www.MegaLab.it

da **ste_95** » mar mar 25, 2008 7:41 pm

Le indicazioni le hai seguite?

da **tomele** » mar mar 25, 2008 7:49 pm

si

da **ste_95** » mar mar 25, 2008 7:54 pm

Puoi postare il log di Avenger?

da **mino** » sab mar 29, 2008 3:55 am

sono un nuovo iscritto al forum....SALVE!
mi trovo in difficolta' aiutatemi vi prego....grazie!
anche io vittima di instant access...
seguendo le istruzioni ho trovato questa lista:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3.39.15, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\etlisrv.exe
C:\WINDOWS\LogWatNT.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\TNGRCO\RCOService.exe
C:\Programmi\TNGSD\BIN\SDSERV.EXE
C:\Programmi\TNGRCO\rp32u.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TNGSD\BIN\TRIGGAG.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmi\TNGSD\BIN\triggusr.exe
C:\WINDOWS\PASSWORD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\A691283\Documenti\Rossella\Msn\MessengerSkinner\MessengerSkinner.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\etlitr50.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PASSWOR] C:\WINDOWS\PASSWORD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programmi\ICQ\NDetect.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Entrust/Direct Recovery] "C:\Programmi\Entrust\Direct Intranet\etdirrcv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [messengerskinner] D:\Documents and Settings\A691283\Documenti\Rossella\Msn\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe
O8 - Extra context menu item: &Search - ?p=ZSzed001YYIT_ZS
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?5394d24f49ec433eb4f0d75fabf05c9c
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?5394d24f49ec433eb4f0d75fabf05c9c
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://E:\install\authorware\awswaxf.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pitipekkia.spaces.msn.com//Photo ... nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/it/it/importer/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pitipekkia.spaces.live.com/Photo ... nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://es6-scripts.dlv4.com/binaries/eg ... _em_XP.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = risorse.enel
O17 - HKLM\Software\..\Telephony: DomainName = risorse.enel
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FF0BDC9-33B4-41AB-AB0B-C3A5B47B2434}: Domain = risorse.enel
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5FD024-F3D9-4053-8124-B1A2802256F0}: NameServer = 85.37.17.11 85.38.28.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = risorse.enel
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Entrust Login Interface (ELIService) - Entrust(R) - C:\WINDOWS\etlisrv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\PROGRA~1\NavNT\rtvscan.exe (file missing)
O23 - Service: Unicenter TNG RCO (RCOService) - Computer Associates International, Inc. - C:\Programmi\TNGRCO\RCOService.exe
O23 - Service: Unicenter TNG Software Delivery Option (SDService) - Computer Accociates, Intl Inc. - C:\Programmi\TNGSD\BIN\SDSERV.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 9465 bytes

adesso....cosa devo fare???
spero mi rispondiate al piu' presto ancora grazie! [cry]

da **ste_95** » sab mar 29, 2008 7:12 am

Ci sono alcune cose delle quali non ho trovato informazioni chiare in rete. MessengerSkinner lo hai installato tu?

Fai scansionare il file C:\WINDOWS\PASSWORD.EXE su Virustotal.com e riportane qui i risultati.

Poi in HijackThis rifai la scansione, seleziona a sinistra queste voci e premi in basso il pulsante Fix Checked:

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res
O8 - Extra context menu item: &Search - ?p=ZSzed001YYIT_ZS
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://es6-scripts.dlv4.com/binaries/eg ... _em_XP.cab

Adesso, scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto: Files to delete: C:\WINDOWS\system32\nsinet.exe

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

da **mino** » sab mar 29, 2008 3:23 pm

probabilmente messenger skinner e' stato installato da mia sorella.....

i risultati di virustotal.com sono:
Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 2008.3.29.0 2008.03.29 -
AntiVir 7.6.0.78 2008.03.28 -
Authentium 4.93.8 2008.03.29 -
Avast 4.7.1098.0 2008.03.28 -
AVG 7.5.0.516 2008.03.28 -
BitDefender 7.2 2008.03.29 -
CAT-QuickHeal 9.50 2008.03.28 -
ClamAV 0.92.1 2008.03.29 -
DrWeb 4.44.0.09170 2008.03.29 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5653 2008.03.29 -
Ewido 4.0 2008.03.29 -
F-Prot 4.4.2.54 2008.03.28 -
F-Secure 6.70.13260.0 2008.03.29 -
FileAdvisor 1 2008.03.29 -
Fortinet 3.14.0.0 2008.03.29 -
Ikarus T3.1.1.20 2008.03.29 -
Kaspersky 7.0.0.125 2008.03.29 -
McAfee 5262 2008.03.28 -
Microsoft 1.3301 2008.03.28 -
NOD32v2 2983 2008.03.29 -
Norman 5.80.02 2008.03.28 -
Panda 9.0.0.4 2008.03.29 -
Prevx1 V2 2008.03.29 -
Rising 20.37.51.00 2008.03.29 -
Sophos 4.28.0 2008.03.29 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.29 -
TheHacker 6.2.92.258 2008.03.29 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.28 -
Webwasher-Gateway 6.6.2 2008.03.29 -
Informazioni addizionali
File size: 65536 bytes
MD5: b3f391ca354459ad34ead15719559b3e
SHA1: d5ba87f8e4c504674a1e3cc3bf33224f5b24264e
PEiD: Armadillo v1.71

penso nn ci siano problemi mi dice 0%....

