Cambio index !!!!!

**vannicv** · 23-07-2004, 15:28

Basta !!!!!!!!!!!!!!

Mi sono rotto le @@......

Scusate la mia rabbia ma ogni volta che accendo il portatile mi cambia la index e poi ( Mi si aprono 1000 Pop Up)

Chiedo Aiuto posto il testo di Hijackthis.log

Logfile of HijackThis v1.97.7
Scan saved at 15.24.51, on 23/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
C:\PROGRAMMI\TREND PC-CILLIN 7\PCCIOMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\LTSMMSG.EXE
C:\PROGRAMMI\ACER\POWERKEY\POWERKEY.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\PROGRAMMI\TREND PC-CILLIN 7\POP3TRAP.EXE
C:\PROGRAMMI\TREND PC-CILLIN 7\WEBTRAP.EXE
C:\WINDOWS\ACER\SNAPSHOT\ACERTMB.EXE
C:\PROGRAMMI\SLEEP MANAGER\SLEEPMGR.EXE
C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\KEYMAP.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAMMI\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\WINDOWS\ACER\SNAPSHOT\ASPIRETM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sexkot.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sexkot.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sexkot.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?toaqy (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://thenewsearch.com/thenewsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://line-plus.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html
O1 - Hosts: 1089288654 auto.search.msn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {E8B1F94E-93AE-11D8-BECF-0000BA635E78} - C:\WINDOWS\SYSTEM\PIHHAIA.DLL (file missing)
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\SYSTEM\WER1306.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [AcerPowerkey] "C:\Programmi\Acer\Powerkey\Powerkey.exe"
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Programmi\Trend PC-cillin 7\PCCIOMON.EXE"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Programmi\Trend PC-cillin 7\pop3trap.exe"
O4 - HKLM\..\Run: [WebTrap.exe] "C:\Programmi\Trend PC-cillin 7\WebTrap.exe"
O4 - HKLM\..\Run: [AspireTimeMachine] c:\windows\acer\snapshot\acertmb.exe
O4 - HKLM\..\Run: [SleepManager] "C:\Programmi\Sleep Manager\SleepMgr.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KEYMAP] C:\WINDOWS\SYSTEM\Keymap.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O4 - HKLM\..\Run: [sys] regedit /s sys.reg
O4 - HKLM\..\Run: [Ad-aware] C:\PROGRAMMI\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE +c
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Programmi\Trend PC-cillin 7\PCCIOMON.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe
O4 - HKCU\..\Run: [Disk Master] C:\windows\diskserv.exe
O4 - HKLM\..\RunOnce: [AspireTimeMachine] c:\windows\temp\wrestore.exe c:\windows\temp\wrestdat
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O13 - DefaultPrefix: http://line-plus.com/p/
O13 - WWW Prefix: http://line-plus.com/p/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.c...ll/Xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...105.3775578704
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O16 - DPF: {11111111-1111-1111-1111-111111111171} - ms-its:mhtml:file://c:\\nosuch.mht!http://line-plus.com/newhelp.chm::/newhelp.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.250/howtosearch.chm...rchinfoxyz.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file...CallButton.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = edisontel
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 62.94.0.1,62.94.0.2
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)

**vannicv** · 23-07-2004, 16:58

Scusate....

Mi sono dimenticato di Dire:
Ho instllato 2 antivirus aggiornati
Ho eseguito la scansione online
Ho installato Ad-aware

Adesso ho sono alle strette

Ma mi compare sempre www.sexkot.com

**amvinfe** · 24-07-2004, 01:08

Scarica da -links utili- in Rilievo la versione 1.98 di HijackThis metti l'eseguibile all'interno di una nuova cartella , fai lo scan e posta un nuovo log.

**vannicv** · 26-07-2004, 08:20

Grazie del tuo aiuto Amvinfe!!!!!

