Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
pc che non va
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
icare
Mortale pio
Mortale pio


Registrato: 28/08/07 09:42
Messaggi: 18
MessaggioInviato: 31 Gen 2008 14:08    Oggetto: pc che non va Rispondi citando
scusate..non so se la procedura è questa ma il mio pc non va...
ha diversi problemi...
l'antivirus panda on line mi trova sta roba qui


Incident Status Location

Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/LManager.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/VPTray.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/winampa.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/qttask.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/admtray.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/ccApp.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/AzMixerSel.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/SynTPEnh.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/ntiMUI.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/CameraAssistant.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/InstallHelper.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/BJPSMAIN.EXE]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/eDSloader.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/ePower_DMC.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/Monitor.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/NMBgMonitor.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/NeroCheck.exe]
Possible Virus. Not disinfected C:\AVENGER\BACKUP.ZIP[avenger/jusched.exe]
Possible Virus. Not disinfected C:\AVENGER\backup-27.08.2007-10.57.01,79.zip[avenger/igfxtray.exe]
Possible Virus. Not disinfected C:\AVENGER\backup-28.08.2007-18.36.10,20.zip[avenger/hkcmd.exe]
Possible Virus. Not disinfected C:\AVENGER\backup-28.08.2007-18.36.10,20.zip[avenger/igfxpers.exe]
Possible Virus. Not disinfected C:\AVENGER\backup-28.08.2007-18.36.10,20.zip[avenger/LVCOMSX.EXE]
Possible Virus. Not disinfected C:\AVENGER\backup-28.08.2007-18.36.10,20.zip[avenger/ElkCtrl.exe]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\notebook acer\Cookies\notebook acer@xiti[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\notebook acer\Dati applicazioni\Mozilla\Firefox\Profiles\4dkb8jb3.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\notebook acer\Dati applicazioni\Mozilla\Firefox\Profiles\4dkb8jb3.default\COOKIES.TXT[.apmebf.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\notebook acer\Dati applicazioni\Mozilla\Firefox\Profiles\4dkb8jb3.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\notebook acer\Dati applicazioni\Mozilla\Firefox\Profiles\4dkb8jb3.default\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\notebook acer\Dati applicazioni\Mozilla\Firefox\Profiles\4dkb8jb3.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\notebook acer\Dati applicazioni\Mozilla\Firefox\Profiles\4dkb8jb3.default\COOKIES.TXT[searchportal.information.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\notebook acer\Dati applicazioni\Mozilla\Firefox\Profiles\4dkb8jb3.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\notebook acer\Dati applicazioni\Mozilla\Firefox\Profiles\4dkb8jb3.default\COOKIES.TXT[.tradedoubler.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\notebook acer\Dati applicazioni\Mozilla\Firefox\Profiles\4dkb8jb3.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\notebook acer\Dati applicazioni\Mozilla\Firefox\Profiles\4dkb8jb3.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\notebook acer\Dati applicazioni\Mozilla\Firefox\Profiles\4dkb8jb3.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\notebook acer\Dati applicazioni\Mozilla\Firefox\Profiles\4dkb8jb3.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\notebook acer\Dati applicazioni\Mozilla\Firefox\Profiles\4dkb8jb3.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/Xiti Not disinfected C:\FOUND.012\FILE0003.CHK[.xiti.com/]
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.012\FILE0003.CHK[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.012\FILE0003.CHK[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.012\FILE0003.CHK[.atdmt.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.012\FILE0003.CHK[.tradedoubler.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.012\FILE0003.CHK[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.012\FILE0003.CHK[.bs.serving-sys.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.012\FILE0003.CHK[.mediaplex.com/]
Spyware:Cookie/Overture Not disinfected C:\FOUND.012\FILE0003.CHK[.overture.com/]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.012\FILE0003.CHK[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.012\FILE0003.CHK[.fastclick.net/]
Spyware:Cookie/Zedo Not disinfected C:\FOUND.012\FILE0003.CHK[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.012\FILE0003.CHK[.advertising.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\FOUND.012\FILE0003.CHK[.bluestreak.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.012\FILE0003.CHK[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.012\FILE0003.CHK[server.iad.liveperson.net/hc/6120698]
Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.012\FILE0003.CHK[statse.webtrendslive.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.012\FILE0003.CHK[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.012\FILE0003.CHK[.adrevolver.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.012\FILE0003.CHK[.casalemedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\FOUND.012\FILE0003.CHK[.atwola.com/]
Spyware:Cookie/Adtech Not disinfected C:\FOUND.012\FILE0003.CHK[.adtech.de/]
Spyware:Cookie/Apmebf Not disinfected C:\FOUND.012\FILE0003.CHK[.apmebf.com/]
Spyware:Cookie/Apmebf Not disinfected C:\FOUND.023\FILE0001.CHK[.apmebf.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.023\FILE0001.CHK[.fastclick.net/]
Spyware:Cookie/Xiti Not disinfected C:\FOUND.023\FILE0001.CHK[.xiti.com/]
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.023\FILE0001.CHK[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.023\FILE0001.CHK[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.023\FILE0001.CHK[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.023\FILE0001.CHK[.atdmt.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.023\FILE0001.CHK[.tradedoubler.com/]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.023\FILE0001.CHK[ad.yieldmanager.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\FOUND.023\FILE0001.CHK[.ads.addynamix.com/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.023\FILE0001.CHK[.advertising.com/]
Spyware:Cookie/Overture Not disinfected C:\FOUND.023\FILE0001.CHK[.overture.com/]
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.025\FILE0003.CHK[.statcounter.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.025\FILE0003.CHK[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\FOUND.025\FILE0003.CHK[.apmebf.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.025\FILE0003.CHK[.fastclick.net/]
Spyware:Cookie/Xiti Not disinfected C:\FOUND.025\FILE0003.CHK[.xiti.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.025\FILE0003.CHK[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.025\FILE0003.CHK[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.029\FILE0001.CHK[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.029\FILE0001.CHK[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\FOUND.029\FILE0001.CHK[.apmebf.com/]
Spyware:Cookie/Xiti Not disinfected C:\FOUND.029\FILE0001.CHK[.xiti.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.029\FILE0001.CHK[.doubleclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.029\FILE0001.CHK[.statcounter.com/]
Spyware:Cookie/Overture Not disinfected C:\FOUND.029\FILE0001.CHK[.overture.com/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.029\FILE0001.CHK[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.029\FILE0001.CHK[.tribalfusion.com/]

