Precedente :: Successivo |
Autore |
Messaggio |
avva_necate Mortale pio

Registrato: 07/02/08 14:35 Messaggi: 15
|
Inviato: 07 Feb 2008 15:03 Oggetto: Virus Instant Access e altri malware |
|
|
Un saluto alla redazione del forum!
Sono giunto ai vostri lidi dopo una snervante serie di inutili tentativi per eliminare un problema che affligge la mia connessione internet. Premetto che già da qualche giorno leggo il forum e ho trovato un problema simile al mio descritto da un altro utente. Solo che, leggendo le risposte nel thread, ho visto che alcune cose non sono uguali al mio caso, quindi eccomi costretto a "invadere" il forum con un nuovo messaggio.
Il mio PC fisso è un ACER con Pentium 4 CPU 3.06 GHz, 960 MB di RAM, OS Windows XP Home Edition Versione 2002 - Service Pack 2; unico Hard Disk da 180 GB diviso in due ripartizioni. Ho una connessione ADSL Telecom.
Come antivirus uso Avast v.4.7 Professional Edition e ho anche Spyware Doctor 5.01.205.
Da mesi mi capita ogni giorno che la connessione ADSL si disconnetta da sola. Se provo subito a riconnettermi ho gli errori 633, e dopo un po' 628. Aspetto un cinque-dieci minuti, riprovo e la connessione avviene senza problemi. Se sto con la connessione per tutto il giorno, la disconnessione mi può capitare, in media, 3-5 volte al giorno.
Ho fatto scansioni su scansioni con Avast, con Spyware Doctor (togliendo tutti i malware che il programma riusciva a vedere), ho disinstallato e reinstallato i driver del modem, ho fatto controllare la linea dalla Telecom (e mi hanno detto che non c'è nessun problema), ma il problema persiste.
Qualche giorno fa, ho guardato la finestra "Connessioni di Rete" in Pannello di Controllo e ho visto che quando avviene la disconnessione appare una seconda connessione che io non ho, con il nome di IDREB.
Penso che sia una specie di dialer che cerca di connettersi.
Ho scaricato Hijackthis e fatto lo scan. Questo è il log fatto oggi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.25.45, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\windows\system32\services.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
--
End of file - 8432 bytes
*** *** ***
Ho scaricato findAWF e fatto lo scan. Questo è il log:
Find AWF report by noahdfear ©2006
Version 1.40
bak folders found
~~~~~~~~~~~
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\WINDOWS\BAK
11/05/2000 01.00 90.112 UpdReg.EXE
1 File 90.112 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\WINDOWS\SYSTEM32\BAK
19/08/2004 05.00 15.360 ctfmon.exe
09/07/2001 10.50 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\ITUNES\BAK
14/06/2006 16.24 278.528 iTunesHelper.exe
1 File 278.528 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\QUICKT~1\BAK
0 File 0 byte
3 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\LEXMAR~1\BAK
19/08/2003 11.01 57.344 lxbkbmgr.exe
1 File 57.344 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\WINDOWS\IME\IMJP8_1\BAK
19/08/2004 05.00 208.952 IMJPMIG.EXE
1 File 208.952 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\NEWTEC~1\NTICD&~1\BAK
11/05/2005 18.15 45.056 ntiMUI.exe
03/05/2007 01.36 2.040 ntiMUI.log
2 File 47.096 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
02/11/2004 20.24 32.768 PDVDServ.exe
1 File 32.768 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\QUICKT~1\BAK\BAK
0 File 0 byte
3 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\SLYSOFT\CLONECD\BAK
19/05/2005 15.47 57.344 CloneCDTray.exe
1 File 57.344 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK
09/07/2007 19.31 68.856 GoogleToolbarNotifier.exe
1 File 68.856 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\IGN\DOWNLO~1\BAK
08/11/2006 02.22 972.432 DLM.exe
1 File 972.432 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK
15/01/2007 18.28 108.160 ashDisp.exe
1 File 108.160 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\SKYPE\PHONE\BAK
0 File 0 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\LOGITECH\QUICKC~1\BAK
26/06/2006 10.34 614.960 QuickCam10.exe
1 File 614.960 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\ACER\EMPOWE~1\ERECOV~1\BAK
16/11/2005 17.00 397.312 Monitor.exe
1 File 397.312 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK
19/08/2004 05.00 59.392 ImScInst.exe
1 File 59.392 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK
19/08/2004 05.00 455.168 TINTSETP.EXE
1 File 455.168 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\FILECO~1\LOGITECH\LCOMMGR\BAK
26/06/2006 09.46 497.200 Communications_Helper.exe
1 File 497.200 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK
09/11/2006 15.07 49.263 jusched.exe
1 File 49.263 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\QUICKT~1\BAK\BAK\BAK
14/12/2007 19.48 10.256 qttask.exe
1 File 10.256 byte
3 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK
27/01/2007 12.22 171.448 GoogleToolbarNotifier.exe
1 File 171.448 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\SYNCRO~1\POS\H2O\BAK
11/05/2005 02.46 200.069 cledx.exe
1 File 200.069 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\QUICKT~1\BAK\BAK\BAK\BAK
14/12/2007 19.56 14.348 qttask.exe
1 File 14.348 byte
3 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK
30/11/2007 13.40 67.128 LogitechDesktopMessenger.exe
1 File 67.128 byte
2 Directory 7.436.009.472 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 320D-180E
Directory di C:\PROGRA~1\QUICKT~1\BAK\BAK\BAK\BAK\BAK
03/01/2007 18.15 282.624 qttask.exe
1 File 282.624 byte
2 Directory 7.436.009.472 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 11 May 2000 "C:\WINDOWS\bak\UpdReg.EXE"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
278528 14 Jun 2006 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
10256 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\qttask.exe"
14348 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe"
282624 3 Jan 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe"
10256 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\qttask.exe"
14348 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe"
282624 3 Jan 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe"
10256 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\qttask.exe"
14348 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe"
282624 3 Jan 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe"
57344 19 Aug 2003 "C:\Programmi\Lexmark X1100 Series\bak\lxbkbmgr.exe"
208952 19 Aug 2004 "C:\WINDOWS\ime\imjp8_1\imjpmig.exe"
208952 19 Aug 2004 "C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE"
45056 11 May 2005 "C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe"
2040 30 Mar 2007 "C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.log"
2040 3 May 2007 "C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.log"
32768 2 Nov 2004 "C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe"
10256 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\qttask.exe"
14348 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe"
282624 3 Jan 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe"
10256 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\qttask.exe"
14348 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe"
282624 3 Jan 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe"
10256 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\qttask.exe"
14348 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe"
282624 3 Jan 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe"
57344 19 May 2005 "C:\Programmi\SlySoft\CloneCD\bak\CloneCDTray.exe"
52272 29 Apr 2007 "C:\Programmi\Google\googletoolbar2user.exe"
14348 14 Dec 2007 "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
69632 14 Feb 2007 "C:\Programmi\Google\Google Earth\googleearth.exe"
68856 9 Jul 2007 "C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
138168 29 Apr 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
171448 27 Jan 2007 "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
14879120 12 Nov 2006 "G:\Molo3\GoogleEarthWin.exe"
618056 4 Mar 2006 "G:\Molo1\installare-3\GoogleToolbarInstaller.exe"
11817800 9 Jan 2006 "G:\Molo2\Software\GoogleEarth-0762.exe"
972432 8 Nov 2006 "C:\Programmi\IGN\Download Manager\bak\DLM.exe"
79224 6 Sep 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
108160 15 Jan 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
614960 26 Jun 2006 "C:\Programmi\Logitech\QuickCam10\bak\QuickCam10.exe"
397312 16 Nov 2005 "C:\Acer\Empowering Technology\eRecovery\bak\Monitor.exe"
59392 19 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe"
59392 19 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe"
455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
563984 25 Oct 2007 "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
497200 26 Jun 2006 "C:\Programmi\File comuni\Logitech\LComMgr\bak\Communications_Helper.exe"
36975 26 Aug 2005 "C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe"
132496 25 Sep 2007 "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
49263 9 Nov 2006 "C:\Programmi\Java\jre1.5.0_10\bin\bak\jusched.exe"
10256 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\qttask.exe"
14348 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe"
282624 3 Jan 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe"
10256 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\qttask.exe"
14348 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe"
282624 3 Jan 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe"
10256 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\qttask.exe"
14348 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe"
282624 3 Jan 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe"
52272 29 Apr 2007 "C:\Programmi\Google\googletoolbar2user.exe"
14348 14 Dec 2007 "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
69632 14 Feb 2007 "C:\Programmi\Google\Google Earth\googleearth.exe"
68856 9 Jul 2007 "C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
138168 29 Apr 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
171448 27 Jan 2007 "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
14879120 12 Nov 2006 "G:\Molo3\GoogleEarthWin.exe"
618056 4 Mar 2006 "G:\Molo1\installare-3\GoogleToolbarInstaller.exe"
11817800 9 Jan 2006 "G:\Molo2\Software\GoogleEarth-0762.exe"
200069 11 May 2005 "C:\Programmi\Syncrosoft\POS\H2O\bak\cledx.exe"
10256 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\qttask.exe"
14348 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe"
282624 3 Jan 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe"
10256 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\qttask.exe"
14348 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe"
282624 3 Jan 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe"
364296 1 Oct 2007 "C:\Programmi\Logitech\QuickCam\LU\LogitechUpdate.exe"
14348 14 Dec 2007 "C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
67128 30 Nov 2007 "C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"
10256 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\qttask.exe"
14348 14 Dec 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe"
282624 3 Jan 2007 "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe"
end of report
*** *** *** ***
Ho scaricato Avenger, ma non riesco a utilizzarlo, e mi è impossibile eliminare le chiavi che bloccano l'eseguibile anche se disattivo il ripristino configurazione di sistema. Sono esasperato da questa disconnessione. Per favore, qualcuno potrebbe aiutarmi? Ve ne sarei enormemente grato.
