Condividi:        

Archiviosex.net / e1xplorer

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi fusto3 » 25/05/06 15:55

:o Opsss..ho incollato l' immagine per sbaglio!
fusto3
Utente Junior
 
Post: 14
Iscritto il: 23/05/06 15:36

Sponsor
 

Postdi Luke57 » 26/05/06 08:08

Ciao, scusa il ritardo
1)Il services.exe presente nei processi è quello legittimo
2)Utilizza killbox da qui
http://www.bleepingcomputer.com/files/s ... illBox.zip
- estrailo sul desktop e apri la cartella che lo contiene e quindi avvialo
- Seleziona l'opzione Delete on Reboot . Nello spazio scrivi il percorso del file da eliminare
C:\WINDOWS\SERVICES.EXE
e clicchi sulla crocetta rossa ( il computer si riavvierà).
3) Vai nel registro di sistema con le procedure già spiegate per eliminare la voce presente in F2 del log di hijackthis.
4) Altro non saprei che cosa suggerire ;)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi fusto3 » 26/05/06 10:36

Kill box mi dice di non poeterlo eliminare ma il pc si riavvia
fusto3
Utente Junior
 
Post: 14
Iscritto il: 23/05/06 15:36

Postdi fusto3 » 27/05/06 11:32

Con mio grande dispiacere formatterò il pc... :cry:
fusto3
Utente Junior
 
Post: 14
Iscritto il: 23/05/06 15:36

Postdi fusto3 » 27/05/06 11:33

Cmq grazie lo stesso per la disponibilità
fusto3
Utente Junior
 
Post: 14
Iscritto il: 23/05/06 15:36

Postdi Luke57 » 27/05/06 14:17

Ciao, mi dispiace, non so se servirà ma prova anche Unlocker, qui:
http://ccollomb.free.fr/unlocker/unlocker1.8.3.exe
è un piccolo programma. Una volta installato, se clicchi con il tasto destro sul file da eliminare, nel menu contestuale appare il simbolo di Unlocker e la possibilità di eliminare il file ricorrendo al programma.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi isaacalves27 » 01/06/06 15:20

Anchio o questo problema del archiviosex.net... Ho gia eseguito tutti i programmi di anti spam piu conosciuti ma non sono riuscito a combinare niente... Mi potete aiutare con il HiJack? Ecco il mio hijackthis log file
Grazie per laiuto!!!!! :cry:
isaacalves27
Newbie
 
Post: 9
Iscritto il: 01/06/06 15:01

Postdi isaacalves27 » 01/06/06 15:22

Ecco il mio log:

Logfile of HijackThis v1.99.1
Scan saved at 16.21.42, on 01/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spoolsvc.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1987324.com?301
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1987324.com/?301
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Programmi\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: *.1987324.com
O15 - Trusted Zone: *.aflashcounter.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87FECC84-C2E6-42D3-80EC-564BFF1BFD19}: NameServer = 85.37.17.8 85.38.28.73
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe

Grazie mille per laiuto!
isaacalves27
Newbie
 
Post: 9
Iscritto il: 01/06/06 15:01

Postdi andorra24 » 01/06/06 15:44

Ciao, apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'' :

C:\WINDOWS\system32\spoolsvc.exe (spoolsvc con la c finale )
C:\WINDOWS\system32\dcomcfg.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1987324.com?301
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1987324.com/?301
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: *.1987324.com
O15 - Trusted Zone: *.aflashcounter.com

Assicurati di eliminare questi files exe:

C:\WINDOWS\system32\spoolsvc.exe
C:\WINDOWS\system32\dcomcfg.exe

Puoi farlo usando hijackthis. Apri hijackthis, clicca su Open the misc tools section e premi su Delete a file on reboot. Segui il percorso preciso ed individua i files da eliminare e premi ''apri''. Ti apparira' una finestrella che ti chiede conferma dell'eliminazione del file al reboot.


Fai una scansione con ewido:
http://download.ewido.net/ewido-setup.exe
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Grazie!!!!

Postdi isaacalves27 » 01/06/06 17:17

Sembra che ha funzionato! Grazie mille!!!! :lol: Questo programma Ewido e un antivirus normale ho serve solo a capire il software che non funziona? A che cosa serve esattamente?
Siete bravissimi!
isaacalves27
Newbie
 
Post: 9
Iscritto il: 01/06/06 15:01

Re: Grazie!!!!

