Olimpo Informatico

[poiu]

salve a tutti!! Ho questo problema su un portatile acer...sono praticamente scomparsa ogni sorta di protezione...l'antivirus risulta installato ma non funziona minimamente...
all'avvio, se attendo un po ad effettuare la scelta dell'utente compare questo messaggio

ashMaiSv.exe- Impossibile individuare un componente

Impossibile avviare l'applicazione specificata. ashBase.dll non è stato trovato. Una nuova installazione dell'applicazione potrebbe risolvere il problema.

Quando dopo diversi tentativi riesco ad accedere l'altro messaggio di essere della stessa specie del precedente è questo:

zlclien.exe- Impossibile individuare un componente

Impossibile avviare l'applicazione specificata. framewrk.dll non è stato trovato. Una nuova installazione dell'applicazione potrebbe risolvere il problema.


Il log di HijackThis è il seguente:

Logfile of HijackThis v1.99.1
Scan saved at 9.05.42, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\WINDOWS\ietorrntplug.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [KTPWare] C:\Programmi\Elantech\ktp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "d:\Programmi\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] d:\Programmi\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: www.otherchance.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


Grazie a chiunque voglia darmi una mano!!
[/img]

[poiu]

dimenticavo che ad ogni avvio compare schermata blu:

Controllo in corso del file system su C:;
Il file system e' di tipo NTFS
L'etichetta del volume e' ...

Deve essere eseguito il controllo di coerenza su uno dei dischi.
Il controllo del disco puo' essere annullato, ma si consiglia di continuare...

[Orange]

Interessante....

postaci il risultato del log di FindAWF

[poiu]

Eccolo...



Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\PROGRA~1\ELANTECH\BAK

20/07/2005 08.13 249.856 ktp.exe
1 File 249.856 byte
2 Directory 2.490.650.624 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\WINDOWS\SYSTEM32\BAK

02/08/2007 13.00 15.360 ctfmon.exe
10/11/2003 17.06 406.016 PSDrvCheck.exe
2 File 421.376 byte
2 Directory 2.490.650.624 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

04/12/2007 14.00 79.224 ashDisp.exe
04/12/2007 13.59 247.160 ashmaisv.exe
2 File 326.384 byte
2 Directory 2.490.646.528 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

13/07/2005 23.34 61.440 cli.exe
1 File 61.440 byte
2 Directory 2.490.646.528 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\PROGRA~1\TRUST\TRUSTM~1\BAK

10/11/2007 11.34 462.848 CnxDslTb.exe
1 File 462.848 byte
2 Directory 2.490.646.528 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\PROGRA~1\ZONELA~1\ZONEAL~1\BAK

26/01/2005 03.23 902.936 zlclient.exe
1 File 902.936 byte
2 Directory 2.490.646.528 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK

04/02/2007 15.49 171.448 GoogleToolbarNotifier.exe
1 File 171.448 byte
2 Directory 2.490.646.528 byte disponibili
Il volume nell'unit? D ? ACER DATA
Numero di serie del volume: F0C0-42E2

Directory di D:\PROGRA~1\PINNACLE\SHARED~1\PROGRAMS\REMOTE\BAK

08/06/2006 09.40 90.112 Remoterm.exe
1 File 90.112 byte
2 Directory 40.698.855.424 byte disponibili
Il volume nell'unit? D ? ACER DATA
Numero di serie del volume: F0C0-42E2

Directory di D:\PROGRA~1\PINNACLE\SHARED~1\PROGRAMS\WEBUPD~1\BAK

08/06/2006 09.40 385.024 WebUpdater.exe
1 File 385.024 byte
2 Directory 40.698.855.424 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

10256 9 Jan 2008 "C:\Programmi\Elantech\ktp.exe"
249856 20 Jul 2005 "C:\Programmi\Elantech\bak\ktp.exe"
249856 11 Jan 2008 "C:\RECYCLER\S-1-5-21-2000478354-796845957-725345543-1003\Dc121\touchpad\Touchpad\Ktp.exe"
249856 20 Jul 2005 "C:\Documents and Settings\marco\Desktop\acer\touchpad\Touchpad\Ktp.exe"
15360 2 Aug 2007 "C:\WINDOWS\system32\ctfmon.exe"
15360 2 Aug 2007 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\SoftwareDistribution\Download\59c09c8627b551c5be08ab5777d2dca8\ctfmon.exe"
13312 31 Aug 2001 "D:\WINDOWS\system32\ctfmon.exe"
10256 9 Jan 2008 "C:\WINDOWS\system32\PSDrvCheck.exe"
406016 10 Nov 2003 "C:\WINDOWS\system32\bak\PSDrvCheck.exe"
10256 9 Jan 2008 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
10256 9 Jan 2008 "C:\Programmi\Alwil Software\Avast4\ashmaisv.exe"
247160 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashmaisv.exe"
10256 9 Jan 2008 "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe"
61440 13 Jul 2005 "C:\Programmi\ATI Technologies\ATI.ACE\bak\cli.exe"
10256 9 Jan 2008 "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
462848 10 Nov 2007 "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\bak\CnxDslTb.exe"
10256 9 Jan 2008 "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
902936 26 Jan 2005 "C:\Programmi\Zone Labs\ZoneAlarm\bak\zlclient.exe"
52272 4 Feb 2007 "C:\Programmi\Google\googletoolbar3user.exe"
68856 19 May 2007 "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
138168 4 Feb 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
10256 9 Jan 2008 "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
171448 4 Feb 2007 "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
10256 9 Jan 2008 "D:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe"
90112 8 Jun 2006 "D:\Programmi\Pinnacle\Shared Files\Programs\Remote\bak\Remoterm.exe"
10256 9 Jan 2008 "D:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe"
385024 8 Jun 2006 "D:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\bak\WebUpdater.exe"