Posto il nuovo log

Logfile of HijackThis v1.98.0
Scan saved at 8.14.59, on 26/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
C:\PROGRAMMI\TREND PC-CILLIN 7\PCCIOMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\LTSMMSG.EXE
C:\PROGRAMMI\ACER\POWERKEY\POWERKEY.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\PROGRAMMI\TREND PC-CILLIN 7\POP3TRAP.EXE
C:\PROGRAMMI\TREND PC-CILLIN 7\WEBTRAP.EXE
C:\WINDOWS\ACER\SNAPSHOT\ACERTMB.EXE
C:\PROGRAMMI\SLEEP MANAGER\SLEEPMGR.EXE
C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\KEYMAP.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAMMI\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMMI\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\WINDOWS\ACER\SNAPSHOT\ASPIRETM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\DESKTOP\NUOVA CARTELLA (3)\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?toaqy (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sexkot.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sexkot.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sexkot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://thenewsearch.com/thenewsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://zwyxxe.t.muxa.cc/h.php?aid=240 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 1089288654 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {E8B1F94E-93AE-11D8-BECF-0000BA635E78} - C:\WINDOWS\SYSTEM\PIHHAIA.DLL (file missing)
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\SYSTEM\WER1306.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [AcerPowerkey] "C:\Programmi\Acer\Powerkey\Powerkey.exe"
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Programmi\Trend PC-cillin 7\PCCIOMON.EXE"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Programmi\Trend PC-cillin 7\pop3trap.exe"
O4 - HKLM\..\Run: [WebTrap.exe] "C:\Programmi\Trend PC-cillin 7\WebTrap.exe"
O4 - HKLM\..\Run: [AspireTimeMachine] c:\windows\acer\snapshot\acertmb.exe
O4 - HKLM\..\Run: [SleepManager] "C:\Programmi\Sleep Manager\SleepMgr.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KEYMAP] C:\WINDOWS\SYSTEM\Keymap.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O4 - HKLM\..\Run: [sys] regedit /s sys.reg
O4 - HKLM\..\Run: [Ad-aware] C:\PROGRAMMI\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE +c
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Programmi\Trend PC-cillin 7\PCCIOMON.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunOnce: [AspireTimeMachine] c:\windows\temp\wrestore.exe c:\windows\temp\wrestdat
O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe
O4 - HKCU\..\Run: [Disk Master] C:\windows\diskserv.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/ente...secall_pre.php (file missing)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.c...ll/Xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file...CallButton.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = edisontel
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 62.94.0.1,62.94.0.2
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)

**amvinfe** · 26-07-2004, 11:03

Scaricati da -links utili- CWShredder.
Riavvia in modalità provvisoria, fai uno scan con HJT, metti la spunta al fianco dei seguenti valori e clicca su Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?toaqy (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sexkot.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sexkot.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sexkot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://thenewsearch.com/thenewsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://zwyxxe.t.muxa.cc/h.php?aid=240 (obfuscated)
O1 - Hosts: 1089288654 auto.search.msn.com
O2 - BHO: (no name) - {E8B1F94E-93AE-11D8-BECF-0000BA635E78} - C:\WINDOWS\SYSTEM\PIHHAIA.DLL (file missing)
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\SYSTEM\WER1306.DLL
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O4 - HKLM\..\Run: [sys] regedit /s sys.reg
O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe
O4 - HKCU\..\Run: [Disk Master] C:\windows\diskserv.exe
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)

sempre dalla provvisoria elimina i seguenti files:

C:\WINDOWS\SYSTEM\WER1306.DLL<===il file
C:\WINDOWS\SYSTEM\MSREXE.EXE<===il file
C:\WINDOWS\SYSTEM\winupd.exe<===il file
C:\windows\dxsound.exe<===il file
C:\windows\diskserv.exe <===il file

Apri CWShredder e clicca su Fix.

Riavvia e collegati subito facendo una scansione online eliminando tutto ciò che viene trovato collegandoti a questo url:
http://support.f-secure.com/enu/home/ols.shtml

Verifica d'avere l'antivirus aggiornato (e non credo perchè il tuo pc è infetto da due backdoor) e fai una nuova scansione.

Riavvia e posta un nuovo log di HJT.

**vannicv** · 26-07-2004, 15:49

Ps Faccio la scansione antivirus con Panda ogni 3/4 giorni e non mi ha segnalato Nessun VIRUS :master:

Un trojal non risco a eliminarlo e' questo: c--WINDOWS-Downloaded Program Files-msits.exe TrojanDownloader.Win32.Petrolin.a
nella cartella non si trova ma mi segnala il file????

Fatto tutto posto il log:

Logfile of HijackThis v1.98.0
Scan saved at 15.37.01, on 26/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
C:\PROGRAMMI\TREND PC-CILLIN 7\PCCIOMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\LTSMMSG.EXE
C:\PROGRAMMI\ACER\POWERKEY\POWERKEY.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\PROGRAMMI\TREND PC-CILLIN 7\POP3TRAP.EXE
C:\PROGRAMMI\TREND PC-CILLIN 7\WEBTRAP.EXE
C:\WINDOWS\ACER\SNAPSHOT\ACERTMB.EXE
C:\PROGRAMMI\SLEEP MANAGER\SLEEPMGR.EXE
C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\KEYMAP.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAMMI\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {E8B1F94E-93AE-11D8-BECF-0000BA635E78} - C:\WINDOWS\SYSTEM\PIHHAIA.DLL (file missing)
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\SYSTEM\WER1306.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [AcerPowerkey] "C:\Programmi\Acer\Powerkey\Powerkey.exe"
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Programmi\Trend PC-cillin 7\PCCIOMON.EXE"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Programmi\Trend PC-cillin 7\pop3trap.exe"
O4 - HKLM\..\Run: [WebTrap.exe] "C:\Programmi\Trend PC-cillin 7\WebTrap.exe"
O4 - HKLM\..\Run: [AspireTimeMachine] c:\windows\acer\snapshot\acertmb.exe
O4 - HKLM\..\Run: [SleepManager] "C:\Programmi\Sleep Manager\SleepMgr.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KEYMAP] C:\WINDOWS\SYSTEM\Keymap.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Ad-aware] C:\PROGRAMMI\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE +c
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Programmi\Trend PC-cillin 7\PCCIOMON.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe
O4 - HKCU\..\Run: [Disk Master] C:\windows\diskserv.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = edisontel
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 62.94.0.1,62.94.0.2

**amvinfe** · 26-07-2004, 16:50

Metti la nuova versione di HJT in una nuova cartella.

