Go Back   Forum > Tecno-Cool > Hardware & Software

LOGIN

Register FAQ Live Now! Rules Live TV Arcade Search Today's Posts Mark Forums Read






× Notice: This forum is read-only.The content of the community may not be verified or updated. More info
Reply
 
Thread Tools Search this Thread Display Modes Translate
  #31  
Old 02-19-2007, 01:45 PM
ELJ ELJ is offline
Senior Member
 

Join Date: Apr 2006
Location: VALLI OLIMPICHE...TURIN
Posts: 2,032
ELJ is on a distinguished road
Exclamation

Logfile of HijackThis v1.99.1
Scan saved at 12.38.40, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\windows\system32\winlogon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\DOCUME~1\pippo\IMPOST~1\Temp\Rar$EX00.953\Hijac kThis.exe
C:\Documents and Settings\pippo\Desktop\cureit.exe
C:\DOCUME~1\pippo\IMPOST~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\pippo\IMPOST~1\Temp\RarSFX0\cureit.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\pippo\IMPOST~1\Temp\Rar$EX11.516\Hijac kThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8088
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IPPDetect] IPP4Detect.exe
O4 - HKLM\..\Run: [Smart Start UP] C:\Programmi\NewSoft\Smart Start UP\PnPDetect.exe /Automation
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [lsabdrcd] "c:\windows\system32\lsabdrcd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tzppdb.exe] C:\DOCUME~1\pippo\IMPOST~1\Temp\tzppdb.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programmi\IrfanView\Ebay\Ebay.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{F80DCE74-130A-47A2-BEB4-48C08875E729}: NameServer = 85.37.17.8 85.38.28.73
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


Reply With Quote
  #32  
Old 02-19-2007, 01:52 PM
sefirothmorpheus sefirothmorpheus is offline
Moderatore brazingles :)
 

Join Date: Mar 2006
Location: Cidade Maravilhosa
Posts: 7,475
sefirothmorpheus is on a distinguished road
Default

fixa:
C:\Documents and Settings\pippo\Desktop\cureit.exe
C:\DOCUME~1\pippo\IMPOST~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\pippo\IMPOST~1\Temp\RarSFX0\cureit.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O4 - HKLM\..\Run: [lsabdrcd] "c:\windows\system32\lsabdrcd.exe"
O4 - HKLM\..\Run: [tzppdb.exe] C:\DOCUME~1\pippo\IMPOST~1\Temp\tzppdb.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programmi\IrfanView\Ebay\Ebay.htm (file missing)

mi pare strano che non ti fixi alcuni elementi!
__________________
CoolStreaming: a cool way to smash (the) sky!
Per i nuovi arrivati: leggete il REGOLAMENTO e la sezione NUOVI ARRIVATI
Problemi con i vari softwares? Consultate la sezione GUIDE
Ricordate che in questo mondo non è gradito lo ZAPPING e se i MOD/ADM agiscono, un MOTIVO ci sarà!

Iscrivetevi: Formula COOL-ONE 2008 e CoolMoto 2008!
!omrehcs otseuq orteid otaloppartni onoS !otuiA

I can only show you the door. You're the one that has to walk through it...
Sefiroth-Morpheus


Reply With Quote
  #33  
Old 02-19-2007, 01:54 PM
ELJ ELJ is offline
Senior Member
 

Join Date: Apr 2006
Location: VALLI OLIMPICHE...TURIN
Posts: 2,032
ELJ is on a distinguished road
Exclamation

Quote:
Originally Posted by sefirothmorpheus
fixa:
C:\Documents and Settings\pippo\Desktop\cureit.exe
C:\DOCUME~1\pippo\IMPOST~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\pippo\IMPOST~1\Temp\RarSFX0\cureit.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O4 - HKLM\..\Run: [lsabdrcd] "c:\windows\system32\lsabdrcd.exe"
O4 - HKLM\..\Run: [tzppdb.exe] C:\DOCUME~1\pippo\IMPOST~1\Temp\tzppdb.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programmi\IrfanView\Ebay\Ebay.htm (file missing)

mi pare strano che non ti fixi alcuni elementi!

........quindi cosa mi proponi di fare???????????????


Reply With Quote
  #34  
Old 02-19-2007, 02:05 PM
sefirothmorpheus sefirothmorpheus is offline
Moderatore brazingles :)
 

Join Date: Mar 2006
Location: Cidade Maravilhosa
Posts: 7,475
sefirothmorpheus is on a distinguished road
Default

ritenta...
__________________
CoolStreaming: a cool way to smash (the) sky!
Per i nuovi arrivati: leggete il REGOLAMENTO e la sezione NUOVI ARRIVATI
Problemi con i vari softwares? Consultate la sezione GUIDE
Ricordate che in questo mondo non è gradito lo ZAPPING e se i MOD/ADM agiscono, un MOTIVO ci sarà!

