Problema con spyware

**Neptune** · 22-09-2007, 10:57

Salve a tutti,
mi appare finestra "Warning! Potential Spyware Operation!" , invitandomi a lanciare il programma che dovrebbe rimuovere il tutto, come in questa discussione.

Ho provato con avg antivirus, con spybot ma nulla, il problema persiste e non mi fa accedere nemmeno al pannello di controllo o al task manager.

Ho quindi installato hijack, come mia ultima speranza, mi sapete dire cosa devo eliminare?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.43.37, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Winamp\Winampa.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Microsoft Shared\Help 8\dexplore.exe
C:\WINDOWS\AutoUpdateWin32.exe
C:\WINDOWS\system32\gcc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winavxx.exe
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxga4m1et4.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Guido\IMPOST~1\Temp\pa_0172.exe
C:\Programmi\WinAble\winable.exe
C:\DOCUME~1\Guido\IMPOST~1\Temp\1.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\TEMP\hd455.tmp
C:\WINDOWS\AutoUpdateWin33.exe
C:\Documents and Settings\Guido\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\gcc.exe,C:\WINDOWS\system32\gcc.exe,C: \WINDOWS\system32\codeblocks.exe,C:\WINDOWS\system 32\vmware-ufad.exe,C:\WINDOWS\system32\undname.exe,
O2 - BHO: Google Toolbar Helper - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Documents and Settings\Guido\Google\googletoolbar1.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {92E8D30A-02D1-4C2D-BEBE-F4F99F1357A3} - C:\WINDOWS\system32\dsdmopr.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [C:\DOCUME~1\Guido\IMPOST~1\Temp\update.exe] C:\DOCUME~1\Guido\IMPOST~1\Temp\update.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [autoload] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [autorun] C:\Documents and Settings\Guido\svchost.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [WinAble] C:\Programmi\WinAble\winable.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\sysnet32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documenti\Settings\bot.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

--
End of file - 6341 bytes

Vi ringrazio in anticipo per la pazienza,
Neptune.

**ste_95** · 22-09-2007, 11:00

seleziona a sinistra queste voci e premi in basso fix checked:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\gcc.exe,C:\WINDOWS\system32\gcc.exe,C: \WINDOWS\system32\codeblocks.exe,C:\WINDOWS\system 32\vmware-ufad.exe,C:\WINDOWS\system32\undname.exe,
O4 - HKLM\..\Run: [C:\DOCUME~1\Guido\IMPOST~1\Temp\update.exe] C:\DOCUME~1\Guido\IMPOST~1\Temp\update.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [autoload] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [autorun] C:\Documents and Settings\Guido\svchost.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [WinAble] C:\Programmi\WinAble\winable.exe
O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\sysnet32.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documenti\Settings\bot.dll

poi scarica avenger, link nella mia firma, aprilo, vai su input script manually, poi sulla lente e copia quanto segue:

Files to delete:
C:\DOCUME~1\Guido\IMPOST~1\Temp\
C:\WINDOWS\system32\kernelwind32.exe
C:\WINDOWS\system32\WinAvXX.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Documents and Settings\Guido\svchost.exe
C:\Programmi\WinAble\winable.exe
C:\WINDOWS\service32.exe
C:\WINDOWS\sysnet32.exe
C:\WINDOWS\system32\systems.txt
C:\Documents and Settings\All Users\Documenti\Settings\bot.dll
C:\WINDOWS\AutoUpdateWin32.exe
C:\WINDOWS\system32\gcc.exe
C:\WINDOWS\system32\winavxx.exe
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\DOCUME~1\Guido\IMPOST~1\Temp\pa_0172.exe
C:\DOCUME~1\Guido\IMPOST~1\Temp\1.exe
C:\WINDOWS\TEMP\hd455.tmp
C:\WINDOWS\system32\codeblocks.exe
C:\WINDOWS\system32\vmware-ufad.exe
C:\WINDOWS\system32\undname.exe

Folders to delete:
C:\WINDOWS\TEMP
C:\DOCUME~1\Guido\IMPOST~1\Temp
C:\Programmi\WinAble

poi vai su done, poi sul semaforino, acconsenti, a questo punto il computer dovrebbe riavviarsi, altrimenti fallo tu. al riavvio posta il contenuto del blocco note che apparirà..

come va?