Grazie della vostra attenzione.
Stefano |
|
Top |
|
 |
Sante62 Dio maturo


Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 07 Feb 2008 16:47 Oggetto: |
|
|
Ciao avva_necate e benvenuto...
Se non sbaglio hai detto di aver scaricato Avenger, quindi Scompattalo in una sua cartella in c:\
Avvialo
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione: | files to delete:
C:\Programmi\QuickTime\bak\bak\bak\qttask.exe
C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
files to move:
C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe | C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
folders to delete:
C:\Programmi\QuickTime\bak\bak\bak\bak
C:\Programmi\QuickTime\bak\bak\bak
C:\Programmi\QuickTime\bak\bak
C:\Programmi\QuickTime\bak |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis. Adesso salva questo file sul desktop
Disconettiti da internet, seleziona il file DelDomains.inf, tasto destro del mouse e scegli l'opzione "Installa". Fai anche un nuovo log con FindAWF. Collegati a Kaspersky online scanner
Quando sta scaricando i file necessari, disattiva momentaneamente l'antivirus. Non appena inizia la scansione del PC disconnettiti da internet.
Alla fine carica il risultato su www.freefilehosting.net, riportando quì il link che ti viene assegnato. |
|
Top |
|
 |
avva_necate Mortale pio

Registrato: 07/02/08 14:35 Messaggi: 15
|
Inviato: 07 Feb 2008 19:41 Oggetto: |
|
|
Grazie Sante62, però è proprio con il funzionamento di Avenger che ho
problemi. Ho scompattato lo zip e messo la cartella in C:\, ma se tento di aprire la cartella, se ne vanno le icone e la barra dal desktop, come se chiudessi explorer.exe, pochi secondi dopo il desktop torna normale, ma si chiude la finestra di C:\ e mi compare l'avviso di protezione Windows "il computer potrebbe essere esposto a rischi". Ho trasferito direttamente lo zip in C:\, ho scompattato e riprovato, ma non mi fa entrare nella cartella!
Stefano |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 07 Feb 2008 20:42 Oggetto: |
|
|
Ciao avva_necate,
da Start/Esegui digita regedit e dai l'OK
portati alla chiave
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
guarda se esistono
- explorer.exe e se c'è riporta qui i valori.
- iexplore.exe e se c'è riporta qui i valori.
fai lo stesso con
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
individua nella finestra di destra Userinit
riporta qui i valori |
|
Top |
|
 |
avva_necate Mortale pio

Registrato: 07/02/08 14:35 Messaggi: 15
|
Inviato: 07 Feb 2008 20:55 Oggetto: |
|
|
Ciao bdoriano!
Allora, ho aperto il regedit e ho trovato la subdirectory che dici tu.
-iexplorer.exe non esiste.
-explorer.exe c'è e mi dà due righe nella finestra a destra:
Predefinito - REG_SZ - (valore non impostato)
Debugger - REG_SZ - "c:\windows\system32\jqdevopq.gif"
Invece per HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon --> Userinit:
Userinit - REG_SZ - C:\WINDOWS\system32\userinit.exe, |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 07 Feb 2008 21:08 Oggetto: |
|
|
- Avvia il pc in modalità provvisoria
- con CTRL+ALT+CANC apri il Task manager
- seleziona e chiudi il processo Explorer.exe
- scegli: file -> nuova operazione --> digita regedit -->invio
- nel file di registro trova la chiave:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
- clic con destro su explorer.exe e scegli Elimina
nel caso non si faccia eliminare: - clic con destro su explorer.exe,
- seleziona l'opzione autorizzazioni,
- seleziona il tuo account
- spunta la casella controllo completo nella colonna consenti.
- poi di nuovo clic con destro-->elimina.
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione: | files to delete:
C:\Programmi\QuickTime\bak\bak\bak\qttask.exe
C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\windows\system32\jqdevopq.gif
files to move:
C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe | C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
folders to delete:
C:\Programmi\QuickTime\bak\bak\bak\bak
C:\Programmi\QuickTime\bak\bak\bak
C:\Programmi\QuickTime\bak\bak
C:\Programmi\QuickTime\bak |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Scarica DelDomains e salvalo sul desktop (clic con destro sul link > salva oggetto)
poi clic con destro sul file e scegli Installa. |
|
Top |
|
 |
avva_necate Mortale pio

Registrato: 07/02/08 14:35 Messaggi: 15
|
Inviato: 07 Feb 2008 21:44 Oggetto: |
|
|
Bdoriano, ho fatto ttuo. Ecco che posto qui il risultato di Avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rjkim^su
*******************
Script file located at: \??\C:\WINDOWS\truukbjp.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Programmi\QuickTime\bak\bak\bak\qttask.exe deleted successfully.
File C:\Programmi\QuickTime\bak\bak\bak\bak\qttask.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
File C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe deleted successfully.
File c:\windows\system32\jqdevopq.gif deleted successfully.
File move operation C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe completed successfully.
File move operation C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe completed successfully.
File move operation C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe|C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe completed successfully.
Folder C:\Programmi\QuickTime\bak\bak\bak\bak deleted successfully.
Folder C:\Programmi\QuickTime\bak\bak\bak deleted successfully.
Could not delete folder C:\Programmi\QuickTime\bak\bak
Deletion of folder C:\Programmi\QuickTime\bak\bak failed!
Could not process line:
C:\Programmi\QuickTime\bak\bak
Status: 0xc0000035
Could not delete folder C:\Programmi\QuickTime\bak
Deletion of folder C:\Programmi\QuickTime\bak failed!
Could not process line:
C:\Programmi\QuickTime\bak
Status: 0xc0000035
Completed script processing.
*******************
Finished! Terminate.
Ed ecco il log aggiornato di hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.40.37, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\windows\system32\services.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
--
End of file - 8301 bytes
-------------------------------------------
Ho anche installato deldomains. |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 07 Feb 2008 22:01 Oggetto: |
|
|
Sembra che DelDomains non abbia fatto il suo dovere...
- Scarica FixWareOut da uno di questi siti:
Sito 1
Sito 2
Sito 3
- Salvalo sul desktop
- Avvialo
- Clicca Next
- Clicca Install
- Assicurati che ci sia il segno di spunta su "Run fixit"
- Clicca Finish.
- Segui le indicazioni.
- Ti chiederà di riavviare il pc, fallo.
- Ci metterà parecchio a riavviarsi. Sii paziente.
- Alla fine dell'operazione, riavvia ancora il pc.
