HijackThis:<<cosa fixo a un amico?>>

[marama]

Abbiamo già eliminato una marea di pocherie ma vorrei il vs parere perchè secondo me c'è ancora tanto da togliere...grazie!!!!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Documents and Settings\Andrea\Desktop\cde.exe
C:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\wind ows\macromediahelper.exe",
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {E32EF60D-E603-8D0A-0D1D-F979B0923CED} - C:\WINDOWS\gnxmt1.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "D:\Andrea\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Programmi\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/gam...s/y/mjst4_x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD19138-51FD-44FB-ACAE-AEE272DC24A4}: NameServer = 85.37.17.50 85.38.28.76
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

[BabboNapoli]

Elimina queste voci:
R3 - Default URLSearchHook is missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD19138-51FD-44FB-ACAE-AEE272DC24A4}: NameServer = 85.37.17.50 85.38.28.76

[marama]

Originariamente inviato da BabboNapoli
Elimina queste voci:
R3 - Default URLSearchHook is missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD19138-51FD-44FB-ACAE-AEE272DC24A4}: NameServer = 85.37.17.50 85.38.28.76

Ciao,sei sicuro della 017???mi sembrano i dns....

[Habanero]

Originariamente inviato da BabboNapoli
Elimina queste voci:
R3 - Default URLSearchHook is missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD19138-51FD-44FB-ACAE-AEE272DC24A4}: NameServer = 85.37.17.50 85.38.28.76

perchè dici di eliminare i dns di telecom?
non che faccia un gran danno dato che vengono rigenerati alla successiva connessione ma non sono dannosi.


In ogni caso marama sembra esserci traccia di linkoptimizer...
Hai già provato a leggere questo?
http://forum.html.it/forum/showthrea...readid=1046884

Inoltre farei il fix di
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\wind ows\macromediahelper.exe",

[Habanero]

anzi leggerei anche questo post di amvinfe:
http://forum.html.it/forum/showthrea...8#post10099088

[BabboNapoli]

Originariamente inviato da Habanero
perchè dici di eliminare i dns di telecom?
non che faccia un gran danno dato che vengono rigenerati alla successiva connessione ma non sono dannosi.

Hai ragione errore mio!!

Inoltre farei il fix di
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\wind ows\macromediahelper.exe",

Perche bisogna fixxarlo??

[Habanero]

Originariamente inviato da BabboNapoli
Perche bisogna fixxarlo??

leggi il post di amvinfe che ho linkato qui sopra...

in ogni caso le voci F2 che danno un argomento per userinit sono quasi sempre dannose.

[BabboNapoli]

Grazie

[Habanero]

prego