP) clicca su "Propietà" assicurati che siano spuntate le voce "Ottieni automaticamente un indirizzo ip" e la voce "Ottieni server DNS automaticamente

Adesso start>esegui nella casella digita cmd
Clicca su Ok
Ti di apre une finestra prompt,dove lampeggia il cursore digita
ipconfig /flushdns
clicca su INVIO
Chiudi la finestra prompt digitando exit
Invio

Connetti al forum,per piacere posta i seguenti log
Hijackthis aggiornato
Posta il contenuto del file in rosso C:\fixwareout\report.txt
Ciao e buon lavoro
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi gauchio » 11/02/06 22:25

scusama ho fatto come mi dicevi..il problema è ceh al riavvio mi compare la solita schermata nera da cui non c'è verso andare avanti..l'unica cosa che posso fare è postarre il file log di hijack anche perchè il file report di fixwareout non me lo da(non c'è proprio)..Che si puo fare per questo pc DESPERADO? :aaah
gauchio
Utente Junior
 
Post: 41
Iscritto il: 28/10/05 09:03

Postdi lucas/s » 11/02/06 22:42

ok apri Hijackthis clicca su "Open the misc tools section" in altro trovi il pulsante "Generate Startuplist log" metti le 2 spunte nelle caselle affianco al pulsante,una volta messe le spunte clicca sul bottone,copia e incolla il contenuto di quel log,ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi gauchio » 12/02/06 10:43

StartupList report, 12/02/2006, 10.42.19
StartupList version: 1.52.2
Started from : C:\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\CMMON32.EXE
C:\Programmi\GetRight\GETRIGHT.EXE
C:\Programmi\GetRight\GETRIGHT.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Hanamici\Menu Avvio\Programmi\Esecuzione automatica]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
CloneCDElbyCDFL = "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
EM_EXEC = C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
RemoteControl = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
AnyDVD = C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[Disabled]
AnyDVD = C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
nForce Tray Options = sstray.exe /r

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Editor del Registro di sistema'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Programmi\GetRight\xx2gr.dll - {31FF080D-12A3-439A-A2EF-4BA95A3148E8}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx
CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab

[Housecall ActiveX 6.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://us-housecall.trendmicro-europe.c ... hcImpl.cab

