www.MegaLab.it

da **raimondoi.** » lun set 15, 2008 7:56 pm

modalità provvisoria disattivata; scansione con avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\DOCUME~1\Raimondo\DATIAP~1\cisvc.exe" deleted successfully.
File "C:\DOCUME~1\Raimondo\IMPOST~1\Temp\logman.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\qoMdARKD.dll" not found!
Deletion of file "C:\WINDOWS\system32\qoMdARKD.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "c:\documents and settings\raimondo\impostazioni locali\dati applicazioni\mewqwkw.exe" not found!
Deletion of file "c:\documents and settings\raimondo\impostazioni locali\dati applicazioni\mewqwkw.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

File "C:\WINDOWS\System\logman.exe" deleted successfully.
File "C:\WINDOWS\cisvc.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

con l'altro programma mi ha trovato un bagle e me lo ha cancellato ma non sono riuscito a trovare il log

scansione con HJK dopo tutto questo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.52.29, on 15/09/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\M-Audio Fast Track\GBInst.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Media Player\WMPNetwk.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\D-Link AirPlus\AirPlus.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\DOCUME~1\Raimondo\IMPOST~1\Temp\logman.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {183F9DAE-C0B1-422C-8489-0C77AEAB522E} - C:\WINDOWS\system32\qoMdARKD.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mewqwkw] "c:\documents and settings\raimondo\impostazioni locali\dati applicazioni\mewqwkw.exe" mewqwkw
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\Raimondo\DATIAP~1\cisvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\WINDOWS\System\logman.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\cisvc.exe /waitservice (User 'Default user')
O4 - S-1-5-18 Startup: Bat - Auto Update.lnk = C:\Programmi\Bat\Bat.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Logitech . Registrazione prodotti.lnk = C:\Programmi\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Bat - Auto Update.lnk = C:\Programmi\Bat\Bat.exe (User 'Default user')
O4 - .DEFAULT Startup: Logitech . Registrazione prodotti.lnk = C:\Programmi\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Programmi\Bat\Bat.exe
O4 - Startup: Logitech . Registrazione prodotti.lnk = C:\Programmi\Logitech\QuickCam\eReg.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://raimondothebest.spaces.live.com/ ... nPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtqrrRh - awtqrrRh.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Programmi\M-Audio Fast Track\GBInst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9452 bytes

oltre alla modalità provvisoria i problemi sono all'avvio: si blocca explorer.exe (sono costretto a cancellarlo e riattivarlo con il task manger) mi da 2 3 avvisi circa un file che non riesce a trovare (log.. qualcosa) tra poco vi faccio sapere con precisione!!

P.S. grazie a tutti quelli che mi stanno dando una mano

da **Amantide** » lun set 15, 2008 8:09 pm

Si vede che ha eliminato una parte di Bagle, ora nel log si vede un file che di norma dovrebbe essere invisibile.
Mentre esamino il log e preparo nuovo script per Avenger controllo se riesci ad avviare ora il ComboFix.

da **Amantide** » lun set 15, 2008 8:23 pm

Questo è lo script che devi eseguire:

Codice: Seleziona tutto: Files to delete: C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\wintems.exe C:\windows\system32\drivers\hldrrr.exe C:\WINDOWS\system32\mdelk.exe C:\WINDOWS\system32\drivers\mdelk.exe C:\windows\system32\hldrrr.exe C:\DOCUME~1\Raimondo\IMPOST~1\Temp\logman.exe c:\documents and settings\raimondo\impostazioni locali\dati applicazioni\mewqwkw.exe C:\DOCUME~1\Raimondo\DATIAP~1\cisvc.exe C:\WINDOWS\System\logman.exe C:\WINDOWS\cisvc.exe Folders to delete: C:\WINDOWS\system32\drivers\downld %UserProfile%\Dati applicazioni\m Registry keys to delete: HKLM\SYSTEM\CurrentControlSet\Services\srosa HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Dopo rifai la scansione con Hijackthis, spunta le voci che ho evidenziato con il rosso nel tuo log e clicca su Fix checked.