- Rifai il log di hijackthis e postalo insieme al file C:\fixwareout\report.txt
Segui le istruzioni di questo topic per postare il log di combofix. |
|
Top |
|
 |
avva_necate Mortale pio

Registrato: 07/02/08 14:35 Messaggi: 15
|
Inviato: 07 Feb 2008 22:13 Oggetto: |
|
|
Fatto. Allora, ecco il report di Fixwareout:
Username "Utente" - 07/02/2008 21.05.25 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
Svuotata la cache del resolver DNS.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SoundMan"="SOUNDMAN.EXE"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"QuickTime Task"="\"C:\\Programmi\\QuickTime\\bak\\bak\\bak\\bak\\bak\\qttask.exe\" -atboottime"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"LogitechCommunicationsManager"="\"C:\\Programmi\\File comuni\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Programmi\\Logitech\\QuickCam\\Quickcam.exe\" /hide"
"SunJavaUpdateSched"="\"C:\\Programmi\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"GSICONEXE"="GSICON.EXE"
"DSLAGENTEXE"="dslagent.exe USB"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Programmi\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"LDM"="C:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Ed ecco il log di hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.12.42, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\hijackthis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4883211-C493-44BF-A0FD-CEA81D6257E0}: NameServer = 62.211.69.150 212.48.4.15
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
--
End of file - 8159 bytes |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 07 Feb 2008 22:38 Oggetto: |
|
|
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato. |
|
Top |
|
 |
avva_necate Mortale pio

Registrato: 07/02/08 14:35 Messaggi: 15
|
Inviato: 07 Feb 2008 22:53 Oggetto: |
|
|
Bdoriano, ho appena finito di usare combofix.
ci ha messo un bel po' di tempo e mentre faceva il report windows mi ha visualizzato un paio di volte un messaggio di errore tipo che mancava il disco nell'unità o qualcosa del genere, però poi tutto è andato a buon fine e ha fatto il report.
Eccolo qui:
ComboFix 08-02.05.3 - Utente 2008-02-07 21.17.16.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.577 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Utente\Dati applicazioni\inst.exe
C:\Documents and Settings\Utente\Dati applicazioni\macromedia\Flash Player\#SharedObjects\4B5HF2S2\www.broadcaster.com
C:\Documents and Settings\Utente\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Utente\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Programmi\inetget2
C:\Programmi\WinBudget
C:\Programmi\WinBudget\bin\crap.1201805019.old
C:\Programmi\WinBudget\bin\matrix.dat
C:\Programmi\WinBudget\bin\matrix.dll
----- BITS: Possible infected sites -----
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Creati Da 2008-01-07 al 2008-02-07 )))))))))))))))))))))))))))))))))))
.
2008-02-07 21:05 . 2008-02-07 21:05 <DIR> d-------- C:\fixwareout
2008-02-07 20:35 . 2008-02-06 00:31 127,378 --a------ C:\avenger.zip
2008-02-07 20:20 . 2005-11-03 12:38 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-02-07 20:20 . 2005-11-03 12:38 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-02-07 20:20 . 2005-11-03 12:52 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2008-02-07 20:20 . 2005-11-03 12:38 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-02-07 20:20 . 2005-11-03 12:38 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-02-07 20:20 . 2005-11-03 12:38 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-02-07 20:20 . 2005-11-03 12:52 <DIR> dr------- C:\Documents and Settings\Administrator\Documenti
2008-02-07 20:20 . 2005-11-03 13:00 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-02-07 20:20 . 2005-11-03 12:38 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-02-06 00:58 . 2008-02-06 00:58 <DIR> d-------- C:\hijackthis
2008-02-06 00:53 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-02 13:54 . 2008-02-02 13:54 <DIR> d-------- C:\Programmi\B-QUICK
2008-02-02 13:54 . 2001-07-23 09:10 278,528 --a------ C:\WINDOWS\system32\gsi.cpl
2008-02-02 13:54 . 2001-08-10 19:30 249,504 --a------ C:\WINDOWS\system32\drivers\gwausb.sys
2008-02-02 13:54 . 2001-07-20 12:41 106,496 --------- C:\WINDOWS\system32\instDll.dll
2008-02-02 13:54 . 2001-07-20 11:22 90,112 --a------ C:\WINDOWS\system32\gsicon.exe
2008-02-02 13:54 . 2001-06-14 16:52 81,920 --------- C:\WINDOWS\system32\gspnDll.dll
2008-02-02 13:54 . 2001-07-22 21:50 26,859 --a------ C:\WINDOWS\system32\drivers\gafwload.sys
2008-02-02 13:54 . 2001-06-14 16:53 25,088 --a------ C:\WINDOWS\system32\CoInst.dll
2008-02-02 13:54 . 2001-06-14 16:52 24,576 --------- C:\WINDOWS\system32\delaySpawn.exe
2008-02-02 13:54 . 2001-06-14 16:52 16,384 --------- C:\WINDOWS\system32\DSLAGENT.EXE
2008-02-02 13:54 . 2001-12-06 23:11 9,693 --------- C:\WINDOWS\wwdslcfg.ini
2008-01-19 13:29 . 2008-01-19 13:29 20 --a------ C:\s2r8.1
2008-01-08 22:41 . 2008-01-08 22:42 243 --a------ C:\WINDOWS\MugE.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 19:06 --------- d-----w C:\Programmi\Ligos
2008-01-06 13:05 --------- d-----w C:\Programmi\Windows Media Connect 2
2007-12-28 17:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-28 15:01 164,992 ----a-w C:\WINDOWS\system32\drivers\athsgt.sys
2007-12-28 15:01 12,544 ----a-w C:\WINDOWS\system32\drivers\limsgt.sys
2007-12-28 14:58 --------- d-----w C:\Programmi\Blue Label Entertainment
2007-12-28 13:09 --------- d-----w C:\Programmi\File comuni\LogiShrd
2007-12-28 13:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Logitech
2007-12-28 13:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Logishrd
2007-12-17 20:26 --------- d-----w C:\Programmi\SiS VGA Utilities V3.83
2007-12-17 19:43 --------- d-----w C:\Programmi\Imperivm Civitas
2007-12-17 19:39 --------- d--h--w C:\Programmi\FX Uninstall Information
2007-11-30 12:35 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-20 18:04 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-06-14 21:28 47,360 ----a-w C:\Documents and Settings\Utente\Dati applicazioni\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 90,112 2000-05-11 00:00:00 C:\WINDOWS\bak\UpdReg.EXE
----a-w 15,360 2004-08-19 04:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 04:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
----a-w 59,392 2004-08-19 04:00:00 C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe
----a-w 59,392 2004-08-19 04:00:00 C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe
----a-w 455,168 2004-08-19 04:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE
----a-w 455,168 2004-08-19 04:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe
----a-w 208,952 2004-08-19 04:00:00 C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-08-19 04:00:00 C:\WINDOWS\ime\imjp8_1\imjpmig.exe
----a-w 497,200 2006-06-26 08:46:04 C:\Programmi\File comuni\Logitech\LComMgr\bak\Communications_Helper.exe
----a-w 45,056 2005-05-11 17:15:08 C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe
----a-w 2,040 2007-05-03 00:36:40 C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.log
----a-w 2,040 2007-03-30 17:04:48 C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.log
----a-w 32,768 2004-11-02 19:24:46 C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe
----a-w 49,263 2006-11-09 14:07:30 C:\Programmi\Java\jre1.5.0_10\bin\bak\jusched.exe
----a-w 278,528 2006-06-14 15:24:14 C:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 57,344 2005-05-19 14:47:38 C:\Programmi\SlySoft\CloneCD\bak\CloneCDTray.exe
----a-w 171,448 2007-01-27 11:22:06 C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe
----a-w 200,069 2005-05-11 01:46:02 C:\Programmi\Syncrosoft\POS\H2O\bak\cledx.exe
----a-w 57,344 2003-08-19 10:01:32 C:\Programmi\Lexmark X1100 Series\bak\lxbkbmgr.exe
----a-w 972,432 2006-11-08 01:22:24 C:\Programmi\IGN\Download Manager\bak\DLM.exe
----a-w 108,160 2007-01-15 17:28:58 C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 79,224 2007-09-06 11:06:10 C:\Programmi\Alwil Software\Avast4\ashDisp.exe
----a-w 614,960 2006-06-26 09:34:40 C:\Programmi\Logitech\QuickCam10\bak\QuickCam10.exe
----a-w 397,312 2005-11-16 16:00:50 C:\Acer\Empowering Technology\eRecovery\bak\Monitor.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 05:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 19:31 68856]
"LDM"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-30 13:40 67128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-19 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 05:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06 79224]
"QuickTime Task"="C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe" [ ]
"SiSPower"="SiSPower.dll" [2007-10-03 15:58 53248 C:\WINDOWS\system32\SiSPower.dll]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"GSICONEXE"="GSICON.EXE" [2001-07-20 11:22 90112 C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2001-06-14 16:52 16384 C:\WINDOWS\system32\DSLAGENT.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 05:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
Logitech Desktop Messenger.lnk - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-30 13:40:51 67128]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2002-12-31 23:38:04 262144]
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R2 athsgt;athsgt;C:\WINDOWS\system32\DRIVERS\athsgt.sys [2007-12-28 16:01]
R2 limsgt;limsgt;C:\WINDOWS\system32\DRIVERS\limsgt.sys [2007-12-28 16:01]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 05:00]
S2 gafwload;Modem ADSL B-QUICK Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2001-07-22 21:50]
S3 emuumidi;E-MU USB-MIDI Driver;C:\WINDOWS\system32\drivers\emuumidi.sys [2005-04-27 01:43]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\rmvcpg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\yieyjtu.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\wlrow.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\yjwzxctn.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\gsnqiwdm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\atg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\wqgkygx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\eurjwlh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\ywrjrhf.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\gpvux.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\kicjy.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\ooptppo.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\wvq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\csiagade.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\uikx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\dtrr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\yxnpzj.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\hngjwba.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\rexo.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\jki.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\rtupv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\xoig.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\chuz.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\yersu.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\wwzvbbf.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\hanvhs.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\grrzvbl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\bhpzhnfi.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\fxfz.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ruh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\tyjwlq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\iphvw.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ihqlljeu.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\sybovkix.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\kothnch.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\vqxuftul.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\wcvdp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\iwgjk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\akuk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\sscpfgdq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\nggcnofm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\crp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\jnlbvrd.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\tkk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\whqnx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ilp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\xzig.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\dxs.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\rxt.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\goreafxl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\nkamwxss.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\atup.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ozmswhj.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ryu.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\xmmr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\pkt.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\gjg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\wrfhfzdx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\zvt.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\apumq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\hazv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ibzvpxx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\qqpyo.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\duxghfd.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\bweppe.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\tkju.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\sizlh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\vhuzso.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\dwvkq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\srqn.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\aigu.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\iexkmx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\wmhtlk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\dsgzlsrv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\znx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\gwnq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\fnwzmpr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\rwstuf.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\scfvi.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\uhkvv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\bwr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\qcafsalm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\kswwzdwb.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ijylgco.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\knusqlzd.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ypyypf.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\zxoeeor.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ltjb.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\shsc.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\qdmlgwde.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\wiys.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\texv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\cifc.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\znq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ywd.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\eilirdy.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\mppq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\txcwuzbr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\jyq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\zikhlkry.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\revwpzpo.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\heij.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ievdciwl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ydmv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\xepi.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\los.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\xiedh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ksyplr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\lrusppb.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\bwgzpsav.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\myjghh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\mda.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\pag.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\uxgl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\yef.