**tecnico24** · 22-09-2007, 11:08

ciao netpune,scaricati atf cleaner e salvalo sul dekstop.
avvia hijackthis,clicca sull'opzione Do a system scan only seleziona a sinistra su queste voci:

O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documenti\Settings\bot.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O4 - Global Startup: autorun.exe
O4 - Startup: system.exe
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\sysnet32.exe
O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [autorun] C:\Documents and Settings\Guido\svchost.exe
O4 - HKCU\..\Run: [autoload] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [C:\DOCUME~1\Guido\IMPOST~1\Temp\update.exe] C:\DOCUME~1\Guido\IMPOST~1\Temp\update.exe
O2 - BHO: (no name) - {92E8D30A-02D1-4C2D-BEBE-F4F99F1357A3} - C:\WINDOWS\system32\dsdmopr.dll
O2 - BHO: Google Toolbar Helper - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Documents and Settings\Guido\Google\googletoolbar1.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe

e clicca sotto su Fix checked.

scarica avenger http://swandog46.geekstogo.com/avenger.zip
clicca su input script manually e poi sulla lente di ingrandimento.
nello spazio vuoto inserisci questo script in rosso con copia,incolla:

files to delete:
C:\WINDOWS\AutoUpdateWin33.exe
C:\DOCUME~1\Guido\IMPOST~1\Temp\1.exe
C:\DOCUME~1\Guido\IMPOST~1\Temp\pa_0172.exe
C:\WINDOWS\system32\vedxga4m1et4.exe
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\winavxx.exe
C:\WINDOWS\AutoUpdateWin32.exe

clicca su Done,poi sul semaforo con luce verde,due volte si,riavvia il pc e posta sul ofrum il log di avenger(c:/avenger.txt)
poi avvi atf cleaner,clicca sull opzione select all e poi su empty selected.
aspetta il messaggio done cleaning!!

P.S questo C:\Programmi\WinAble\winable.exe lo conosci?

**bdori@no** · 22-09-2007, 11:23

Ciao neptune,

Giusto per aumentare la confusione...

Prima di procedere alla cancellazione di C:\Programmi\WinAble\winable.exe, ti consiglierei di caricarlo su http://www.virustotal.com/it e aspettare il responso.
Se le scansioni danno esito positivo (cioè è un virus, puoi procedere con la cancellazione).

Tra i due script proposti, sicuramente il più "azzeccato" è quello di ste_95.
Però entrambi dimenticano che per scoprire i nuovi virus (soprattutto su un pc così "conciato"), hijackthis non basta più.
Buona fortuna.

@ste_95:
correggi i links di gmer e elibagla nella tua firma, non sono funzionanti.

**tecnico24** · 22-09-2007, 11:26

@bdori@no
da indicare pero' che ste non pensa prima di scrivere.ha messo nel log il programma di winable,mentre invece io sono andato sul piu' sicuro.
sappiamo benissimo che non serve solo hijack per eliminare virus,siamo aggiornati,non ti preoccupare,non sei il solo.

**ste_95** · 22-09-2007, 11:26

wianble non sembrava bello...: http://nz.answers.yahoo.com/question...5104752AAsrGkx

garzie, vedo che c'è anche service32...segui anche questa guida:

http://www.pcalsicuro.com/main/2006/...torna-di-moda/

ps. OT li avevo corretti, ma sono ancora sbagliati, appeno ho tempo ci do un occhio...

**ste_95** · 22-09-2007, 11:27

Originariamente inviato da tecnico24
@bdori@no
da indicare pero' che ste non pensa prima di scrivere.ha messo nel log il programma di winable,mentre invece io sono andato sul piu' sicuro.
sappiamo benissimo che non serve solo hijack per eliminare virus,siamo aggiornati,non ti preoccupare,non sei il solo.

guarda il link su winable...e poi dimmi, mica metto nello script tutto il log...