spero di non aver fatto casini e vi ringrazio immensamente
Top
Profilo Invia messaggio privato
icare
Mortale pio
Mortale pio


Registrato: 28/08/07 09:42
Messaggi: 18
MessaggioInviato: 31 Gen 2008 14:23    Oggetto: Rispondi citando
questo quanto rilevato da hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.21.24, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\NOTEBO~1\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Babylon\Babylon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\BOINC\boincmgr.exe
C:\Programmi\BOINC\boinc.exe
C:\Programmi\Java\jre1.6.0_02\bin\jucheck.exe
C:\Programmi\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_5.15_windows_intelx86
C:\Programmi\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_5.18_windows_intelx86
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\notebook acer\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/results.aspx?mkt=it-it&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Programmi\Systran\4_0\Premium\IEPlugIn.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Babylon Translator] C:\Programmi\Babylon\Babylon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: World Community Grid - BOINC Manager.lnk = C:\Programmi\BOINC\boincmgr.exe
O4 - Global Startup: Avvio Veloce di WinZip.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?5cafeaad4875406a93ac7a07b9909bfe
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?5cafeaad4875406a93ac7a07b9909bfe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Translate Page with Worldlingo.com - http://www.worldlingo.com/scripts/translate
O8 - Extra context menu item: Translate Selection with Worldlingo.com - http://www.worldlingo.com/scripts/translate
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Translate - {174AD5F0-A97B-11D3-99A2-000000000000} - http://www.worldlingo.com/scripts/translate (file missing)
O9 - Extra 'Tools' menuitem: Translate Page - {174AD5F0-A97B-11D3-99A2-000000000000} - http://www.worldlingo.com/scripts/translate (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F64AC9E5-6AF1-4530-9F62-DEFF8262B400}: NameServer = 85.37.17.58 85.38.28.94
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

--
End of file - 13261 bytes
Top
Profilo Invia messaggio privato
icare
Mortale pio
Mortale pio


