Il modem 56 è scollegato dalla linea da sempre, da quando ho l'adsl. Purtroppo è interno e non l'ho fisicamente rimosso, ma l'ho disattivato (almeno credo)da quando ho scoperto che il pc lo usava come connessione predefinita, che non funzionava e non faceva funzionare l'adsl. Credo che sia l'effetto di un dialer.
Vi posto il log richiesto e anche quello di bazooka; ho anche quello di siw, ma moi pare troppo lungo per poterlo allegare.
Ho fatto anche la scansione con clamvirus che non ha dato risultati, però il programma non era aggiornato perché non ho connessione
Logfile of HijackThis v1.99.0
Scan saved at 0.44.28, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Comodo\Firewall\CPF.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Libero\Adsl\dslstat.exe
C:\Program Files\Libero\Adsl\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
E:\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
E:\Documenti Renato\Belle cose\TOOLSUTILI\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Registry Mechanic\regmech.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Canon\MultiPASS4\MPDBMgr.exe
E:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.libero.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpywareTerminator] "E:\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Libero\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe
O4 - HKLM\..\Run: [ClamWin] "E:\Documenti Renato\Belle cose\TOOLSUTILI\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: MpService - Canon Inc. - C:\Programmi\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Spyware Terminator Realtime Shield Service - Crawler.com - E:\SPYWAR~1\sp_rsser.exe
Bazooka Scanner v1.13.03
http://www.kephyr.com/spywarescanner/http://www.kephyr.com/spywarescanner/library/support@kephyr.comLog created 21:58:49.
OS: Windows NT 5.1
Database version: 2.730000
Database format version: 1.020000
Database date: 20050314
Current date: 2007-04-12 21:58
****************************************
Result when scanning:
No threats found.
****************************************
Auto start entries:
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Leggimi di MultiPASS Canon.lnk.disabled
E:\Reader\reader_sl.exe
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Barra degli strumenti di MultiPASS Canon.lnk.disabled
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Monitor di stato MultiPASS Canon.lnk.disabled
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Visualizzatore MultiPASS Canon.lnk.disabled
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Leggimi di MultiPASS Canon.lnk.disabled
E:\Reader\reader_sl.exe
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Barra degli strumenti di MultiPASS Canon.lnk.disabled
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Monitor di stato MultiPASS Canon.lnk.disabled
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Visualizzatore MultiPASS Canon.lnk.disabled
C:\Documents and Settings\io\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\Documents and Settings\io\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php****************************************
Run entries:
avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\avast!
itunesff C:\WINDOWS\system32\itunesff.exe -go -c221 -w91
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\itunesff
DSLSTATEXE C:\Program Files\Libero\Adsl\dslstat.exe icon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DSLSTATEXE
DSLAGENTEXE C:\Program Files\Libero\Adsl\dslagent.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DSLAGENTEXE
Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php****************************************
Browser helper objects:
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} E:\ActiveX\AcroIEHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
{53707962-6F74-2D53-2644-206D7942484F} not set E:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
****************************************
Toolbars:
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\InprocServer32
System error message: Impossibile trovare il file specificato.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}
{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
{32683183-48a0-441b-a342-7c2a440a9478} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\InprocServer32
System error message: Impossibile trovare il file specificato.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
****************************************
All processes:
[System Process]
System
SMSS.EXE
CSRSS.EXE
WINLOGON.EXE
SERVICES.EXE
LSASS.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
EXPLORER.EXE
SPOOLSV.EXE
aswUpdSv.exe
ashServ.exe
mpservic.exe
ashDisp.exe
itunesff.exe
SVCHOST.EXE
dslstat.exe
dslagent.exe
ashMaiSv.exe
ashWebSv.exe
siw (diagnosi).exe
spywarescanner.exe
spywarescanner.exe
Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php****************************************
Internet Explorer Settings:
Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www
provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider
Local Page C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
Start Page
http://www.libero.it/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
****************************************
devo dire che la toolbar di yahoo non l'ho installata io, ma faccio spesso ricerche su yahoo e si sarà installata da sé
nel file di bazooka la stampante è scollegata perché avevo bisogno della porta usb per la chiavetta....grazie