Importante Richiesta controllo Logfile of HijackThis

Grazie per il controllo.


Scan saved at 11.39.35, on 18/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\xfreeqbwtb.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\dllhst3g.exe
C:\PROGRA~1\ALICET~1\SMARTB~2\MotiveSB.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAP\DAP.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqbam08.exe
C:\PROGRA~1\Motive\ASSTCO~2\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\TEMP\xfreeqbwtb.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyB1.dll
R3 - URLSearchHook: (no name) - {6b284373-1765-4464-a587-80fbc2b2eefa} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\System32\drivers\dllhst3g.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyB1.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyB1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~2\MotiveSB.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\PRINCI~1\IMPOST~1\Temp\clipsrv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\cisvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\PRINCI~1\DATIAP~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\MICROS~1\esentutl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\cmstp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\WINDOWS\comrepl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\PRINCI~1\DATIAP~1\logman.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\PRINCI~1\DATIAP~1\mstinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\PRINCI~1\IMPOST~1\Temp\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\PRINCI~1\DATIAP~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\MICROS~1\dllhst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\cisvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\System\dllhst3g.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\System\dllhst3g.exe /waitservice (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175531651906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1203068457796
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12EBA2A6-A1A0-4382-A777-2E0ED5954039}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Lavasoft Ad-Aware Service aawserviceaawserviceaawserviceAlerter (aawserviceaawserviceaawserviceAlerter) - Unknown owner - C:\WINDOWS\TEMP\xfreeqbwtb.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c989cf8c11986e) (gupdate1c989cf8c11986e) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 16291 bytes
 
ci sono questi due che non mi convincono:

C:\WINDOWS\TEMP\xfreeqbwtb.exe

O23 - Service: Lavasoft Ad-Aware Service aawserviceaawserviceaawserviceAlerter (aawserviceaawserviceaawserviceAlerter) - Unknown owner - C:\WINDOWS\TEMP\xfreeqbwtb.exe

(usi Ad-Aware ? strano quel path)

e poi vedo questo:

C:\WINDOWS\System32\drivers\dllhst3g.exe

per caso possiedi o hai utilizzato un modem/chiavetta/telefono della 3 ? :eusa_think:
 
file sconosciuti:
C:\WINDOWS\TEMP\xfreeqbwtb.exe
C:\WINDOWS\System32\drivers\dllhst3g.exe
F3 - REG:win.ini: load=C:\WINDOWS\System32\drivers\dllhst3g.exe

da cancellare:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

sospetti:
O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\cisvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\PRINCI~1\DATIAP~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\MICROS~1\ese ntutl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\cmstp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\WINDOWS\comrepl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\PRINCI~1\DATIAP~1\logman.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\PRINCI~1\DATIAP~1\mstinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice
04 - HKLM\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\PRINCI~1\IMPOST~1\Temp\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\MICROS~1\dll hst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\cisvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
04 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\System\dllhst3g.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\System\dllhst3g.exe /waitservice (User 'Default user')
Ciao
ps: questo è il link dove puoi verificare di persona.
http://hijackthis.de/
Ciao

Scusa ANDREMALES non mi sono accorto del tuo post.
 
Ultima modifica:
ANDREMALES ha scritto:
ci sono questi due che non mi convincono:

C:\WINDOWS\TEMP\xfreeqbwtb.exe

O23 - Service: Lavasoft Ad-Aware Service aawserviceaawserviceaawserviceAlerter (aawserviceaawserviceaawserviceAlerter) - Unknown owner - C:\WINDOWS\TEMP\xfreeqbwtb.exe

(usi Ad-Aware ? strano quel path)

e poi vedo questo:

C:\WINDOWS\System32\drivers\dllhst3g.exe

per caso possiedi o hai utilizzato un modem/chiavetta/telefono della 3 ? :eusa_think:
Clicca per espandere...

uso ad aware
non ho mai usato un moden o chiavetta usb della 3g
 
mi sono confuso vedendo che lo aveva messo tra i drivers, comunque dllhst3g.exe è un componente di windows, non c'entra nulla con i modem della 3 :D

Togli le voci indicate da bz54, disinstalla az-aware e fai di nuovo la scansione con hijackThis, verificando che la voce:

C:\WINDOWS\TEMP\xfreeqbwtb.exe

venga rimossa. Se non viene rimossa, rimuovila a mano poi reinstalla (se lo usi) ad-aware: se non ricordo male, in fase di installazione Ad-aware chiede se si vuole installare un servizio, tu rispondi di no.