Purtroppo nel pc si cela qualche file che ricrea i file che ti ho già fatto rimuovere prima. Vedi se ora riesci ad eseguire la scansione con ComboFix altrimenti prova a fare la scansione con Kaspersky online ed allega qui il report della scansione.

da **raimondoi.** » mar set 16, 2008 12:42 pm

ok all'avvio tutto perfetto grz mille

Io per difendermi uso "All attivo" (cioè con protezione in tempo reale) spyware doctor però quello senza antivirus. Basta? Nel caso mi consigliate un programma che però non entri in conflitto con quest'ultimo?

da **Amantide** » mar set 16, 2008 1:07 pm

Hai eseguito Avenger? Puoi postare per favore il suo report?
Non mi piace lasciare un lavoro a metà senza essere sicura di aver risolto al 100% [:)]

ComboFix invece? L'hai usato?

E già che ci sono, puoi postare anche il nuovo log di Hijackthis?

Edit:
Per quanto riguarda la protezione del pc. A me personalmente Spyware Doctor non piace molto, però ABBINATO ad un buon antivirus può anche starci. Come antivirus ti consiglio Avira Antivir, ottimo e gratuito nella versione base. Dopo che lo avrai installato esegui anche la scansione completa del sistema.

da **raimondoi.** » mar set 16, 2008 8:16 pm

Combofix non vuole sapere di partire anzi quando lo apro mi esce l'icona di spyware doctor che avvisa che un virus ad alto rischio sta cercando di entrare nel sistema (lo fa a volte si a volte no).

Il report di avenger l'ho cancellato, ho rieseguito lo script e nel nuovo report mi dice che i file da cancellare non esistono.

Questo il report di HJK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.13.09, on 16/09/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\M-Audio Fast Track\GBInst.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: Logitech . Registrazione prodotti.lnk = C:\Programmi\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Registrazione prodotti.lnk = C:\Programmi\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Registrazione prodotti.lnk = C:\Programmi\Logitech\QuickCam\eReg.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://raimondothebest.spaces.live.com/ ... nPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Programmi\M-Audio Fast Track\GBInst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8568 bytes

da **Amantide** » mar set 16, 2008 8:25 pm

Ok, il log ora è pulito [^]

A questo punto ti direi di installare un antivirus ed eseguire la scansione completa per rimuovere gli eventuali residui.

da **raimondoi.** » mar set 16, 2008 9:01 pm

Amantide grazie di tutto sei stata davvero fantastica oltre che paziente, devo dire che questa lezione mi è proprio servita. Da oggi in poi starò più attento a quello che scarico dal mulo!!!!!

da **Amantide** » mar set 16, 2008 9:07 pm

Spero di rivederti su nostro forum [;)]

... ma magari nelle altre sezioni [sh]

da **ares84** » sab ott 18, 2008 6:30 pm

Salve a tutti avrei una domanda,
la seguente voce :
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

è un file di beagle o comunque una voce da eliminare?

da **ste_95** » sab ott 18, 2008 6:38 pm

E' una voce legittima di Windows, che permette la registrazione degli errori del sistema.

http://www.processlibrary.com/it/direct ... es/dumprep

da **ares84** » sab ott 18, 2008 6:44 pm

ok grazie mille [^]

siccome poi era sparita avevo il dubbio ma ora è tutto chiaro

www.MegaLab.it

possibile bagle- connessione disattivata

Re: possibile bagle- connessione disattivata

Re: possibile bagle- connessione disattivata

Re: possibile bagle- connessione disattivata

Re: possibile bagle- connessione disattivata

Re: possibile bagle- connessione disattivata

Re: possibile bagle- connessione disattivata

Re: possibile bagle- connessione disattivata

Re: possibile bagle- connessione disattivata

Re: possibile bagle- connessione disattivata

Re: possibile bagle- connessione disattivata

Re: possibile bagle- connessione disattivata

Re: possibile bagle- connessione disattivata

Chi c’è in linea