**tecnico24** · 22-09-2007, 11:35

@neptune
vai qui e vedi se il programma e libero da spyware o virus.

http://translate.google.com/translat...%3Dit%26sa%3DG

**Neptune** · 22-09-2007, 11:41

Ho eseguito lo script di ste ed il responso è il seguente:

codice:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bnctarwu

*******************

Script file located at: \??\C:\Program Files\lfqhyvuw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Error: C:\DOCUME~1\Guido\IMPOST~1\Temp\ is a folder, not a file!
Deletion of file C:\DOCUME~1\Guido\IMPOST~1\Temp\ failed!

Could not process line:
C:\DOCUME~1\Guido\IMPOST~1\Temp\
Status: 0xc00000ba

File C:\WINDOWS\system32\kernelwind32.exe deleted successfully.
File C:\WINDOWS\system32\WinAvXX.exe deleted successfully.
File C:\WINDOWS\system32\drivers\svchost.exe deleted successfully.


File C:\Documents and Settings\Guido\svchost.exe not found!
Deletion of file C:\Documents and Settings\Guido\svchost.exe failed!

Could not process line:
C:\Documents and Settings\Guido\svchost.exe
Status: 0xc0000034

File C:\Programmi\WinAble\winable.exe deleted successfully.
File C:\WINDOWS\service32.exe deleted successfully.
File C:\WINDOWS\sysnet32.exe deleted successfully.
File C:\WINDOWS\system32\systems.txt deleted successfully.
File C:\Documents and Settings\All Users\Documenti\Settings\bot.dll deleted successfully.
File C:\WINDOWS\AutoUpdateWin32.exe deleted successfully.
File C:\WINDOWS\system32\gcc.exe deleted successfully.


File C:\WINDOWS\system32\winavxx.exe not found!
Deletion of file C:\WINDOWS\system32\winavxx.exe failed!

Could not process line:
C:\WINDOWS\system32\winavxx.exe
Status: 0xc0000034

File C:\WINDOWS\system32\dllh8jkd1q2.exe deleted successfully.
File C:\WINDOWS\system32\vedxg4am1et2.exe deleted successfully.
File C:\DOCUME~1\Guido\IMPOST~1\Temp\pa_0172.exe deleted successfully.
File C:\DOCUME~1\Guido\IMPOST~1\Temp\1.exe deleted successfully.
File C:\WINDOWS\TEMP\hd455.tmp deleted successfully.
File C:\WINDOWS\system32\codeblocks.exe deleted successfully.
File C:\WINDOWS\system32\vmware-ufad.exe deleted successfully.
File C:\WINDOWS\system32\undname.exe deleted successfully.
Folder C:\WINDOWS\TEMP deleted successfully.
Folder C:\DOCUME~1\Guido\IMPOST~1\Temp deleted successfully.
Folder C:\Programmi\WinAble deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Per la cronaca winable non so cosa sia e windows l'ho reinstallato due giorni fa!

Ad ogni modo continua a non farmi accedere al pannello di controllo, e continua con un'altro problema: ogni minuto o due non mi va più la rete! (prendo la connessione da un router).

**Neptune** · 22-09-2007, 11:44

Mentre hajack mi da questo log adesso:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.43.04, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Guido\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Google Toolbar Helper - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Documents and Settings\Guido\Google\googletoolbar1.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {92E8D30A-02D1-4C2D-BEBE-F4F99F1357A3} - C:\WINDOWS\system32\dsdmopr.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{025EFE8B-50A4-4055-9EB1-3A2813A76811}: NameServer = 217.16.18.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{19D143B2-07EE-43F5-8B99-762A6F1CFC52}: NameServer = 217.16.18.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{220ED701-3A47-43A6-B137-D92957D896D6}: NameServer = 217.16.18.185
O17 - HKLM\System\CS1\Services\Tcpip\..\{025EFE8B-50A4-4055-9EB1-3A2813A76811}: NameServer = 217.16.18.185
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documenti\Settings\bot.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

--
End of file - 4788 bytes

Discussione: Problema con spyware

Strumenti discussione

Ricerca discussione

Visualizza

Problema con spyware

Permessi di invio