Per avere un maggiore controllo sulla propria macchina consiglio (a te e agli altri) di installare Startup Inspector & Startup Monitor, che danno modo di controllare che cosa parte in automatico sul proprio PC, e che cosa viene scritto (senza che ce ne accorgiamo) nel registro di windows. Grazie a questi tool si può eliminare un sacco di "spazzatura" inutile che parte in automatico con windows, rallentando il PC.

(sito internet di windows startup)
 
nuovo logfile per controllo

Scan saved at 17.46.48, on 20/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\xfreeqbwtb.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\dllhst3g.exe
C:\PROGRA~1\ALICET~1\SMARTB~2\MotiveSB.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAP\DAP.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqbam08.exe
C:\PROGRA~1\Motive\ASSTCO~2\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyB1.dll
R3 - URLSearchHook: (no name) - {6b284373-1765-4464-a587-80fbc2b2eefa} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\System32\drivers\dllhst3g.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyB1.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmi\myBabylon_English\tbmyB1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~2\MotiveSB.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\PRINCI~1\IMPOST~1\Temp\clipsrv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\cisvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\PRINCI~1\DATIAP~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\MICROS~1\esentutl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\cmstp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\WINDOWS\comrepl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\logman.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\PRINCI~1\DATIAP~1\mstinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\PRINCI~1\IMPOST~1\Temp\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\PRINCI~1\DATIAP~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\MICROS~1\dllhst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\cisvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\System\dllhst3g.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\System\dllhst3g.exe /waitservice (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175531651906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1203068457796
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12EBA2A6-A1A0-4382-A777-2E0ED5954039}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Lavasoft Ad-Aware Service aawserviceaawserviceaawserviceAlerter (aawserviceaawserviceaawserviceAlerter) - Unknown owner - C:\WINDOWS\TEMP\xfreeqbwtb.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c989cf8c11986e) (gupdate1c989cf8c11986e) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 15870 bytes
 
mi sembra di vedere le stesse segnalazioni del log precedente.
E' lo stesso PC ?
c'è il servizio di Lavasoft ad-aware che viene segnalato

C:\WINDOWS\TEMP\xfreeqbwtb.exe


O23 - Service: Lavasoft Ad-Aware Service aawserviceaawserviceaawserviceAlerter (aawserviceaawserviceaawserviceAlerter) - Unknown owner - C:\WINDOWS\TEMP\xfreeqbwtb.exe
 
Ma hai cancellato i file che ti ho elencato?
Il file dllhst3g.exe se fai una ricerca con google, è segnalato come virus (Trojan.win32.agent.bxs) nome file mstinit.exe.
Il Trojan.Win32.Agent.BXS si distingue per l'elevato numero di repliche che sparge per il computer e contemporaneamente inserisce in esecuzione automatica.

DETTAGLI TECNICI:

Nome file: mstinit.exe

(O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\PRINCI~1\DATIAP~1\mstinit.exe /waitservice)

Nomi Repliche: dllhst3g.exe, esentutl.exe, rsvp.exe, mstsc.exe

Dimensione: 76,0 KB (77.824 byte)

Compressione: N/S - Compilato in Microsoft Visual C++ ver. 7.x ( v7.10 )

Le Repliche verranno installate in:

%USERPROFILE%\Dati applicazioni\dllhst3g.exe

%USERPROFILE%\Dati applicazioni\mstsc.exe

%USERPROFILE%\Dati applicazioni\Microsoft\esentutl.exe

%SYSTEMROOT%\system\rsvp.exe

Le chiavi di registro utilizzate variano a seconda delle repliche. Verrano elencate di seguito:

* dllhst3g.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]

Stringa "DllHst"="%USERPROFILE%\Dati applicazioni\dllhst3g.exe /waitservice"



* esentutl.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]

Stringa "load"="%USERPROFILE%\Dati applicazioni\Microsoft\esentutl.exe"



