le scelte sugli antispy non mi trovano d'accordo comunque prima riposta un log di hijack e vediamo il da farsi
ciao
le scelte sugli antispy non mi trovano d'accordo comunque prima riposta un log di hijack e vediamo il da farsi
ciao
ciao aris73 grazie per la pazienza.
Logfile of HijackThis v1.99.1
Scan saved at 20.37.52, on 07/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\IObit\Advanced WindowsCare V2\Awc.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Documents and Settings\ggg\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.html.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - TELE2Internet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Programmi\IObit\Advanced WindowsCare V2\Awc.exe" /startup
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\ggg\Desktop\PrevxFixGrom.exe" -scan
O4 - HKLM\..\Run: [NI.UWA6PT_0001_N91M2107] "C:\Documents and Settings\ggg\Desktop\WinAntiVirusPro2006FreeInstal l_it.exe" -nag
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?820e915c10f5465bbd011988b5f69d7b
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?820e915c10f5465bbd011988b5f69d7b
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.it/redirect/dial_up
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred Control) - file://C:\Programmi\AutoCAD LT 2000i Ita\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD LT 2000i Ita\AcDcToday.ocx
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://safe.tele2.com/inc/accounthelper.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD LT 2000i Ita\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DA0FC64-6502-4AFA-9FF4-458522C5C427}: NameServer = 212.151.136.246 130.244.127.169
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: MRDZPH - Unknown owner - C:\DOCUME~1\ggg\IMPOST~1\Temp\MRDZPH.exe (file missing)
O23 - Service: QIOEODE - Unknown owner - C:\DOCUME~1\ggg\IMPOST~1\Temp\QIOEODE.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
fixa
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://safe.tele2.com/inc/accounthelper.cab
O23 - Service: MRDZPH - Unknown owner - C:\DOCUME~1\ggg\IMPOST~1\Temp\MRDZPH.exe (file missing)
O23 - Service: QIOEODE - Unknown owner - C:\DOCUME~1\ggg\IMPOST~1\Temp\QIOEODE.exe (file missing)
scarica Ccleaner, lo installi e lo apri, vai su Opzioni -> avanzate, e togli la spunta a "Cancella files in windows temp solo se più vecchi di 48 ore" elimina i file temporanei e chiavi di registro
grazie di nuovo aris73
ascolta ho fatto come mi hai detto ma mi servono alcuni chiarimenti.
ho fixato:
O23 - Service: MRDZPH - Unknown owner - C:\DOCUME~1\ggg\IMPOST~1\Temp\MRDZPH.exe (file missing)
O23 - Service: QIOEODE - Unknown owner - C:\DOCUME~1\ggg\IMPOST~1\Temp\QIOEODE.exe (file missing)
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) -
ma non ho capito ha cosa mi serve
https://safe.tele2.com/inc/accounthelper.cab
per quandoi riguarda ccleaner facendo avanzate "Cancella files in windows temp solo se più vecchi di 48 ore" ho cancellato anche le chiavi registro?
se ho svolto tutto come si deve il mio computer è pulito?
ciao ciao
sì cancelli anche le chiavi di registro, e la 016 quella indicata era da fixare, non che ti servisse a qualcosa, e il tuo pc a questo punto dovrebbe essere pulito
ciao
GRAZIE MILLE aris73
un'ultima cosa, come faccio acancellare le chiavi registro?
ora io ho istallato avast come antivirus, avg 7.5 free come antivirus, avg anti-spyware e zona allarm.
tu cosa mi consigli?
ciao
per le chiavi di registro puoi usare tranquillamente CCleaner, l'opzione per intenderci dove c'é un cubo che si sgretola, per i programmi scelti vanno benissimo, aggiungerei solo spyware terminator e sei a posto
ciao
Permessi di invio
Rispondi quotando