Registrato: 28/08/07 09:42
Messaggi: 18
MessaggioInviato: 31 Gen 2008 14:25    Oggetto: Rispondi citando
questo quanto rilevato da hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.21.24, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\NOTEBO~1\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Babylon\Babylon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\BOINC\boincmgr.exe
C:\Programmi\BOINC\boinc.exe
C:\Programmi\Java\jre1.6.0_02\bin\jucheck.exe
C:\Programmi\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_5.15_windows_intelx86
C:\Programmi\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_5.18_windows_intelx86
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\notebook acer\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/results.aspx?mkt=it-it&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Programmi\Systran\4_0\Premium\IEPlugIn.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Babylon Translator] C:\Programmi\Babylon\Babylon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: World Community Grid - BOINC Manager.lnk = C:\Programmi\BOINC\boincmgr.exe
O4 - Global Startup: Avvio Veloce di WinZip.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?5cafeaad4875406a93ac7a07b9909bfe
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?5cafeaad4875406a93ac7a07b9909bfe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Translate Page with Worldlingo.com - http://www.worldlingo.com/scripts/translate
O8 - Extra context menu item: Translate Selection with Worldlingo.com - http://www.worldlingo.com/scripts/translate
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Translate - {174AD5F0-A97B-11D3-99A2-000000000000} - http://www.worldlingo.com/scripts/translate (file missing)
O9 - Extra 'Tools' menuitem: Translate Page - {174AD5F0-A97B-11D3-99A2-000000000000} - http://www.worldlingo.com/scripts/translate (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F64AC9E5-6AF1-4530-9F62-DEFF8262B400}: NameServer = 85.37.17.58 85.38.28.94
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

--
End of file - 13261 bytes
Top
Profilo Invia messaggio privato
icare
Mortale pio
Mortale pio


Registrato: 28/08/07 09:42
Messaggi: 18
MessaggioInviato: 31 Gen 2008 14:26    Oggetto: Rispondi citando
e questo con findawf

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\WINDOWS\SYSTEM32\BAK

07/09/2004 20.00 15.360 ctfmon.exe
1 File 15.360 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\WINDOWS\EHOME\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\LAUNCH~1\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\MSNMES~1\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\QUICKT~1\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\ACER\EMPOWE~1\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\WINDOWS\IME\IMJP8_1\BAK

07/09/2004 20.00 208.952 IMJPMIG.EXE
1 File 208.952 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\REALTEK\INSTAL~1\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\NEWTEC~1\NTICD&~1\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\ACER\ORBICAM\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\SKYPE\PHONE\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\CANON\EASY-P~2\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\ACER\EMPOWE~1\EDATAS~1\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\ACER\EMPOWE~1\EPOWER\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\ACER\EMPOWE~1\ERECOV~1\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK

07/09/2004 20.00 59.392 ImScInst.exe
1 File 59.392 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

07/09/2004 20.00 455.168 TINTSETP.EXE
1 File 455.168 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 0954-16DC

Directory di C:\PROGRA~1\JAVA\JRE15~2.0_1\BIN\BAK

0 File 0 byte
2 Directory 20.580.106.240 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 7 Sep 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
208952 7 Sep 2004 "C:\WINDOWS\ime\imjp8_1\imjpmig.exe"
208952 7 Sep 2004 "C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE"
59392 7 Sep 2004 "C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe"
59392 7 Sep 2004 "C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
455168 7 Sep 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe"
455168 7 Sep 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"


end of report
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 31 Gen 2008 18:28    Oggetto: Rispondi citando
Ciao icare Ciao
I log di HjT e FindAWF sembrano puliti...
La maggior parte sono cookie e ti basta usare ATF Cleaner serve a ripulire la cache di internet.
Avvialo e clicca su Select All e poi su Empty selected. Fai la stessa cosa con Firefox o Opera se li hai installati come browser, dal menu principale di ATF Cleaner. Altri file infetti sono contenuti nel backup creato da avenger e puoi eliminarlo. Che problemi riscontri? Guarda questa discussione
relativa a Combofix, e fai la scansione del PC postando il risultato come indicato.
Top
Profilo Invia messaggio privato
icare
Mortale pio
Mortale pio