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\jahd.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\qjzjoo.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\sssdtmns.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ije.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\buoywv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\qyqqiepu.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\kvngy.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ycesr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\drgrcjhj.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\yznk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\edgcb.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\tiugth.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ubjbjm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\sgreimb.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\tvkm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\xrzfv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\sbmdwj.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\buxofp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\cjuygj.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\cer.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\wljz.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\rhbstiyv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\tnlbsnmy.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\odymc.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\wbagcvr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\qccjit.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\pyjhctfs.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\kbc.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\sjpdcib.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\slcuy.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\oimyxp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\caeoevjq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\xlane.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\uld.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\jbcstv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\srr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\wrmyrcx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\oqzno.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\clojzkvl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\xqszg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\fbsr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\deor.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\iytdqo.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\elfzxhgg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\pkbo.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\maomsnbl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\sbiwz.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\dbjd.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\lwwix.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\xqpnu.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\wtnqbkzu.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\qmavuh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\komofpu.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\nujtjei.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\rktknuq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\kjabbg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\hauvpzw.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ujeh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\ayn.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\qmwnrjy.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\daym.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\sjmsppsq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\supmumk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:08 C:\WINDOWS\Tasks\xkupbu.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\zeiinwid.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\mgjhbblh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\lxaupfd.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\auzqtl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\lzqdjzai.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\gbqwgoe.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\dxfin.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\fzzucg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\quz.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\abgnpck.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\vpqek.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\swjcuda.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\whant.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\rrrsqge.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ajyjhpk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\airybv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\gjht.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\vvlkp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\hbsfe.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\jrza.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ntuwj.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\gbjrl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\zayc.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ovrt.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\cfcb.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\yrhlivs.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\dyebi.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\clyjl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ehezxu.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\bpgm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\jtti.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\szo.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\iwbgmp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\arpixq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\srspcfu.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\lifhlm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ajbvx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ztbwdshx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\rfvmtyfd.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\qrhnzqi.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\rzomgys.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\poao.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\jjpl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ajqoo.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ugo.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\gtxx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\xpqfzm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ueyobzrp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\iysebtgv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\gzsafiyp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\qealywq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\jelnlekv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\uql.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\brd.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\atxoept.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\zko.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\mdigvl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\thylk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\rchtevc.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\dvh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\wlpipopl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\sqw.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\gteaf.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\zjcq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\pipzmgiq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ymzcuxd.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\gcqeth.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\jmnazv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\lxa.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\vsr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\pjuozy.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\eksl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ckfhmvq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\tubng.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\qbetvf.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\xmvzoetj.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ytrxewrt.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\poqojbkk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\vlzwpm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ohx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\uctyudv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\targ.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\owdjsg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ebvinh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ndvmxpyy.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\qrvlzssk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\jwg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\tomdiyte.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\uuakf.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\tiid.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\dkv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\sen.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\xvibz.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\pkfyg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\blmvhvpl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\rbqa.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\swzwo.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\xwdyjga.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\pqdgm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\cdbn.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\pwzr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\gytvm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\embc.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\twk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\otpw.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\euk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\irtpj.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\atbcrk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\lvckyg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\btpj.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\msjgusxt.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\enwcy.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\prdva.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ccrqxcw.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ofxunbzw.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\nilzzg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\fkcq.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\jpmfi.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\nofn.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\riwwyynw.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\pozn.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\lbzeoavp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\cisyxba.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ebjfuutl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\ulqx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\bpetny.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\lttd.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\oyjwxutx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\yosphk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\kwu.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\uplujfpc.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\zzp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\hmh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\tdhpbm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\uvf.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\eohn.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\pytlbph.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\yslxwr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\izpjqxh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\bkytt.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\fwm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\xcmqmh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:06 C:\WINDOWS\Tasks\runqk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\wxenv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\sqsjurua.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\yevza.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\melm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\nsama.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\zuhm.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\spvye.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\oxqtta.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\ulvjd.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\ygvhfv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\efas.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\liktht.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\cvhlaiwy.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\hsxca.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\zihyzsl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\xaal.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\envg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\bszcc.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\krylqpyw.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\fcx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\mjtv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\eveoc.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\zry.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\skpjril.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\ddvamx.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\baijh.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\bfwmozt.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\eodc.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\rsdowo.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\nik.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\vebzydk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\wpvgr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\dsjf.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\mqcsy.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\syzuv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\ecojvzki.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\umtka.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\cia.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\wvvza.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\twnel.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\xtuowr.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\sdaecn.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\rvgbp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\qlugtyjp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\dshmdp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\kij.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\qpzclsqp.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\dkxa.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\ctl.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\qzuv.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\pdxdgxe.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\kzhsyk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\cofiui.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\owdqpja.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\jgb.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\rqov.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\alzdk.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\knys.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\bfcg.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\tszbcrlf.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:06:58 C:\WINDOWS\Tasks\hrof.job"
- c:\windows\system32\drvvxwit.exe
"2008-02-07 20:07:10 C:\WINDOWS\Tasks\fwwmvmfi.job"
- c:\windows\system32\drvvxwit.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 21:19:13
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-02-07 21.39.50
ComboFix-quarantined-files.txt 2008-02-07 20:39:18
Che faccio? Cambia qualcosa oppure faccio le procedure che mi ha indicato nell'ultimo post?