Postdi andorra24 » 01/06/06 17:36

isaacalves27 ha scritto:Sembra che ha funzionato! Grazie mille!!!! :lol: Questo programma Ewido e un antivirus normale ho serve solo a capire il software che non funziona? A che cosa serve esattamente?
Siete bravissimi!

Ewido non e' un antivirus ma e' un anti-malware cioe' un programma specializzato in varie tipologie di malwares come trojans,dialers,spyware,keyloggers. Funziona in versione full per 14 giorni (cioe' con la protezione in real time e gli updates automatici), scaduti questi 14 giorni il programma rimane free per fare scansioni on demand ma perde la protezione in real time e gli updates vanno fatti manualmente. E' un buon programma, ti consiglio di usarlo spesso. :)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi isaacalves27 » 01/06/06 17:48

Grazie! Spero non avere bisogno di usare questo sito per un po di tempo!! Continuate il buon lavor! Grazie :)
isaacalves27
Newbie
 
Post: 9
Iscritto il: 01/06/06 15:01

Postdi Molash » 18/06/06 23:42

Anch'io ho lostesso problema.... ora posto il log di Hijackthis.. aiutooo!
grazie

Logfile of HijackThis v1.99.1
Scan saved at 0.37.29, on 19/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\smss.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nbsystem.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\winsock2.6.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spoolsvc.exe
C:\WINDOWS\System32\HIMENSYST.EXE
C:\Documents and Settings\ANDREA\Dati applicazioni\tofareraci\systvmrs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Wireless LAN Utility\SiWake.exe
C:\Programmi\Wireless LAN Utility\SiSCFG.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\sysmon.exe
C:\Documents and Settings\ANDREA\Desktop\Temi d'esame ric op\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1987324.com?301
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=explorer.exe winsock2.6.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKLM\..\Run: [oeuai] C:\Documents and Settings\ANDREA\Dati applicazioni\tofareraci\systvmrs.exe
O4 - HKLM\..\Run: [winsockdriver] winsock2.6.exe
O4 - HKLM\..\RunServices: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [shell] "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\RunOnce: [winsockdriver] winsock2.6.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Hotkey.lnk = C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: SiWake.lnk = C:\Programmi\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O15 - Trusted Zone: http://www.1987324.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O23 - Service: aol software (Aol Software) - Unknown owner - C:\WINDOWS\smss.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Network Browser (NBSystem) - Unknown owner - C:\WINDOWS\system32\nbsystem.exe (file missing)
Molash
Newbie
 
Post: 5
Iscritto il: 18/06/06 23:26

Postdi Molash » 19/06/06 00:15

nel riavviare le cose sono peggiorate... ecco il nuovo log. grazie

ogfile of HijackThis v1.99.1
Scan saved at 1.02.58, on 19/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\smss.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nbsystem.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\winsock2.6.exe
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\spoolsvc.exe
C:\WINDOWS\System32\HIMENSYST.EXE
C:\Documents and Settings\ANDREA\Dati applicazioni\tofareraci\systvmrs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Wireless LAN Utility\SiWake.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Wireless LAN Utility\SiSCFG.exe
C:\Documents and Settings\ANDREA\Desktop\Temi d'esame ric op\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=explorer.exe winsock2.6.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKLM\..\Run: [oeuai] C:\Documents and Settings\ANDREA\Dati applicazioni\tofareraci\systvmrs.exe
O4 - HKLM\..\Run: [winsockdriver] winsock2.6.exe
O4 - HKLM\..\RunServices: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [shell] "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\RunOnce: [winsockdriver] winsock2.6.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Hotkey.lnk = C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: SiWake.lnk = C:\Programmi\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.sgrunt.biz
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O23 - Service: aol software (Aol Software) - Unknown owner - C:\WINDOWS\smss.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Network Browser (NBSystem) - Unknown owner - C:\WINDOWS\system32\nbsystem.exe
Molash
Newbie
 
Post: 5
Iscritto il: 18/06/06 23:26

Postdi andorra24 » 19/06/06 07:26

Ciao, apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'' :

C:\WINDOWS\smss.exe
C:\WINDOWS\system32\nbsystem.exe
C:\WINDOWS\system32\winsock2.6.exe
C:\WINDOWS\System32\spoolsvc.exe
C:\WINDOWS\System32\HIMENSYST.EXE