end of report

[bdoriano]

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[poiu]

Risultato di avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vlcqmceh

*******************

Script file located at: \??\C:\Program Files\acdvxijg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\Elantech\ktp.exe deleted successfully.
File C:\WINDOWS\system32\PSDrvCheck.exe deleted successfully.
File C:\Programmi\Alwil Software\Avast4\ashDisp.exe deleted successfully.
File C:\Programmi\Alwil Software\Avast4\ashmaisv.exe deleted successfully.
File C:\Programmi\ATI Technologies\ATI.ACE\cli.exe deleted successfully.
File C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe deleted successfully.
File C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe deleted successfully.
File D:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe deleted successfully.
File D:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe deleted successfully.
File move operation C:\Programmi\Elantech\bak\ktp.exe|C:\Programmi\Elantech\ktp.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\PSDrvCheck.exe|C:\WINDOWS\system32\PSDrvCheck.exe completed successfully.
File move operation C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe|C:\Programmi\Alwil Software\Avast4\ashDisp.exe completed successfully.
File move operation C:\Programmi\Alwil Software\Avast4\bak\ashmaisv.exe|C:\Programmi\Alwil Software\Avast4\ashmaisv.exe completed successfully.
File move operation C:\Programmi\ATI Technologies\ATI.ACE\bak\cli.exe|C:\Programmi\ATI Technologies\ATI.ACE\cli.exe completed successfully.
File move operation C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\bak\CnxDslTb.exe|C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe completed successfully.
File move operation C:\Programmi\Zone Labs\ZoneAlarm\bak\zlclient.exe|C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe completed successfully.
File move operation C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe completed successfully.
File move operation D:\Programmi\Pinnacle\Shared Files\Programs\Remote\bak\Remoterm.exe|D:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe completed successfully.
File move operation D:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\bak\WebUpdater.exe|D:\Programmi\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.



Risultato di hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 13.58.34, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\marco\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [KTPWare] C:\Programmi\Elantech\ktp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "d:\Programmi\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] d:\Programmi\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: www.otherchance.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

[poiu]

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\PROGRA~1\ELANTECH\BAK

0 File 0 byte
2 Directory 2.461.278.208 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\WINDOWS\SYSTEM32\BAK

02/08/2007 13.00 15.360 ctfmon.exe
1 File 15.360 byte
2 Directory 2.461.278.208 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

0 File 0 byte
2 Directory 2.461.274.112 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

0 File 0 byte
2 Directory 2.461.274.112 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\PROGRA~1\TRUST\TRUSTM~1\BAK

0 File 0 byte
2 Directory 2.461.274.112 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\PROGRA~1\ZONELA~1\ZONEAL~1\BAK

0 File 0 byte
2 Directory 2.461.274.112 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: C8E9-FEE9

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK

0 File 0 byte
2 Directory 2.461.274.112 byte disponibili
Il volume nell'unit? D ? ACER DATA
Numero di serie del volume: F0C0-42E2

Directory di D:\PROGRA~1\PINNACLE\SHARED~1\PROGRAMS\REMOTE\BAK

0 File 0 byte
2 Directory 40.698.834.944 byte disponibili
Il volume nell'unit? D ? ACER DATA
Numero di serie del volume: F0C0-42E2

Directory di D:\PROGRA~1\PINNACLE\SHARED~1\PROGRAMS\WEBUPD~1\BAK

0 File 0 byte
2 Directory 40.698.834.944 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 2 Aug 2007 "C:\WINDOWS\system32\ctfmon.exe"
15360 2 Aug 2007 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\SoftwareDistribution\Download\59c09c8627b551c5be08ab5777d2dca8\ctfmon.exe"
13312 31 Aug 2001 "D:\WINDOWS\system32\ctfmon.exe"


end of report

[bdoriano]

I 2 logs sembrano puliti. Riscontri ancora problemi?

[poiu]

E' tutto ok!!grazie mille!!solo una domanda per curiosità..voi per verificare la pulizia dei log come fate? c'è qualche sito con una lista di virus aggiornato?

[bdoriano]

Per i log di hijackthis, usiamo questo sito come base di partenza.
Gli altri log... usiamo l'esperienza. (non esistono lettori automatici).

[poiu]

e vabbè l'ho detta grossa grazie per la vostra esperienza!!