Per favore controllate questo log dopo la pulizia del pc con due tools di rimozione...
Logfile of HijackThis v1.99.1
Scan saved at 19.57.21, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\File
comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Microsoft
Shared\Works Shared\wkcalrem.exe
C:\Programmi\Adobe\Acrobat 7.0
\Reader\reader_sl.exe
C:\Documents and
Settings\Paolo\Documenti\Mauro\software_UTILE\
hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://google.it/
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion
\Internet Settings,ProxyOverride = rcs
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programmi\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up
- {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Programmi\Yahoo!
\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr]
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh]
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WorksFUD]
C:\Programmi\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio]
C:\Programmi\Microsoft Works\WksSb.exe
/AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update
Detection] C:\Programmi\Microsoft
Works\WkDetect.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1
\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [navman_20]
"C:\windows\sysnav32.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader]
"C:\Programmi\Adobe\Photoshop Album Starter
Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [FASTTRACKPassepartout]
C:\WINDOWS\Passepartout.exe -A
*fLabFXSyYwBBytttffaaDDWWEg55w511MOddzTGGIQkl3
3g8LNYLTDWXIc5xzyjoLNadmHGHVwUR44gwZObOXTmixI9
8QzuvYMIYXDGWNMNRzzv2ZMbLXXnWBwNdhtlhcfYbnC3WR
1VVv80zdLaLXXXmRwZN8tpvMffbjDHXVJRx88yTaMZfHXS
ERwBZ0tj8cfZTDCWno15wv80tLLZf3XXEBwN5htp8cfbL3
HWXNFkwl1gtcaYfGWWCF5w1ykg8dacLGW2X9NVw1pj0dIb
MCG2X5V5w01kxccbLmmyDF8BEmgwsZcZMmGXSlVIwjygxY
IdLWHWDRV4J2ug8YIdLWHGX5RVwjlttZbcfSXGC5B81uvg
8ZIYdXG2XRN9B8vt4MbcLTXGmABxVzsl4MZcZjX3XdNNx8
zpTMadfjXmDNZ8M8vg4MIZNnGGjwRkFtpg8fIbTCH3n1NR
w8l0i
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Programmi\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %
systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [usdr6cw]
C:\Programmi\SystemDoctor 2006
Free\usdr6cw.exe -c
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1
\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client]
"C:\Programmi\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS]
"C:\Programmi\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Updater] C:\Programmi\Carpe
Diem\manga[1]\CDUpdater.exe CD_UPDATER
O4 - HKCU\..\Run: [FASTTRACKPassepartout]
C:\WINDOWS\Passepartout.exe -A
*fLabFXSyYwBBytttffaaDDWWEg55w511MOddzTGGIQkl3
3g8LNYLTDWXIc5xzyjoLNadmHGHVwUR44gwZObOXTmixI9
8QzuvYMIYXDGWNMNRzzv2ZMbLXXnWBwNdhtlhcfYbnC3WR
1VVv80zdLaLXXXmRwZN8tpvMffbjDHXVJRx88yTaMZfHXS
ERwBZ0tj8cfZTDCWno15wv80tLLZf3XXEBwN5htp8cfbL3
HWXNFkwl1gtcaYfGWWCF5w1ykg8dacLGW2X9NVw1pj0dIb
MCG2X5V5w01kxccbLmmyDF8BEmgwsZcZMmGXSlVIwjygxY
IdLWHWDRV4J2ug8YIdLWHGX5RVwjlttZbcfSXGC5B81uvg
8ZIYdXG2XRN9B8vt4MbcLTXGmABxVzsl4MZcZjX3XdNNx8
zpTMadfjXmDNZ8M8vg4MIZNnGGjwRkFtpg8fIbTCH3n1NR
w8l0i
O4 - Global Startup: Promemoria del Calendario
di Microsoft Works.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe
Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0
\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in
Microsoft Excel - res://C:\PROGRA~1\MICROS~3
\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-
41C8-B9BE-3C9C571A8263} - C:\PROGRA~1
\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110
-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger
- {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server
(Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1
\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service
(Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1
\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) -
GRISOFT, s.r.o. - C:\PROGRA~1
\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2
(EPSONStatusAgent2) - SEIKO EPSON CORPORATION
- C:\Programmi\File
comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Programmi\File
comuni\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: TrueVector Internet Monitor
(vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZONELABS\vsmon.exe
Registrazione