* rsvp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

Stringa "rsvp"="%SYSTEMROOT%\System\rsvp.exe /waitservice"



* mstsc.exe

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]

Stringa "Mstsc"="%USERPROFILE%\Dati applicazioni\mstsc.exe /waitservice"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]

Stringa "Mstsc"="%USERPROFILE%\Dati applicazioni\mstsc.exe /waitservice"

Il processo in esecuzione (uno tra le repliche installate) provvederà a contattare alcuni indirizzi ip (ad esempio 64.56.70.138 o 195.210.87.131), utilizzando la porta standard HTTP 80, da quali scaricherà il file gbal01.exe, installandolo in %USERPROFILE%\Impostazioni Locali\Temp\~tmp\gbal01\e rinominandolo in spoolsv.exe

Informazione file

Nome: gbal01.exe, spoolsv.exe

Size: 223 KB (228.352 byte) compresso, 492 KB (503.808 byte) decompresso, ratio: 45.33%
descrizione: TODO: File description
Compagnia: TODO: CompanyName
Copyright: TODO: (c) Company name. All rights reserved.
Versione: 1.0.0.1
Compressione: UPX -> Markus & Laszlo ver. [ 3.03 ] <- info from file

APPROFONDIMENTI

* esentutl.exe: È possibile utilizzare lo strumento Esentutl.exe per gestire un database di CA di Windows Server 2003. Per ulteriori informazioni visitare http://support.microsoft.com/kb/930832/it
* mstsc.exe: Permette di creare connessioni verso un Desktop remoto. Per ulteriori informazioni consultare l'articolo, disponibile solo in lingua inglese, sul sito Microsoft.com
* rsvp.exe: il processo rsvp.exe corrisponde al componente per la QoS (Quality of Service, Qualità di Servizio) del protocollo RSVP
* dllhst3g.exe: si trova generalmente in %SYSTEMROOT%\System32 ed è il processo per il Microsoft COM Surrogate

Ciao
 
Ultima modifica:
Ah devi mettermi il n°del file in modo che lo spunto per la eliminazione. Se ho capito bene è lo 023.............OK?
 
Ciao, hijackthis indica che i file sottoelencati sono da eliminare:

C:\WINDOWS\TEMP\xfreeqbwtb.exe
C:\WINDOWS\System32\drivers\dllhst3g.exe
03 - REG:win.ini: load=C:\WINDOWS\System32\drivers\dllhst3g.exe
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\PRINCI~1\DATIAP~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\MICROS~1\ese ntutl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\cmstp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\WINDOWS\comrepl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\logman.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\PRINCI~1\DATIAP~1\mstinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\PRINCI~1\IMPOST~1\Temp\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\PRINCI~1\DATIAP~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\MICROS~1\dll hst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\cisvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\System\dllhst3g.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\System\dllhst3g.exe /waitservice (User 'Default user')
O23 - Service: Lavasoft Ad-Aware Service aawserviceaawserviceaawserviceAlerter (aawserviceaawserviceaawserviceAlerter) - Unknown owner - C:\WINDOWS\TEMP\xfreeqbwtb.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe

p.s.: in alternativa potresti usare COMBOFIX link, e manuale d'uso.
 
bz54 ha scritto:
Ciao, hijackthis indica che i file sottoelencati sono da eliminare:

C:\WINDOWS\TEMP\xfreeqbwtb.exe
C:\WINDOWS\System32\drivers\dllhst3g.exe
03 - REG:win.ini: load=C:\WINDOWS\System32\drivers\dllhst3g.exe
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\PRINCI~1\DATIAP~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\MICROS~1\ese ntutl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\cmstp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\WINDOWS\comrepl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\logman.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\PRINCI~1\DATIAP~1\mstinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\PRINCI~1\IMPOST~1\Temp\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\PRINCI~1\DATIAP~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\MICROS~1\dll hst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\cisvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\System\dllhst3g.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\System\dllhst3g.exe /waitservice (User 'Default user')
O23 - Service: Lavasoft Ad-Aware Service aawserviceaawserviceaawserviceAlerter (aawserviceaawserviceaawserviceAlerter) - Unknown owner - C:\WINDOWS\TEMP\xfreeqbwtb.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe

p.s.: in alternativa potresti usare COMBOFIX link, e manuale d'uso.
Clicca per espandere...