Le procedure di rimozione vanno fatte in modalità provvisoria!

Riavvia in modalità provvisoria, fai lo scan con HJT metti la spunta al fianco dei valori che riporto sotto, clicca su Fix checked

O2 - BHO: (no name) - {E8B1F94E-93AE-11D8-BECF-0000BA635E78} - C:\WINDOWS\SYSTEM\PIHHAIA.DLL (file missing)
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\SYSTEM\WER1306.DLL
O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe
O4 - HKCU\..\Run: [Disk Master] C:\windows\diskserv.exe

sempre dalla provvisoria cerca ed elimina se ancora presenti i files:

WER1306.DLL
dxsound.exe
diskserv.exe

Riavvia e posta un nuovo log di HJT

**vannicv** · 26-07-2004, 17:08

ok
cancellato

Ho riavviato sempre in modalità prov e posto il log.:

Logfile of HijackThis v1.98.0
Scan saved at 17.06.08, on 26/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [AcerPowerkey] "C:\Programmi\Acer\Powerkey\Powerkey.exe"
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Programmi\Trend PC-cillin 7\PCCIOMON.EXE"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Programmi\Trend PC-cillin 7\pop3trap.exe"
O4 - HKLM\..\Run: [WebTrap.exe] "C:\Programmi\Trend PC-cillin 7\WebTrap.exe"
O4 - HKLM\..\Run: [AspireTimeMachine] c:\windows\acer\snapshot\acertmb.exe
O4 - HKLM\..\Run: [SleepManager] "C:\Programmi\Sleep Manager\SleepMgr.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KEYMAP] C:\WINDOWS\SYSTEM\Keymap.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Ad-aware] C:\PROGRAMMI\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE +c
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Programmi\Trend PC-cillin 7\PCCIOMON.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = edisontel
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 62.94.0.1,62.94.0.2

**amvinfe** · 26-07-2004, 17:17

ma perchè non leggete mai con attenzione

l'eseguibile di HijackThis va messo all'interno di una nuova cartella, questo per permettere allo stesso programma durante una rimozione, di creare i files di backup necessari per un eventuale ripristino dei files cancellati qualora qualcosa andasse storto.

Poi la scansione con HJT, fatta dalla modalità provvisoria non serve a nulla, visto che in provvisoria vengono caricati solo i files necessari al sistema, non certo quelli collegati a viruses.

Posta per favore un log di HJT fatto dalla modalità normale.

**vannicv** · 26-07-2004, 17:45

Scusami ma avevo interpretato male !!!!!!

Posto il log:
Logfile of HijackThis v1.98.0
Scan saved at 17.42.05, on 26/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
C:\PROGRAMMI\TREND PC-CILLIN 7\PCCIOMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\LTSMMSG.EXE
C:\PROGRAMMI\ACER\POWERKEY\POWERKEY.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\PROGRAMMI\TREND PC-CILLIN 7\POP3TRAP.EXE
C:\PROGRAMMI\TREND PC-CILLIN 7\WEBTRAP.EXE
C:\WINDOWS\ACER\SNAPSHOT\ACERTMB.EXE
C:\PROGRAMMI\SLEEP MANAGER\SLEEPMGR.EXE
C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\KEYMAP.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAMMI\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\DESKTOP\NUOVA CARTELLA (4)\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [AcerPowerkey] "C:\Programmi\Acer\Powerkey\Powerkey.exe"
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Programmi\Trend PC-cillin 7\PCCIOMON.EXE"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Programmi\Trend PC-cillin 7\pop3trap.exe"
O4 - HKLM\..\Run: [WebTrap.exe] "C:\Programmi\Trend PC-cillin 7\WebTrap.exe"
O4 - HKLM\..\Run: [AspireTimeMachine] c:\windows\acer\snapshot\acertmb.exe
O4 - HKLM\..\Run: [SleepManager] "C:\Programmi\Sleep Manager\SleepMgr.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KEYMAP] C:\WINDOWS\SYSTEM\Keymap.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Programmi\Trend PC-cillin 7\PCCIOMON.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = edisontel
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 62.94.0.1,62.94.0.2

Discussione: Cambio index !!!!!

Strumenti discussione

Ricerca discussione

Visualizza

Cambio index !!!!!

ok

Permessi di invio