Stefano |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 07 Feb 2008 23:09 Oggetto: |
|
|
Facciamo prima altra pulizia...
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione: | Files to delete:
c:\windows\system32\drvvxwit.exe
C:\WINDOWS\Tasks\rmvcpg.job
C:\WINDOWS\Tasks\yieyjtu.job
C:\WINDOWS\Tasks\wlrow.job
C:\WINDOWS\Tasks\yjwzxctn.job
C:\WINDOWS\Tasks\gsnqiwdm.job
C:\WINDOWS\Tasks\atg.job
C:\WINDOWS\Tasks\wqgkygx.job
C:\WINDOWS\Tasks\eurjwlh.job
C:\WINDOWS\Tasks\ywrjrhf.job
C:\WINDOWS\Tasks\gpvux.job
C:\WINDOWS\Tasks\kicjy.job
C:\WINDOWS\Tasks\ooptppo.job
C:\WINDOWS\Tasks\wvq.job
C:\WINDOWS\Tasks\csiagade.job
C:\WINDOWS\Tasks\uikx.job
C:\WINDOWS\Tasks\dtrr.job
C:\WINDOWS\Tasks\yxnpzj.job
C:\WINDOWS\Tasks\hngjwba.job
C:\WINDOWS\Tasks\rexo.job
C:\WINDOWS\Tasks\jki.job
C:\WINDOWS\Tasks\rtupv.job
C:\WINDOWS\Tasks\xoig.job
C:\WINDOWS\Tasks\chuz.job
C:\WINDOWS\Tasks\yersu.job
C:\WINDOWS\Tasks\wwzvbbf.job
C:\WINDOWS\Tasks\hanvhs.job
C:\WINDOWS\Tasks\grrzvbl.job
C:\WINDOWS\Tasks\bhpzhnfi.job
C:\WINDOWS\Tasks\fxfz.job
C:\WINDOWS\Tasks\ruh.job
C:\WINDOWS\Tasks\tyjwlq.job
C:\WINDOWS\Tasks\iphvw.job
C:\WINDOWS\Tasks\ihqlljeu.job
C:\WINDOWS\Tasks\sybovkix.job
C:\WINDOWS\Tasks\kothnch.job
C:\WINDOWS\Tasks\vqxuftul.job
C:\WINDOWS\Tasks\wcvdp.job
C:\WINDOWS\Tasks\iwgjk.job
C:\WINDOWS\Tasks\akuk.job
C:\WINDOWS\Tasks\sscpfgdq.job
C:\WINDOWS\Tasks\nggcnofm.job
C:\WINDOWS\Tasks\crp.job
C:\WINDOWS\Tasks\jnlbvrd.job
C:\WINDOWS\Tasks\tkk.job
C:\WINDOWS\Tasks\whqnx.job
C:\WINDOWS\Tasks\ilp.job
C:\WINDOWS\Tasks\xzig.job
C:\WINDOWS\Tasks\dxs.job
C:\WINDOWS\Tasks\rxt.job
C:\WINDOWS\Tasks\goreafxl.job
C:\WINDOWS\Tasks\nkamwxss.job
C:\WINDOWS\Tasks\atup.job
C:\WINDOWS\Tasks\ozmswhj.job
C:\WINDOWS\Tasks\ryu.job
C:\WINDOWS\Tasks\xmmr.job
C:\WINDOWS\Tasks\pkt.job
C:\WINDOWS\Tasks\gjg.job
C:\WINDOWS\Tasks\wrfhfzdx.job
C:\WINDOWS\Tasks\zvt.job
C:\WINDOWS\Tasks\apumq.job
C:\WINDOWS\Tasks\hazv.job
C:\WINDOWS\Tasks\ibzvpxx.job
C:\WINDOWS\Tasks\qqpyo.job
C:\WINDOWS\Tasks\duxghfd.job
C:\WINDOWS\Tasks\bweppe.job
C:\WINDOWS\Tasks\tkju.job
C:\WINDOWS\Tasks\sizlh.job
C:\WINDOWS\Tasks\vhuzso.job
C:\WINDOWS\Tasks\dwvkq.job
C:\WINDOWS\Tasks\srqn.job
C:\WINDOWS\Tasks\aigu.job
C:\WINDOWS\Tasks\iexkmx.job
C:\WINDOWS\Tasks\wmhtlk.job
C:\WINDOWS\Tasks\dsgzlsrv.job
C:\WINDOWS\Tasks\znx.job
C:\WINDOWS\Tasks\gwnq.job
C:\WINDOWS\Tasks\fnwzmpr.job
C:\WINDOWS\Tasks\rwstuf.job
C:\WINDOWS\Tasks\scfvi.job
C:\WINDOWS\Tasks\uhkvv.job
C:\WINDOWS\Tasks\bwr.job
C:\WINDOWS\Tasks\qcafsalm.job
C:\WINDOWS\Tasks\kswwzdwb.job
C:\WINDOWS\Tasks\ijylgco.job
C:\WINDOWS\Tasks\knusqlzd.job
C:\WINDOWS\Tasks\ypyypf.job
C:\WINDOWS\Tasks\zxoeeor.job
C:\WINDOWS\Tasks\ltjb.job
C:\WINDOWS\Tasks\shsc.job
C:\WINDOWS\Tasks\qdmlgwde.job
C:\WINDOWS\Tasks\wiys.job
C:\WINDOWS\Tasks\texv.job
C:\WINDOWS\Tasks\cifc.job
C:\WINDOWS\Tasks\znq.job
C:\WINDOWS\Tasks\ywd.job
C:\WINDOWS\Tasks\eilirdy.job
C:\WINDOWS\Tasks\mppq.job
C:\WINDOWS\Tasks\txcwuzbr.job
C:\WINDOWS\Tasks\jyq.job
C:\WINDOWS\Tasks\zikhlkry.job
C:\WINDOWS\Tasks\revwpzpo.job
C:\WINDOWS\Tasks\heij.job
C:\WINDOWS\Tasks\ievdciwl.job
C:\WINDOWS\Tasks\ydmv.job
C:\WINDOWS\Tasks\xepi.job
C:\WINDOWS\Tasks\los.job
C:\WINDOWS\Tasks\xiedh.job
C:\WINDOWS\Tasks\ksyplr.job
C:\WINDOWS\Tasks\lrusppb.job
C:\WINDOWS\Tasks\bwgzpsav.job
C:\WINDOWS\Tasks\myjghh.job
C:\WINDOWS\Tasks\mda.job
C:\WINDOWS\Tasks\pag.job
C:\WINDOWS\Tasks\uxgl.job
C:\WINDOWS\Tasks\yef.job
C:\WINDOWS\Tasks\jahd.job
C:\WINDOWS\Tasks\qjzjoo.job
C:\WINDOWS\Tasks\sssdtmns.job
C:\WINDOWS\Tasks\ije.job
C:\WINDOWS\Tasks\buoywv.job
C:\WINDOWS\Tasks\qyqqiepu.job
C:\WINDOWS\Tasks\kvngy.job
C:\WINDOWS\Tasks\ycesr.job
C:\WINDOWS\Tasks\drgrcjhj.job
C:\WINDOWS\Tasks\yznk.job
C:\WINDOWS\Tasks\edgcb.job
C:\WINDOWS\Tasks\tiugth.job
C:\WINDOWS\Tasks\ubjbjm.job
C:\WINDOWS\Tasks\sgreimb.job
C:\WINDOWS\Tasks\tvkm.job
C:\WINDOWS\Tasks\xrzfv.job
C:\WINDOWS\Tasks\sbmdwj.job
C:\WINDOWS\Tasks\buxofp.job
C:\WINDOWS\Tasks\cjuygj.job
C:\WINDOWS\Tasks\cer.job
C:\WINDOWS\Tasks\wljz.job
C:\WINDOWS\Tasks\rhbstiyv.job
C:\WINDOWS\Tasks\tnlbsnmy.job
C:\WINDOWS\Tasks\odymc.job
C:\WINDOWS\Tasks\wbagcvr.job
C:\WINDOWS\Tasks\qccjit.job
C:\WINDOWS\Tasks\pyjhctfs.job
C:\WINDOWS\Tasks\kbc.job
C:\WINDOWS\Tasks\sjpdcib.job
C:\WINDOWS\Tasks\slcuy.job
C:\WINDOWS\Tasks\oimyxp.job
C:\WINDOWS\Tasks\caeoevjq.job
C:\WINDOWS\Tasks\xlane.job
C:\WINDOWS\Tasks\uld.job
C:\WINDOWS\Tasks\jbcstv.job
C:\WINDOWS\Tasks\srr.job
C:\WINDOWS\Tasks\wrmyrcx.job
C:\WINDOWS\Tasks\oqzno.job
C:\WINDOWS\Tasks\clojzkvl.job