Allora siamo sicuri che tutti quelli elencati sono da cancellare??
Procedo
 
andiamoci piano ragazzi, perchè le segnalazioni di HijackThis vanno anche un attimo interpretate. Anche l'analizzatore automatico di log -che pure io spesso uso- va usato con "senso critico".
Il file dllhs3g è un componente di windows, come già detto, che può essere infettato oppure no; esistono parecchi metodi per valutarne la autenticità: il migliore di tutti è farne una scansione con un tool, oppure verificandone le proprietà, l'autore, le dimensioni, la versione e via dicendo.
Anche process explorer del quale parlo qui può aiutarti a capire quali sono i processi anomali (virus) che stanno girando sul tuo PC.
Analoga cosa per le altre voci segnalate da bz54: eliminale solo se hai la possibilità di fare un ripristino della situazione precedente, in modo da poter tornare indietro in caso di situazione anomala).
 
ANDREMALES ha scritto:
andiamoci piano ragazzi, perchè le segnalazioni di HijackThis vanno anche un attimo interpretate. Anche l'analizzatore automatico di log -che pure io spesso uso- va usato con "senso critico".
Il file dllhs3g è un componente di windows, come già detto, che può essere infettato oppure no; esistono parecchi metodi per valutarne la autenticità: il migliore di tutti è farne una scansione con un tool, oppure verificandone le proprietà, l'autore, le dimensioni, la versione e via dicendo.
Anche process explorer del quale parlo qui può aiutarti a capire quali sono i processi anomali (virus) che stanno girando sul tuo PC.
Analoga cosa per le altre voci segnalate da bz54: eliminale solo se hai la possibilità di fare un ripristino della situazione precedente, in modo da poter tornare indietro in caso di situazione anomala).
Clicca per espandere...

OK. Non ho fatto nulla se non togliere quei file che erano da cancellare. I file definiti sospetti li ho lasciati, perchè non ho al momento possibilità di recuperarli in caso di errore.
Il pc al momento funziona normalmente.
Ciao e grazie
 
ANDREMALES ha scritto:
andiamoci piano ragazzi, perchè le segnalazioni di HijackThis vanno anche un attimo interpretate. Anche l'analizzatore automatico di log -che pure io spesso uso- va usato con "senso critico".
Il file dllhs3g è un componente di windows, come già detto, che può essere infettato oppure no; esistono parecchi metodi per valutarne la autenticità: il migliore di tutti è farne una scansione con un tool, oppure verificandone le proprietà, l'autore, le dimensioni, la versione e via dicendo.
Anche process explorer del quale parlo qui può aiutarti a capire quali sono i processi anomali (virus) che stanno girando sul tuo PC.
Analoga cosa per le altre voci segnalate da bz54: eliminale solo se hai la possibilità di fare un ripristino della situazione precedente, in modo da poter tornare indietro in caso di situazione anomala).
Clicca per espandere...

Scusami se insisto, non per polemizzare ma desidero apprendere, come mai nel mio windows i file sono presenti solo in c:\windows\system32, mentre in quello di lucchini01 sono in C:\docume~1.......

esempio:
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\PRINCI~1\DATIAP~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\logman.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\PRINCI~1\DATIAP~1\mstinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\PRINCI~1\IMPOST~1\Temp\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\PRINCI~1\DATIAP~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Documents and Settings\principale\LOCALS~1\APPLIC~1\MICROS~1\dll hst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\PRINCI~1\DATIAP~1\MICROS~1\cisvc.exe /waitservice
Ciao
 
Ultima modifica:
nuovo logfile per controllo

Un grazie a chi mi controllerà il logfile
saluti
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.43.08, on 22/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ElsaWin\bin\VSgate.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comune.novara.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA5ADA5B-245B-4C75-AB22-920A53E12F64}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiProt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servizio di Google Update (gupdate1c993817f97f860) (gupdate1c993817f97f860) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ELSA Vaudis Service (VSGate) - Volkswagen AG - C:\ElsaWin\bin\VSgate.exe

--
End of file - 6745 bytes
 
Devi accedere o registrarti per poter rispondere.
Indietro
Alto Basso