Registrato: 28/08/07 09:42
Messaggi: 18
MessaggioInviato: 31 Gen 2008 18:54    Oggetto: Rispondi citando
parto con l'affermare che sono un grande ignorante per quanto riguarda i pc...
da giorni nel momento in cui stacco l'alimentatore al mio pc portatile, viene meno la connessione internet in quanto mi va a spegnere il wireless...
fino a qualche giorno fa inoltre nel momento in cui era inserito l'alimentatore, il pc si spegnava automaticamente...
ora magicamente questo problema è sparito...non riesco a capire se sia un virus che crei conflitto o cosa...
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 31 Gen 2008 19:44    Oggetto: Rispondi citando
Non credo che dipenda da un virus. Potrebbe essere un problema di alimentazione. Comunque se vuoi fai i passaggi indicati sopra...
Top
Profilo Invia messaggio privato
icare
Mortale pio
Mortale pio


Registrato: 28/08/07 09:42
Messaggi: 18
MessaggioInviato: 01 Feb 2008 09:34    Oggetto: Rispondi citando
come disattivo l'antivirus???? ho un norton
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 01 Feb 2008 10:09    Oggetto: Rispondi citando
Purtroppo non conosco bene Norton; prova a cliccare col tasto destro del mouse sull'icona vicino all'orologio; troverai qualche voce di menu che disattiva l'antivirus..
Top
Profilo Invia messaggio privato
icare
Mortale pio
Mortale pio


Registrato: 28/08/07 09:42
Messaggi: 18
MessaggioInviato: 01 Feb 2008 10:49    Oggetto: Rispondi citando
nel ringraziarti di tutto eccoti il report di combofix

ComboFix 08-02.01.1 - notebook acer 2008-02-01 9:31:43.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.372 [GMT 1:00]
Eseguito da: C:\Documents and Settings\notebook acer\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Creati Da 2008-01-01 al 2008-02-01 )))))))))))))))))))))))))))))))))))
.

2008-01-31 09:59 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\lhrpwhnujqgj.sys
2008-01-30 14:44 . 2008-01-30 14:44 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-01-27 16:17 . 2008-01-27 16:17 <DIR> d--hs---- C:\FOUND.030
2008-01-25 22:57 . 2008-01-25 22:57 <DIR> d--hs---- C:\FOUND.029
2008-01-25 00:04 . 2008-01-25 00:04 <DIR> d--hs---- C:\FOUND.028
2008-01-23 10:44 . 2008-01-23 10:44 <DIR> d--hs---- C:\FOUND.027
2008-01-23 10:17 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\resqdohiicct.sys
2008-01-21 16:31 . 2008-01-21 16:31 <DIR> d--hs---- C:\FOUND.026
2008-01-18 18:34 . 2008-01-18 18:34 <DIR> d--hs---- C:\FOUND.025
2008-01-18 14:07 . 2008-01-18 14:07 <DIR> d-------- C:\Documents and Settings\notebook acer\Dati applicazioni\skypePM
2008-01-18 14:07 . 2008-01-18 14:07 32 --a------ C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-01-18 13:43 . 2008-01-18 13:43 <DIR> d--hs---- C:\FOUND.024
2008-01-18 13:04 . 2008-01-18 13:04 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-01-18 13:03 . 2008-01-18 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-01-18 08:52 . 2008-01-18 08:52 <DIR> d--hs---- C:\FOUND.023
2008-01-17 21:40 . 2008-01-17 21:40 <DIR> d--hs---- C:\FOUND.022
2008-01-16 17:36 . 2008-01-16 17:36 <DIR> d--hs---- C:\FOUND.021
2008-01-16 12:35 . 2008-01-16 12:35 <DIR> d--hs---- C:\FOUND.020
2008-01-15 20:06 . 2008-01-15 20:06 <DIR> d--hs---- C:\FOUND.019
2008-01-15 16:37 . 2008-01-15 16:37 <DIR> d--hs---- C:\FOUND.018
2008-01-14 08:42 . 2008-01-14 08:42 <DIR> d--hs---- C:\FOUND.017
2008-01-13 15:33 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\msxtnkcdmbjv.sys
2008-01-13 14:33 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\dnbsxopganpa.sys
2008-01-13 13:54 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\wyijieihwoew.sys
2008-01-13 10:38 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\rkkjdbrgkgla.sys
2008-01-12 22:21 . 2008-01-12 22:21 <DIR> d--hs---- C:\FOUND.016
2008-01-12 20:21 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\oxkvubfjwriy.sys
2008-01-11 09:57 . 2008-01-15 14:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-11 09:57 . 2008-01-11 09:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-09 16:37 . 2008-01-09 16:37 <DIR> d--hs---- C:\FOUND.014
2008-01-07 12:38 . 2008-01-07 12:38 <DIR> d--hs---- C:\FOUND.013