C:\WINDOWS\Tasks\xqszg.job
C:\WINDOWS\Tasks\fbsr.job
C:\WINDOWS\Tasks\deor.job
C:\WINDOWS\Tasks\iytdqo.job
C:\WINDOWS\Tasks\elfzxhgg.job
C:\WINDOWS\Tasks\pkbo.job
C:\WINDOWS\Tasks\maomsnbl.job
C:\WINDOWS\Tasks\sbiwz.job
C:\WINDOWS\Tasks\dbjd.job
C:\WINDOWS\Tasks\lwwix.job
C:\WINDOWS\Tasks\xqpnu.job
C:\WINDOWS\Tasks\wtnqbkzu.job
C:\WINDOWS\Tasks\qmavuh.job
C:\WINDOWS\Tasks\komofpu.job
C:\WINDOWS\Tasks\nujtjei.job
C:\WINDOWS\Tasks\rktknuq.job
C:\WINDOWS\Tasks\kjabbg.job
C:\WINDOWS\Tasks\hauvpzw.job
C:\WINDOWS\Tasks\ujeh.job
C:\WINDOWS\Tasks\ayn.job
C:\WINDOWS\Tasks\qmwnrjy.job
C:\WINDOWS\Tasks\daym.job
C:\WINDOWS\Tasks\sjmsppsq.job
C:\WINDOWS\Tasks\supmumk.job
C:\WINDOWS\Tasks\xkupbu.job
C:\WINDOWS\Tasks\zeiinwid.job
C:\WINDOWS\Tasks\mgjhbblh.job
C:\WINDOWS\Tasks\lxaupfd.job
C:\WINDOWS\Tasks\auzqtl.job
C:\WINDOWS\Tasks\lzqdjzai.job
C:\WINDOWS\Tasks\gbqwgoe.job
C:\WINDOWS\Tasks\dxfin.job
C:\WINDOWS\Tasks\fzzucg.job
C:\WINDOWS\Tasks\quz.job
C:\WINDOWS\Tasks\abgnpck.job
C:\WINDOWS\Tasks\vpqek.job
C:\WINDOWS\Tasks\swjcuda.job
C:\WINDOWS\Tasks\whant.job
C:\WINDOWS\Tasks\rrrsqge.job
C:\WINDOWS\Tasks\ajyjhpk.job
C:\WINDOWS\Tasks\airybv.job
C:\WINDOWS\Tasks\gjht.job
C:\WINDOWS\Tasks\vvlkp.job
C:\WINDOWS\Tasks\hbsfe.job
C:\WINDOWS\Tasks\jrza.job
C:\WINDOWS\Tasks\ntuwj.job
C:\WINDOWS\Tasks\gbjrl.job
C:\WINDOWS\Tasks\zayc.job
C:\WINDOWS\Tasks\ovrt.job
C:\WINDOWS\Tasks\cfcb.job
C:\WINDOWS\Tasks\yrhlivs.job
C:\WINDOWS\Tasks\dyebi.job
C:\WINDOWS\Tasks\clyjl.job
C:\WINDOWS\Tasks\ehezxu.job
C:\WINDOWS\Tasks\bpgm.job
C:\WINDOWS\Tasks\jtti.job
C:\WINDOWS\Tasks\szo.job
C:\WINDOWS\Tasks\iwbgmp.job
C:\WINDOWS\Tasks\arpixq.job
C:\WINDOWS\Tasks\srspcfu.job
C:\WINDOWS\Tasks\lifhlm.job
C:\WINDOWS\Tasks\ajbvx.job
C:\WINDOWS\Tasks\ztbwdshx.job
C:\WINDOWS\Tasks\rfvmtyfd.job
C:\WINDOWS\Tasks\qrhnzqi.job
C:\WINDOWS\Tasks\rzomgys.job
C:\WINDOWS\Tasks\poao.job
C:\WINDOWS\Tasks\jjpl.job
C:\WINDOWS\Tasks\ajqoo.job
C:\WINDOWS\Tasks\ugo.job
C:\WINDOWS\Tasks\gtxx.job
C:\WINDOWS\Tasks\xpqfzm.job
C:\WINDOWS\Tasks\ueyobzrp.job
C:\WINDOWS\Tasks\iysebtgv.job
C:\WINDOWS\Tasks\gzsafiyp.job
C:\WINDOWS\Tasks\qealywq.job
C:\WINDOWS\Tasks\jelnlekv.job
C:\WINDOWS\Tasks\uql.job
C:\WINDOWS\Tasks\brd.job
C:\WINDOWS\Tasks\atxoept.job
C:\WINDOWS\Tasks\zko.job
C:\WINDOWS\Tasks\mdigvl.job
C:\WINDOWS\Tasks\thylk.job
C:\WINDOWS\Tasks\rchtevc.job
C:\WINDOWS\Tasks\dvh.job
C:\WINDOWS\Tasks\wlpipopl.job
C:\WINDOWS\Tasks\sqw.job
C:\WINDOWS\Tasks\gteaf.job
C:\WINDOWS\Tasks\zjcq.job
C:\WINDOWS\Tasks\pipzmgiq.job
C:\WINDOWS\Tasks\ymzcuxd.job
C:\WINDOWS\Tasks\gcqeth.job
C:\WINDOWS\Tasks\jmnazv.job
C:\WINDOWS\Tasks\lxa.job
C:\WINDOWS\Tasks\vsr.job
C:\WINDOWS\Tasks\pjuozy.job
C:\WINDOWS\Tasks\eksl.job
C:\WINDOWS\Tasks\ckfhmvq.job
C:\WINDOWS\Tasks\tubng.job
C:\WINDOWS\Tasks\qbetvf.job
C:\WINDOWS\Tasks\xmvzoetj.job
C:\WINDOWS\Tasks\ytrxewrt.job
C:\WINDOWS\Tasks\poqojbkk.job
C:\WINDOWS\Tasks\vlzwpm.job
C:\WINDOWS\Tasks\ohx.job
C:\WINDOWS\Tasks\uctyudv.job
C:\WINDOWS\Tasks\targ.job
C:\WINDOWS\Tasks\owdjsg.job
C:\WINDOWS\Tasks\ebvinh.job
C:\WINDOWS\Tasks\ndvmxpyy.job
C:\WINDOWS\Tasks\qrvlzssk.job
C:\WINDOWS\Tasks\jwg.job
C:\WINDOWS\Tasks\tomdiyte.job
C:\WINDOWS\Tasks\uuakf.job
C:\WINDOWS\Tasks\tiid.job
C:\WINDOWS\Tasks\dkv.job
C:\WINDOWS\Tasks\sen.job
C:\WINDOWS\Tasks\xvibz.job
C:\WINDOWS\Tasks\pkfyg.job
C:\WINDOWS\Tasks\blmvhvpl.job
C:\WINDOWS\Tasks\rbqa.job
C:\WINDOWS\Tasks\swzwo.job
C:\WINDOWS\Tasks\xwdyjga.job
C:\WINDOWS\Tasks\pqdgm.job
C:\WINDOWS\Tasks\cdbn.job
C:\WINDOWS\Tasks\pwzr.job
C:\WINDOWS\Tasks\gytvm.job
C:\WINDOWS\Tasks\embc.job
C:\WINDOWS\Tasks\twk.job
C:\WINDOWS\Tasks\otpw.job
C:\WINDOWS\Tasks\euk.job
C:\WINDOWS\Tasks\irtpj.job
C:\WINDOWS\Tasks\atbcrk.job
C:\WINDOWS\Tasks\lvckyg.job
C:\WINDOWS\Tasks\btpj.job
C:\WINDOWS\Tasks\msjgusxt.job
C:\WINDOWS\Tasks\enwcy.job
C:\WINDOWS\Tasks\prdva.job
C:\WINDOWS\Tasks\ccrqxcw.job
C:\WINDOWS\Tasks\ofxunbzw.job
C:\WINDOWS\Tasks\nilzzg.job
C:\WINDOWS\Tasks\fkcq.job
C:\WINDOWS\Tasks\jpmfi.job
C:\WINDOWS\Tasks\nofn.job
C:\WINDOWS\Tasks\riwwyynw.job
C:\WINDOWS\Tasks\pozn.job
C:\WINDOWS\Tasks\lbzeoavp.job
C:\WINDOWS\Tasks\cisyxba.job
C:\WINDOWS\Tasks\ebjfuutl.job
C:\WINDOWS\Tasks\ulqx.job
C:\WINDOWS\Tasks\bpetny.job
C:\WINDOWS\Tasks\lttd.job
C:\WINDOWS\Tasks\oyjwxutx.job
C:\WINDOWS\Tasks\yosphk.job
C:\WINDOWS\Tasks\kwu.job
C:\WINDOWS\Tasks\uplujfpc.job
C:\WINDOWS\Tasks\zzp.job
C:\WINDOWS\Tasks\hmh.job
C:\WINDOWS\Tasks\tdhpbm.job
C:\WINDOWS\Tasks\uvf.job
C:\WINDOWS\Tasks\eohn.job
C:\WINDOWS\Tasks\pytlbph.job