con hijackthis ho fatto come mi hai detto...

ho scaricato avenger, solo nn so' quali percorsi da correggere devo scrivere all'interno del blocco note di findAWF

nn vorrei fare qualche guaio....

se potresti dimmi l'iter che devo seguire,scarico file e controfile ma sinceramente ancora devo ben capire cosa sto' facendo [rolleyes]

grazie a presto

da **mino** » sab mar 29, 2008 3:25 pm

chiedo scusa per il se potresti.....
insomma era potresti dirmi..... [:-H]

da **ste_95** » sab mar 29, 2008 3:39 pm

Allora:

I risultati di Avenger?
Prima di creare altri script, posta il resoconto della scansione con FindAWF.

da **mino** » sab mar 29, 2008 3:45 pm

i risultati sono:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\nsinet.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

da **mino** » sab mar 29, 2008 3:47 pm

perdonami ma trovo molta difficolta' a capire quello che devo fare...tipo....postare cosa significa?!!??! [:-H]

da **ste_95** » sab mar 29, 2008 3:52 pm

Il post è il messaggio. Quindi scrivi in un messaggio il log di FindAWF.

da **mino** » sab mar 29, 2008 4:00 pm

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

ora???

da **ste_95** » sab mar 29, 2008 4:21 pm

Posta un nuovo log di hijackthis.

da **mino** » sab mar 29, 2008 5:44 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.46.43, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\etlisrv.exe
C:\WINDOWS\LogWatNT.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\TNGRCO\RCOService.exe
C:\Programmi\TNGRCO\rp32u.exe
C:\Programmi\TNGSD\BIN\SDSERV.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TNGSD\BIN\TRIGGAG.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmi\TNGSD\BIN\triggusr.exe
C:\WINDOWS\PASSWORD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\A691283\Documenti\Rossella\Msn\MessengerSkinner\MessengerSkinner.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\etlitr50.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmi\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PASSWOR] C:\WINDOWS\PASSWORD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programmi\ICQ\NDetect.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Entrust/Direct Recovery] "C:\Programmi\Entrust\Direct Intranet\etdirrcv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [messengerskinner] D:\Documents and Settings\A691283\Documenti\Rossella\Msn\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?5394d24f49ec433eb4f0d75fabf05c9c
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?5394d24f49ec433eb4f0d75fabf05c9c
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://E:\install\authorware\awswaxf.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pitipekkia.spaces.msn.com//Photo ... nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/it/it/importer/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pitipekkia.spaces.live.com/Photo ... nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = risorse.enel
O17 - HKLM\Software\..\Telephony: DomainName = risorse.enel
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FF0BDC9-33B4-41AB-AB0B-C3A5B47B2434}: Domain = risorse.enel
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5FD024-F3D9-4053-8124-B1A2802256F0}: NameServer = 85.37.17.11 85.38.28.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = risorse.enel
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Entrust Login Interface (ELIService) - Entrust(R) - C:\WINDOWS\etlisrv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\PROGRA~1\NavNT\rtvscan.exe (file missing)
O23 - Service: Unicenter TNG RCO (RCOService) - Computer Associates International, Inc. - C:\Programmi\TNGRCO\RCOService.exe
O23 - Service: Unicenter TNG Software Delivery Option (SDService) - Computer Accociates, Intl Inc. - C:\Programmi\TNGSD\BIN\SDSERV.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8997 bytes

da **ste_95** » sab mar 29, 2008 5:45 pm

Sembra tutto a posto, puoi confermarlo?

da **mino** » sab mar 29, 2008 5:48 pm

ora cosa devo fare?

da **ste_95** » sab mar 29, 2008 5:53 pm

Hai ancora problemi?

da **mino** » sab mar 29, 2008 6:30 pm

sembrerebbe di no!!!
grazie

mi rifaccio vivo io se si dovesse riverificare

da **mino** » sab mar 29, 2008 6:34 pm

solo vorrei sapere come posso disinstallarlo dalle applicazioni perche' e' rimasto li'
grazie!

da **mino** » sab mar 29, 2008 6:35 pm

faccio rimuovi e si apre la pagina di internet explorer bianca

www.MegaLab.it

dialer.instant_access

Chi c’è in linea