Spero che il log sia quello giusto e comunque lo divido in due parti.
1° parte
StartupList report, 07/09/2007, 11.44.37
StartupList version: 1.52.2
Started from : C:\Documents and Settings\lucio\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
* Including empty and uninteresting sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\HSFPWCFG.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\HP\HP Software Update\HPWuSchd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Programmi\Power Soft\Freebie Notes\FreebieNotes.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Wireless LAN Utility\SiWake.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\PopTray\PopTray.exe
C:\Programmi\File comuni\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\RamBooster 2.0\Rambooster.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\Documents and Settings\lucio\Desktop\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\lucio\Menu Avvio\Programmi\Esecuzione automatica]
PopTray.lnk = C:\Programmi\PopTray\PopTray.exe
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
Logitech SetPoint.lnk = ?
SiWake.lnk = C:\Programmi\Wireless LAN Utility\SiWake.exe
Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Win logon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Win logon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SiSUSBRG = C:\WINDOWS\SiSUSBrg.exe
Hcontrol = C:\WINDOWS\ATK0100\Hcontrol.exe
HSFPWCFG.EXE = C:\WINDOWS\HSFPWCFG.EXE
SynTPLpr = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
avgnt = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
Kernel and Hardware Abstraction Layer = KHALMNPR.EXE
RemoteControl = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
AnyDVD = C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
SoundMan = SOUNDMAN.EXE
HP Software Update = "C:\Programmi\HP\HP Software Update\HPWuSchd.exe"
HP Component Manager = "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
Logitech Hardware Abstraction Layer = KHALMNPR.EXE
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
QuickTime Task = "C:\Programmi\QuickTime\QTTask.exe" -atboottime
SunJavaUpdateSched = "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe "
ZoneAlarm Client = "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
Adobe Reader Speed Launcher = "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SpywareTerminator = "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield. exe"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
LDM = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
Freebie Notes = "C:\Programmi\Power Soft\Freebie Notes\FreebieNotes.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Rispondi quotando