[{8AD9C840-044E-11D1-B3E9-00805F499D93}]
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/sh ... wflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\system32\wshbth.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Periferica unità 61883: system32\DRIVERS\61883.sys (manual start)
Driver ACPI Microsoft: System32\DRIVERS\ACPI.sys (system)
Eliminatore di eco acustico del kernel Microsoft: system32\drivers\aec.sys (manual start)
Ambiente supporto di rete AFD: \SystemRoot\System32\drivers\afd.sys (system)
Servizio Gateway di livello applicazione: %SystemRoot%\System32\alg.exe (manual start)
Driver del processore AMD K7: System32\DRIVERS\amdk7.sys (system)
AnyDVD: System32\Drivers\AnyDVD.sys (manual start)
Gestione applicazione: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Protocollo client ARP 1394: System32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
Driver per supporti asincroni RAS: System32\DRIVERS\asyncmac.sys (manual start)
Controller disco rigido IDE/ESDI standard: System32\DRIVERS\atapi.sys (system)
Protocollo client ARP ATM: System32\DRIVERS\atmarpc.sys (manual start)
Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver stub audio: System32\DRIVERS\audstub.sys (manual start)
Periferica AVC: system32\DRIVERS\avc.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG Network Redirector: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys (autostart)
Servizio trasferimento intelligente in background: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver blocco richieste Bluetooth: system32\DRIVERS\BthEnum.sys (manual start)
Driver comunicazioni seriali Bluetooth: system32\DRIVERS\bthmodem.sys (manual start)
Periferica Bluetooth (Personal Area Network): system32\DRIVERS\bthpan.sys (manual start)
Driver della porta Bluetooth: System32\Drivers\BTHport.sys (manual start)
Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (autostart)
Driver USB radio Bluetooth: System32\Drivers\BTHUSB.sys (manual start)
Decoder sottotitoli codificati: system32\DRIVERS\CCDECODE.sys (manual start)
Driver del CD-ROM: System32\DRIVERS\cdrom.sys (system)
Servizio di indicizzazione: C:\WINDOWS\system32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Applicazione di sistema COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Servizi di crittografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
d347bus: System32\DRIVERS\d347bus.sys (system)
d347prt: System32\Drivers\d347prt.sys (system)
Utilità di avvio processo server DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver del disco: System32\DRIVERS\disk.sys (system)
Servizio amministrativo di Gestione disco logico: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Driver Gestione dischi logici: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Gestione dischi logici: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Sintetizzatore DLS Microsoft Kernel: system32\drivers\DMusic.sys (manual start)
Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Decodificatore audio DRM del kernel Microsoft: system32\drivers\drmkaud.sys (manual start)
ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
ElbyDelay: System32\Drivers\ElbyDelay.sys (manual start)
Servizio di segnalazione errori: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Registro eventi: %SystemRoot%\system32\services.exe (autostart)
Sistema di eventi COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Compatibilità di Cambio rapido utente: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver controller disco floppy: System32\DRIVERS\fdc.sys (manual start)
Driver disco floppy: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Driver archiviazione volumi: System32\DRIVERS\ftdisk.sys (system)
GEARSecurity: %SystemRoot%\System32\GEARSec.exe (autostart)
Utilità di classificazione pacchetti generica: System32\DRIVERS\msgpc.sys (manual start)
grmnusb: system32\drivers\grmnusb.sys (manual start)
Guida in linea e supporto tecnico: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Accesso periferica Human Interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Driver di classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
SSL HTTP: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
Driver di porta mouse PS/2 e tastiera i8042: System32\DRIVERS\i8042prt.sys (system)
Driver filtro masterizzazione CD: System32\DRIVERS\imapi.sys (system)
Servizio COM di masterizzazione CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start)
Driver Windows Firewall IPv6: system32\drivers\ip6fw.sys (manual start)
Driver filtro traffico IP: System32\DRIVERS\ipfltdrv.sys (manual start)
Driver tunnel IP in IP: System32\DRIVERS\ipinip.sys (manual start)
Traduttore indirizzi di rete IP: System32\DRIVERS\ipnat.sys (manual start)
Listener RIP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver IPSEC: System32\DRIVERS\ipsec.sys (system)
Servizio enumeratore infrarossi: System32\DRIVERS\irenum.sys (manual start)
Driver bus PnP ISA/EISA: System32\DRIVERS\isapnp.sys (system)
Driver classe tastiera: System32\DRIVERS\kbdclass.sys (system)
Mixer wave audio del kernel Microsoft: system32\drivers\kmixer.sys (manual start)
Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042Pr2.sys (manual start)
Logitech HID/USB Mouse Filter Driver: System32\DRIVERS\LHidFlt2.sys (manual start)
Logitech Keyboard Class Filter Driver: System32\DRIVERS\LKbdFlt2.sys (manual start)
Helper NetBIOS di TCP/IP: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.sys (manual start)
Condivisione desktop remoto di NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Driver classe mouse: System32\DRIVERS\mouclass.sys (system)
Driver di mouse HID: System32\DRIVERS\mouhid.sys (manual start)
Redirector del client WebDav: System32\DRIVERS\mrxdav.sys (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Microsoft DV Camera and VCR: system32\DRIVERS\msdv.sys (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Proxy di servizio di flusso Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy clock di flusso Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy di gestione qualità di flusso Microsoft: system32\drivers\MSPQM.sys (manual start)
Driver BIOS Microsoft System Management: System32\DRIVERS\mssmbios.sys (manual start)
Convertitore a T/Sito a sito per flusso Microsoft: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Connesione TV/Video Microsoft: system32\DRIVERS\NdisIP.sys (manual start)
Driver TAPI NDIS di accesso remoto: System32\DRIVERS\ndistapi.sys (manual start)
Protocollo I/O modalità utente su NDIS: System32\DRIVERS\ndisuio.sys (manual start)
Driver WAN NDIS di accesso remoto: System32\DRIVERS\ndiswan.sys (manual start)
NetBios su Tcpip: System32\DRIVERS\netbt.sys (system)
DDE di rete: %SystemRoot%\system32\netdde.exe (disabled)
DDE DSDM di rete: %SystemRoot%\system32\netdde.exe (disabled)
Connessioni di rete: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton Ghost: C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe (autostart)
Archivi rimovibili: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
Service for NVIDIA(R) nForce(TM) Audio Enumerator: system32\drivers\nvax.sys (manual start)
NVIDIA nForce MCP Networking Adapter Driver: system32\DRIVERS\NVENET.sys (manual start)
nvidesm: system32\drivers\nvidesm.sys (system)
Service for NVIDIA(R) nForce(TM) Audio: system32\drivers\nvapu.sys (manual start)
NVIDIA nForce AGP Bus Filter: system32\DRIVERS\nv_agp.sys (system)
Driver filtro traffico IPX: System32\DRIVERS\nwlnkflt.sys (manual start)
Driver inoltratore traffico IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)
Controller host OHCI compatibile IEEE 1394: System32\DRIVERS\ohci1394.sys (system)
Driver della porta parallela: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Servizi IPSEC: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Archiviazione protetta: %SystemRoot%\system32\lsass.exe (autostart)
Driver Direct Parallel Link: System32\DRIVERS\ptilink.sys (manual start)
PxHelper: \??\C:\WINDOWS\system32\drivers\PxHelper.sys (manual start)
Driver connessione automatica Accesso remoto: System32\DRIVERS\rasacd.sys (system)
Auto Connection Manager di Accesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Connection Manager di Accesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver PPPOE di accesso remoto: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Driver redirector periferica Terminal Server: System32\DRIVERS\rdpdr.sys (manual start)
Gestione sessione di assistenza mediante desktop remoto: C:\WINDOWS\system32\sessmgr.exe (manual start)
Driver filtro riproduzione CD-ROM audio digitale: System32\DRIVERS\redbook.sys (system)
Routing e Accesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Registro di sistema remoto: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Periferica Bluetooth (RFCOMM protocollo TDI): system32\DRIVERS\rfcomm.sys (manual start)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
RPC (Remote Procedure Call): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Gestione account di protezione (SAM): %SystemRoot%\system32\lsass.exe (autostart)
smart card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Utilità di pianificazione: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Accesso secondario: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notifica eventi di sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Driver filtro Serenum: System32\DRIVERS\serenum.sys (manual start)
Driver della porta seriale: System32\DRIVERS\serial.sys (system)
Windows Firewall / Condivisione connessione Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Rilevamento hardware shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Silicon Image SiI 3112 SATARaid Controller: system32\drivers\si3112r.sys (system)
Servizi semplici TCP/IP: %SystemRoot%\System32\tcpsvcs.exe (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Driver filtro USB Sony (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)
Frazionatore audio del kernel Microsoft: system32\drivers\splitter.sys (manual start)
Spooler di stampa: %SystemRoot%\system32\spoolsv.exe (autostart)
Driver filtro Ripristino configurazione di sistema: System32\DRIVERS\sr.sys (system)
Servizio Ripristino configurazione di sistema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Servizio di rilevamento SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Acquisizione di immagini di Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Driver bus software: System32\DRIVERS\swenum.sys (manual start)
Sintetizzatore Wavetable GS kernel Microsoft: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{0B070D2B-6FDE-4C45-B41C-A3420576547D} (manual start)
Periferica audio di sistema Microsoft Kernel: system32\drivers\sysaudio.sys (manual start)
Avvisi e registri di prestazioni: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver protocollo TCP/IP: System32\DRIVERS\tcpip.sys (system)
Driver della periferica terminale: System32\DRIVERS\termdd.sys (system)
Servizi terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Temi: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Manutenzione collegamenti distribuiti client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Driver aggiornamento microcodice: System32\DRIVERS\update.sys (manual start)
Host di periferiche Plug and Play universali: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Gruppo di continuità: %SystemRoot%\System32\ups.exe (manual start)
Driver Miniport controller enhanced host USB 2.0 Microsoft: System32\DRIVERS\usbehci.sys (manual start)
Hub abilitato USB2: System32\DRIVERS\usbhub.sys (manual start)
Driver miniport per controller open host USB Microsoft: System32\DRIVERS\usbohci.sys (manual start)
Classe stampanti USB Microsoft: System32\DRIVERS\usbprint.sys (manual start)
Driver archiviazione di massa USB: system32\DRIVERS\USBSTOR.SYS (manual start)
Controller video VGA.: \SystemRoot\System32\drivers\vga.sys (system)
Copia replicata del volume: %SystemRoot%\System32\vssvc.exe (manual start)
Ora di Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver ARP IP di accesso remoto: System32\DRIVERS\wanarp.sys (manual start)
Driver di compatibilità audio Microsoft WINMM WDM: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Strumentazione gestione Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Servizio Numero di serie per dispositivi multimediali portatili: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Estensioni driver di Strumentazione gestione Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Scheda WMI Performance: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Centro sicurezza PC: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Codec World Standard Teletext: system32\DRIVERS\WSTCODEC.SYS (manual start)
Aggiornamenti automatici: %systemRoot%\System32\svchost.exe -k netsvcs (autostart)
Zero Configuration reti senza fili: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Servizio Provisioning di rete: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 34.202 bytes
Report generated in 0,172 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