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 10:46 --------- d-----w C:\Documents and Settings\notebook acer\Dati applicazioni\TVU Networks
2005-02-16 10:06 218,112 ----a-w C:\Programmi\HijackThis.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 15,360 2004-09-07 19:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-09-07 19:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 59,392 2004-09-07 19:00:00 C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe
----a-w 59,392 2004-09-07 19:00:00 C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe

----a-w 455,168 2004-09-07 19:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE
----a-w 455,168 2004-09-07 19:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

----a-w 208,952 2004-09-07 19:00:00 C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-09-07 19:00:00 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"Babylon Translator"="C:\Programmi\Babylon\Babylon.exe" [2002-11-21 10:32 2404429]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:53 110592 C:\WINDOWS\system32\bthprops.cpl]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 22:40 64512]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"ntiMUI"="C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-07 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-07 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-07 20:00 455168]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]
"LogitechCameraAssistant"="C:\Programmi\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776]
"LogitechVideo[inspector]"="C:\Programmi\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-08-01 12:07 125072]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-10 20:14 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 20:00 15360]

C:\Documents and Settings\notebook acer\Menu Avvio\Programmi\Esecuzione automatica\
World Community Grid - BOINC Manager.lnk - C:\Programmi\BOINC\boincmgr.exe [2007-10-03 09:57:28 3863296]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio Veloce di WinZip.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2006-12-29 22:53:05 106560]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\bak\int15.sys []
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-09-07 20:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cf67dc8-ba34-11dc-825d-0016d45f0ca3}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-16 18:35:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 08:21:02 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 09:38:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\DOCUME~1\NOTEBO~1\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Babylon\Babylon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\BOINC\boincmgr.exe
C:\Programmi\BOINC\boinc.exe
C:\Programmi\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_5.15_windows_intelx86
C:\Programmi\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_5.18_windows_intelx86
.
**************************************************************************
.
Ora fine scansione: 2008-02-01 9:42:51 - machine was rebooted [notebook acer]
ComboFix-quarantined-files.txt 2008-02-01 08:42:50
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 01 Feb 2008 11:01    Oggetto: Rispondi citando
C'è ancora dell'altro. Per cortesia, fai questi passi:
Scansione con GMER
Ricorda che i log di GMER sono due: Autostart e Rootkit. Postali su www.freefilehosting.net come indicato quì
Top
Profilo Invia messaggio privato
icare
Mortale pio
Mortale pio


Registrato: 28/08/07 09:42
Messaggi: 18
MessaggioInviato: 01 Feb 2008 11:32    Oggetto: Rispondi citando
[URL="http://www.freefilehosting.net/files/3ba59"]gmer110.txt[/URL]
[URL="http://www.freefilehosting.net/files/3ba5a"]gmer211.txt[/URL]

ecco i due gmer
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 01 Feb 2008 12:37    Oggetto: Rispondi
Non c'è nulla di sospetto nei log di GMER...
Scarica The Avenger
Scompattalo in una sua cartella in c:\
Avvialo
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
files to delete:
C:\WINDOWS\system32\drivers\lhrpwhnujqgj.sys
C:\WINDOWS\system32\drivers\resqdohiicct.sys
C:\WINDOWS\system32\drivers\msxtnkcdmbjv.sys
C:\WINDOWS\system32\drivers\dnbsxopganpa.sys
C:\WINDOWS\system32\drivers\wyijieihwoew.sys
C:\WINDOWS\system32\drivers\rkkjdbrgkgla.sys
C:\WINDOWS\system32\drivers\oxkvubfjwriy.sys

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato. Fai una scansione con Systemscan e posta il log generato come
indicato quì
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi