Salve
dopo aver provato tutti i software della guida oltre a quelli che gia' conoscevo non sono ancora riuscito ad eliminare un icona che sie' creata sul desktop dopo che ho aperto (da pollastro) una mail che aveva link a dei falsi documenti.
Praticamente ora c'e' questa icona che si chiama "connessione veloce" e se ci clicco col destro appare la scritta "open my menu"
ho scansionato con Hijackthis che mi trova delle stringhe nel registro che fanno riferimento a degli exe che mi fanno aprire explorer ogni volta che accendo il pc, ma se provo ad eliminarle alla successiva scansione con Hijack riappaiono come se non avessi fatto nulla...
sotto c'e' il log di Hijackthis
Ciao
Freddie
Logfile of HijackThis v1.99.0
Scan saved at 11.10.31, on 05/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINNT\LogWatNT.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programmi\ATnotes\ATnotes.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Auton8.1\Auton.exe
C:\Programmi\think3\2006.1\thinkdesign\bin\tdesign .exe
C:\Programmi\think3\2006.1\thinkteam\api\com\relea se\TTComApi.exe
C:\Programmi\think3\2006.1\common\utilities\T3Trac er\T3TraceSrv.exe
C:\PROGRA~1\think3\2006.1\THINKT~2\api\com\release \PYSERV~1\TTCONN~1.EXE
C:\Programmi\think3\2006.1\common\tteam.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Documents and Settings\Administrator\Desktop\Paolo\HijackThis.ex e
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gooogle.bz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMONTRAY] C:\Programmi\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [CaISSDT] "C:\Programmi\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programmi\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunOnce: [eISS_licreg] "C:\Programmi\CA\eTrust Internet Security Suite\licreg.exe" /s
O4 - HKCU\..\Run: [ATnotes.exe] C:\Programmi\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [stampa_tutte_le_pagine[1].exe] C:\WINNT\system32\winsvc\svc\stampa_tutte_le_pagin e[1].exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Image Converter 2 ??? - C:\Programmi\Sony\Image Converter 2\menu.htm
O15 - Trusted Zone: www.gooogle.bz
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C360DD09-D8B0-480D-AC1D-0C8C40418324}: NameServer = 151.99.125.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel(R) Active Monitor - Intel Corp. - C:\Programmi\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: InCD Helper - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Event Log Watch - Unknown - C:\WINNT\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
Rispondi quotando