C:\WINDOWS\Tasks\yslxwr.job
C:\WINDOWS\Tasks\izpjqxh.job
C:\WINDOWS\Tasks\bkytt.job
C:\WINDOWS\Tasks\fwm.job
C:\WINDOWS\Tasks\xcmqmh.job
C:\WINDOWS\Tasks\runqk.job
C:\WINDOWS\Tasks\wxenv.job
C:\WINDOWS\Tasks\sqsjurua.job
C:\WINDOWS\Tasks\yevza.job
C:\WINDOWS\Tasks\melm.job
C:\WINDOWS\Tasks\nsama.job
C:\WINDOWS\Tasks\zuhm.job
C:\WINDOWS\Tasks\spvye.job
C:\WINDOWS\Tasks\oxqtta.job
C:\WINDOWS\Tasks\ulvjd.job
C:\WINDOWS\Tasks\ygvhfv.job
C:\WINDOWS\Tasks\efas.job
C:\WINDOWS\Tasks\liktht.job
C:\WINDOWS\Tasks\cvhlaiwy.job
C:\WINDOWS\Tasks\hsxca.job
C:\WINDOWS\Tasks\zihyzsl.job
C:\WINDOWS\Tasks\xaal.job
C:\WINDOWS\Tasks\envg.job
C:\WINDOWS\Tasks\bszcc.job
C:\WINDOWS\Tasks\krylqpyw.job
C:\WINDOWS\Tasks\fcx.job
C:\WINDOWS\Tasks\mjtv.job
C:\WINDOWS\Tasks\eveoc.job
C:\WINDOWS\Tasks\zry.job
C:\WINDOWS\Tasks\skpjril.job
C:\WINDOWS\Tasks\ddvamx.job
C:\WINDOWS\Tasks\baijh.job
C:\WINDOWS\Tasks\bfwmozt.job
C:\WINDOWS\Tasks\eodc.job
C:\WINDOWS\Tasks\rsdowo.job
C:\WINDOWS\Tasks\nik.job
C:\WINDOWS\Tasks\vebzydk.job
C:\WINDOWS\Tasks\wpvgr.job
C:\WINDOWS\Tasks\dsjf.job
C:\WINDOWS\Tasks\mqcsy.job
C:\WINDOWS\Tasks\syzuv.job
C:\WINDOWS\Tasks\ecojvzki.job
C:\WINDOWS\Tasks\umtka.job
C:\WINDOWS\Tasks\cia.job
C:\WINDOWS\Tasks\wvvza.job
C:\WINDOWS\Tasks\twnel.job
C:\WINDOWS\Tasks\xtuowr.job
C:\WINDOWS\Tasks\sdaecn.job
C:\WINDOWS\Tasks\rvgbp.job
C:\WINDOWS\Tasks\qlugtyjp.job
C:\WINDOWS\Tasks\dshmdp.job
C:\WINDOWS\Tasks\kij.job
C:\WINDOWS\Tasks\qpzclsqp.job
C:\WINDOWS\Tasks\dkxa.job
C:\WINDOWS\Tasks\ctl.job
C:\WINDOWS\Tasks\qzuv.job
C:\WINDOWS\Tasks\pdxdgxe.job
C:\WINDOWS\Tasks\kzhsyk.job
C:\WINDOWS\Tasks\cofiui.job
C:\WINDOWS\Tasks\owdqpja.job
C:\WINDOWS\Tasks\jgb.job
C:\WINDOWS\Tasks\rqov.job
C:\WINDOWS\Tasks\alzdk.job
C:\WINDOWS\Tasks\knys.job
C:\WINDOWS\Tasks\bfcg.job
C:\WINDOWS\Tasks\tszbcrlf.job
C:\WINDOWS\Tasks\hrof.job
C:\WINDOWS\Tasks\fwwmvmfi.job |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Adesso, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato. |
|
Top |
|
 |
avva_necate Mortale pio

Registrato: 07/02/08 14:35 Messaggi: 15
|
Inviato: 10 Feb 2008 20:02 Oggetto: |
|
|
Ciao bdoriano, e grazie di avermi seguito fino a questo punto. Allora, ho seguito le tue istruzioni. Qui sotto trovi il report di Avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tlduxqsy
*******************
Script file located at: \??\C:\Documents and Settings\dkojhwll.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File c:\windows\system32\drvvxwit.exe deleted successfully.
File C:\WINDOWS\Tasks\rmvcpg.job deleted successfully.
File C:\WINDOWS\Tasks\yieyjtu.job deleted successfully.
File C:\WINDOWS\Tasks\wlrow.job deleted successfully.
File C:\WINDOWS\Tasks\yjwzxctn.job deleted successfully.
File C:\WINDOWS\Tasks\gsnqiwdm.job deleted successfully.
File C:\WINDOWS\Tasks\atg.job deleted successfully.
File C:\WINDOWS\Tasks\wqgkygx.job deleted successfully.
File C:\WINDOWS\Tasks\eurjwlh.job deleted successfully.
File C:\WINDOWS\Tasks\ywrjrhf.job deleted successfully.
File C:\WINDOWS\Tasks\gpvux.job deleted successfully.
File C:\WINDOWS\Tasks\kicjy.job deleted successfully.
File C:\WINDOWS\Tasks\ooptppo.job deleted successfully.
File C:\WINDOWS\Tasks\wvq.job deleted successfully.
File C:\WINDOWS\Tasks\csiagade.job deleted successfully.
File C:\WINDOWS\Tasks\uikx.job deleted successfully.
File C:\WINDOWS\Tasks\dtrr.job deleted successfully.
File C:\WINDOWS\Tasks\yxnpzj.job deleted successfully.
File C:\WINDOWS\Tasks\hngjwba.job deleted successfully.
File C:\WINDOWS\Tasks\rexo.job deleted successfully.
File C:\WINDOWS\Tasks\jki.job deleted successfully.
File C:\WINDOWS\Tasks\rtupv.job deleted successfully.
File C:\WINDOWS\Tasks\xoig.job deleted successfully.
File C:\WINDOWS\Tasks\chuz.job deleted successfully.
File C:\WINDOWS\Tasks\yersu.job deleted successfully.
File C:\WINDOWS\Tasks\wwzvbbf.job deleted successfully.
File C:\WINDOWS\Tasks\hanvhs.job deleted successfully.
File C:\WINDOWS\Tasks\grrzvbl.job deleted successfully.
File C:\WINDOWS\Tasks\bhpzhnfi.job deleted successfully.
File C:\WINDOWS\Tasks\fxfz.job deleted successfully.
File C:\WINDOWS\Tasks\ruh.job deleted successfully.
File C:\WINDOWS\Tasks\tyjwlq.job deleted successfully.
File C:\WINDOWS\Tasks\iphvw.job deleted successfully.
File C:\WINDOWS\Tasks\ihqlljeu.job deleted successfully.
File C:\WINDOWS\Tasks\sybovkix.job deleted successfully.
File C:\WINDOWS\Tasks\kothnch.job deleted successfully.
File C:\WINDOWS\Tasks\vqxuftul.job deleted successfully.