Iscrivetevi: Formula COOL-ONE 2008 e CoolMoto 2008!
!omrehcs otseuq orteid otaloppartni onoS !otuiA

I can only show you the door. You're the one that has to walk through it...
Sefiroth-Morpheus


Reply With Quote
  #35  
Old 02-19-2007, 02:07 PM
ELJ ELJ is offline
Senior Member
 

Join Date: Apr 2006
Location: VALLI OLIMPICHE...TURIN
Posts: 2,032
ELJ is on a distinguished road
Exclamation

Logfile of HijackThis v1.99.1
Scan saved at 13.03.03, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\windows\system32\winlogon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\DOCUME~1\pippo\IMPOST~1\Temp\Rar$EX00.953\Hijac kThis.exe
C:\Documents and Settings\pippo\Desktop\cureit.exe
C:\DOCUME~1\pippo\IMPOST~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\pippo\IMPOST~1\Temp\RarSFX0\cureit.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\pippo\IMPOST~1\Temp\Rar$EX44.344\Hijac kThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8088
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IPPDetect] IPP4Detect.exe
O4 - HKLM\..\Run: [Smart Start UP] C:\Programmi\NewSoft\Smart Start UP\PnPDetect.exe /Automation
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [lsabdrcd] "c:\windows\system32\lsabdrcd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tzppdb.exe] C:\DOCUME~1\pippo\IMPOST~1\Temp\tzppdb.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programmi\IrfanView\Ebay\Ebay.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{F80DCE74-130A-47A2-BEB4-48C08875E729}: NameServer = 85.37.17.8 85.38.28.73
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

sto andando fuori di testa....................


Reply With Quote
  #36  
Old 02-19-2007, 02:17 PM
sefirothmorpheus sefirothmorpheus is offline
Moderatore brazingles :)
 

Join Date: Mar 2006
Location: Cidade Maravilhosa
Posts: 7,475
sefirothmorpheus is on a distinguished road
Default

non li elimina...
fai così..
scarica:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
http://www.bleepingcomputer.com/files/killbox.php

e fai scansioni!
__________________
CoolStreaming: a cool way to smash (the) sky!
Per i nuovi arrivati: leggete il REGOLAMENTO e la sezione NUOVI ARRIVATI
Problemi con i vari softwares? Consultate la sezione GUIDE
Ricordate che in questo mondo non è gradito lo ZAPPING e se i MOD/ADM agiscono, un MOTIVO ci sarà!

Iscrivetevi: Formula COOL-ONE 2008 e CoolMoto 2008!
!omrehcs otseuq orteid otaloppartni onoS !otuiA

I can only show you the door. You're the one that has to walk through it...
Sefiroth-Morpheus


Reply With Quote
  #37  
Old 02-19-2007, 02:26 PM
ELJ ELJ is offline
Senior Member
 

Join Date: Apr 2006
Location: VALLI OLIMPICHE...TURIN
Posts: 2,032
ELJ is on a distinguished road
Exclamation

Quote:
Originally Posted by sefirothmorpheus
..............DR.WEB è in piena scansione............vediamo cosa trova.............


Reply With Quote
  #38  
Old 02-19-2007, 02:38 PM
sefirothmorpheus sefirothmorpheus is offline
Moderatore brazingles :)
 

Join Date: Mar 2006
Location: Cidade Maravilhosa
Posts: 7,475
sefirothmorpheus is on a distinguished road
Default

dovrebbe cacciarti quel cureit.exe...
speriamo!
__________________
CoolStreaming: a cool way to smash (the) sky!
Per i nuovi arrivati: leggete il REGOLAMENTO e la sezione NUOVI ARRIVATI
Problemi con i vari softwares? Consultate la sezione GUIDE
Ricordate che in questo mondo non è gradito lo ZAPPING e se i MOD/ADM agiscono, un MOTIVO ci sarà!

Iscrivetevi: Formula COOL-ONE 2008 e CoolMoto 2008!
!omrehcs otseuq orteid otaloppartni onoS !otuiA

I can only show you the door. You're the one that has to walk through it...
Sefiroth-Morpheus


Reply With Quote
  #39  
Old 02-19-2007, 06:49 PM
ELJ ELJ is offline
Senior Member
 

Join Date: Apr 2006
Location: VALLI OLIMPICHE...TURIN
Posts: 2,032
ELJ is on a distinguished road
Exclamation

........qualcosa ha trovato:
OBJECT PATCH STATUS
A0017074.#XE C:\sistem volume infor. probably UPX
A0024500.#XE C:\sistem volume infor. probably UPX
KILLBOX ....non ho capito na mazza...........


Reply With Quote
  #40  
Old 02-19-2007, 09:18 PM
sefirothmorpheus sefirothmorpheus is offline
Moderatore brazingles :)
 

Join Date: Mar 2006
Location: Cidade Maravilhosa
Posts: 7,475
sefirothmorpheus is on a distinguished road
Default

per killbox:
http://www.manuali.it/forum/Informa...i-usa/14949.htm

in inglese:
http://forum.malwareremoval.com/viewtopic.php?t=320
http://metallica.geekstogo.com/killboxexplanation.html
__________________
CoolStreaming: a cool way to smash (the) sky!
Per i nuovi arrivati: leggete il REGOLAMENTO e la sezione NUOVI ARRIVATI
Problemi con i vari softwares? Consultate la sezione GUIDE
Ricordate che in questo mondo non è gradito lo ZAPPING e se i MOD/ADM agiscono, un MOTIVO ci sarà!

Iscrivetevi: Formula COOL-ONE 2008 e CoolMoto 2008!
!omrehcs otseuq orteid otaloppartni onoS !otuiA

I can only show you the door. You're the one that has to walk through it...
Sefiroth-Morpheus


Reply With Quote
Reply







Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 09:25 PM.


Powered by: vBulletin Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.1.0 ©2007, Crawlability, Inc.