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

C:\Documents and Settings\ANDREA\Dati applicazioni\tofareraci\systvmrs.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 (se non usi proxy puoi eliminarla)
F2 - REG:system.ini: Shell=explorer.exe winsock2.6.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKLM\..\Run: [oeuai] C:\Documents and Settings\ANDREA\Dati applicazioni\tofareraci\systvmrs.exe
O4 - HKLM\..\Run: [winsockdriver] winsock2.6.exe
O4 - HKLM\..\RunServices: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKCU\..\Run: [shell] "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\RunOnce: [winsockdriver] winsock2.6.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.sgrunt.biz
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name
O23 - Service: aol software (Aol Software) - Unknown owner - C:\WINDOWS\smss.exe
O23 - Service: Network Browser (NBSystem) - Unknown owner - C:\WINDOWS\system32\nbsystem.exe

assicurati di eliminare i seguenti files exe:

C:\WINDOWS\smss.exe
C:\WINDOWS\system32\nbsystem.exe
C:\WINDOWS\system32\winsock2.6.exe
C:\WINDOWS\System32\spoolsvc.exe
C:\WINDOWS\System32\HIMENSYST.EXE
C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00001.exe
C:\Documents and Settings\ANDREA\Dati applicazioni\tofareraci\systvmrs.exe (visualizza cartelle e file nascosti,segui il percorso ed elimina l'intera cartella tofareraci)

Puoi farlo usando hijackthis. Apri hijackthis, clicca su Open the misc tools section e premi su Delete a file on reboot. Segui il percorso preciso ed individua i files da eliminare e premi ''apri''. Ti apparira' una finestrella che ti chiede conferma dell'eliminazione del file al reboot.

Fai una scansione con ewido:
http://download.ewido.net/ewido-setup.exe
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Luke57 » 19/06/06 07:55

Ciao, in aggiunta alle istruzioni di andorra 24 scarica questi programmi:
stinger 2.6.0 da qui:
http://vil.nai.com/vil/stinger/
e mettilo sul desktop ( è stand alone, non va installato)

Scarica Killsgrunt da qui:
http://www.francydelorenzi.it/Sicurezza ... illsgrunt/
ci sono anche le istruzioni 'uso

Scarica ATFCleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
Per eliminare i file temporanei

Prima di eseguire le operazioni con hijakthis, lancia killsgrunt

Prima di procedere al'eliminazione dei file infetti fai una scansione con stinger 260 su tutte le unità fisse del computer (basta avviarlo con doppio click e scegliere Scan, dopo aver impostato le unità da visionare)

Per eliminare file temp e tmp di windows, cache di IE, coojkies, avvia ATF cleaner, cliccando sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!".
Buon lavoro !
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Luke57 » 19/06/06 07:58

Ciao, scusa se intervengo ancora.
Esegui anche questa operazione, dopo aver fissato le voci con hijackthis:
Start>esegui>sc stop NBSystem (lo copi nello spazio)>OK
Sart>esegui>sc delete NBSystem (lo copi nello spazio)>OK
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Molash » 19/06/06 17:27

Grazie... ho seguito i vostri preziosi consigli e sembra tutto ok! posto comunque il nuovo log... ditemi voi! grazie ancora

Logfile of HijackThis v1.99.1
Scan saved at 18.21.15, on 19/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Wireless LAN Utility\SiWake.exe
C:\Programmi\Wireless LAN Utility\SiSCFG.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\ANDREA\Desktop\Temi d'esame ric op\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1987324.com?301
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Hotkey.lnk = C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: SiWake.lnk = C:\Programmi\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O23 - Service: aol software (Aol Software) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
Molash
Newbie
 
Post: 5
Iscritto il: 18/06/06 23:26

Postdi andorra24 » 19/06/06 17:46

Fixa ancora queste 2:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1987324.com?301
O23 - Service: aol software (Aol Software) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Molash » 19/06/06 19:12

Non se ne va la voce di smss.exe... ecco il log

Logfile of HijackThis v1.99.1
Scan saved at 20.11.33, on 19/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Wireless LAN Utility\SiWake.exe
C:\Programmi\Wireless LAN Utility\SiSCFG.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\ANDREA\Desktop\Temi d'esame ric op\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Hotkey.lnk = C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: SiWake.lnk = C:\Programmi\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3102CE0-0E83-4916-A209-CC391D91DD8E}: NameServer = 85.37.17.7 85.38.28.95
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O23 - Service: aol software (Aol Software) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
Molash
Newbie
 
Post: 5
Iscritto il: 18/06/06 23:26

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "Archiviosex.net / e1xplorer":

e1xplorer
Autore: Zaba
Forum: Sicurezza e Privacy
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 42 ospiti