fatto come mi hai detto..Non so a cosa possa servire pero..grazie di tutto
gauchio
Utente Junior
 
Post: 41
Iscritto il: 28/10/05 09:03

Postdi lucas/s » 12/02/06 14:44

durante la schermata blu ricevi per caso il nome del file che ha creato il crash?ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi gauchio » 12/02/06 15:57

mi sembrava di si...peroil nome del file non me lo ricordo...cmq la schermata blu non mi viene sempre ogni tanto...insomma non riesco a spegngere..
gauchio
Utente Junior
 
Post: 41
Iscritto il: 28/10/05 09:03

Postdi lucas/s » 12/02/06 16:09

senza il nome poco si capisce,magari alla prossima segnati il nome e poi si vede,ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi gauchio » 12/02/06 17:11

sono riuscito a fare il file report co il prgramma fixware eccolo..


Fixwareout ver 1.003
Last edited 1/12/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1dedoc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llams_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\domdnb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\orcimlh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ytpme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool
se ho ben capito questo progrmamma mi dice quali sono e chiavi recentemente eliminate...ditemi che ora riuscite a dirmi qualcosa.... :aaah
gauchio
Utente Junior
 
Post: 41
Iscritto il: 28/10/05 09:03

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Dialer web.exe":

Dialer, virus vari
Autore: zena
Forum: Sicurezza e Privacy
Risposte: 4
Probabile dialer
Autore: prof2000
Forum: Sicurezza e Privacy
Risposte: 5

Chi c’è in linea

Visitano il forum: Nessuno e 23 ospiti