File C:\WINDOWS\Tasks\wcvdp.job deleted successfully.
File C:\WINDOWS\Tasks\iwgjk.job deleted successfully.
File C:\WINDOWS\Tasks\akuk.job deleted successfully.
File C:\WINDOWS\Tasks\sscpfgdq.job deleted successfully.
File C:\WINDOWS\Tasks\nggcnofm.job deleted successfully.
File C:\WINDOWS\Tasks\crp.job deleted successfully.
File C:\WINDOWS\Tasks\jnlbvrd.job deleted successfully.
File C:\WINDOWS\Tasks\tkk.job deleted successfully.
File C:\WINDOWS\Tasks\whqnx.job deleted successfully.
File C:\WINDOWS\Tasks\ilp.job deleted successfully.
File C:\WINDOWS\Tasks\xzig.job deleted successfully.
File C:\WINDOWS\Tasks\dxs.job deleted successfully.
File C:\WINDOWS\Tasks\rxt.job deleted successfully.
File C:\WINDOWS\Tasks\goreafxl.job deleted successfully.
File C:\WINDOWS\Tasks\nkamwxss.job deleted successfully.
File C:\WINDOWS\Tasks\atup.job deleted successfully.
File C:\WINDOWS\Tasks\ozmswhj.job deleted successfully.
File C:\WINDOWS\Tasks\ryu.job deleted successfully.
File C:\WINDOWS\Tasks\xmmr.job deleted successfully.
File C:\WINDOWS\Tasks\pkt.job deleted successfully.
File C:\WINDOWS\Tasks\gjg.job deleted successfully.
File C:\WINDOWS\Tasks\wrfhfzdx.job deleted successfully.
File C:\WINDOWS\Tasks\zvt.job deleted successfully.
File C:\WINDOWS\Tasks\apumq.job deleted successfully.
File C:\WINDOWS\Tasks\hazv.job deleted successfully.
File C:\WINDOWS\Tasks\ibzvpxx.job deleted successfully.
File C:\WINDOWS\Tasks\qqpyo.job deleted successfully.
File C:\WINDOWS\Tasks\duxghfd.job deleted successfully.
File C:\WINDOWS\Tasks\bweppe.job deleted successfully.
File C:\WINDOWS\Tasks\tkju.job deleted successfully.
File C:\WINDOWS\Tasks\sizlh.job deleted successfully.
File C:\WINDOWS\Tasks\vhuzso.job deleted successfully.
File C:\WINDOWS\Tasks\dwvkq.job deleted successfully.
File C:\WINDOWS\Tasks\srqn.job deleted successfully.
File C:\WINDOWS\Tasks\aigu.job deleted successfully.
File C:\WINDOWS\Tasks\iexkmx.job deleted successfully.
File C:\WINDOWS\Tasks\wmhtlk.job deleted successfully.
File C:\WINDOWS\Tasks\dsgzlsrv.job deleted successfully.
File C:\WINDOWS\Tasks\znx.job deleted successfully.
File C:\WINDOWS\Tasks\gwnq.job deleted successfully.
File C:\WINDOWS\Tasks\fnwzmpr.job deleted successfully.
File C:\WINDOWS\Tasks\rwstuf.job deleted successfully.
File C:\WINDOWS\Tasks\scfvi.job deleted successfully.
File C:\WINDOWS\Tasks\uhkvv.job deleted successfully.
File C:\WINDOWS\Tasks\bwr.job deleted successfully.
File C:\WINDOWS\Tasks\qcafsalm.job deleted successfully.
File C:\WINDOWS\Tasks\kswwzdwb.job deleted successfully.
File C:\WINDOWS\Tasks\ijylgco.job deleted successfully.
File C:\WINDOWS\Tasks\knusqlzd.job deleted successfully.
File C:\WINDOWS\Tasks\ypyypf.job deleted successfully.
File C:\WINDOWS\Tasks\zxoeeor.job deleted successfully.
File C:\WINDOWS\Tasks\ltjb.job deleted successfully.
File C:\WINDOWS\Tasks\shsc.job deleted successfully.
File C:\WINDOWS\Tasks\qdmlgwde.job deleted successfully.
File C:\WINDOWS\Tasks\wiys.job deleted successfully.
File C:\WINDOWS\Tasks\texv.job deleted successfully.
File C:\WINDOWS\Tasks\cifc.job deleted successfully.
File C:\WINDOWS\Tasks\znq.job deleted successfully.
File C:\WINDOWS\Tasks\ywd.job deleted successfully.
File C:\WINDOWS\Tasks\eilirdy.job deleted successfully.
File C:\WINDOWS\Tasks\mppq.job deleted successfully.
File C:\WINDOWS\Tasks\txcwuzbr.job deleted successfully.
File C:\WINDOWS\Tasks\jyq.job deleted successfully.
File C:\WINDOWS\Tasks\zikhlkry.job deleted successfully.
File C:\WINDOWS\Tasks\revwpzpo.job deleted successfully.
File C:\WINDOWS\Tasks\heij.job deleted successfully.
File C:\WINDOWS\Tasks\ievdciwl.job deleted successfully.
File C:\WINDOWS\Tasks\ydmv.job deleted successfully.
File C:\WINDOWS\Tasks\xepi.job deleted successfully.
File C:\WINDOWS\Tasks\los.job deleted successfully.
File C:\WINDOWS\Tasks\xiedh.job deleted successfully.
File C:\WINDOWS\Tasks\ksyplr.job deleted successfully.
File C:\WINDOWS\Tasks\lrusppb.job deleted successfully.
File C:\WINDOWS\Tasks\bwgzpsav.job deleted successfully.
File C:\WINDOWS\Tasks\myjghh.job deleted successfully.
File C:\WINDOWS\Tasks\mda.job deleted successfully.
File C:\WINDOWS\Tasks\pag.job deleted successfully.
File C:\WINDOWS\Tasks\uxgl.job deleted successfully.
File C:\WINDOWS\Tasks\yef.job deleted successfully.
File C:\WINDOWS\Tasks\jahd.job deleted successfully.
File C:\WINDOWS\Tasks\qjzjoo.job deleted successfully.
File C:\WINDOWS\Tasks\sssdtmns.job deleted successfully.
File C:\WINDOWS\Tasks\ije.job deleted successfully.
File C:\WINDOWS\Tasks\buoywv.job deleted successfully.
File C:\WINDOWS\Tasks\qyqqiepu.job deleted successfully.
File C:\WINDOWS\Tasks\kvngy.job deleted successfully.
File C:\WINDOWS\Tasks\ycesr.job deleted successfully.
File C:\WINDOWS\Tasks\drgrcjhj.job deleted successfully.
File C:\WINDOWS\Tasks\yznk.job deleted successfully.
File C:\WINDOWS\Tasks\edgcb.job deleted successfully.
File C:\WINDOWS\Tasks\tiugth.job deleted successfully.
File C:\WINDOWS\Tasks\ubjbjm.job deleted successfully.
File C:\WINDOWS\Tasks\sgreimb.job deleted successfully.
File C:\WINDOWS\Tasks\tvkm.job deleted successfully.
File C:\WINDOWS\Tasks\xrzfv.job deleted successfully.
File C:\WINDOWS\Tasks\sbmdwj.job deleted successfully.
File C:\WINDOWS\Tasks\buxofp.job deleted successfully.
File C:\WINDOWS\Tasks\cjuygj.job deleted successfully.
File C:\WINDOWS\Tasks\cer.job deleted successfully.
File C:\WINDOWS\Tasks\wljz.job deleted successfully.
File C:\WINDOWS\Tasks\rhbstiyv.job deleted successfully.
File C:\WINDOWS\Tasks\tnlbsnmy.job deleted successfully.
File C:\WINDOWS\Tasks\odymc.job deleted successfully.
File C:\WINDOWS\Tasks\wbagcvr.job deleted successfully.
File C:\WINDOWS\Tasks\qccjit.job deleted successfully.
File C:\WINDOWS\Tasks\pyjhctfs.job deleted successfully.
File C:\WINDOWS\Tasks\kbc.job deleted successfully.
File C:\WINDOWS\Tasks\sjpdcib.job deleted successfully.
File C:\WINDOWS\Tasks\slcuy.job deleted successfully.
File C:\WINDOWS\Tasks\oimyxp.job deleted successfully.
File C:\WINDOWS\Tasks\caeoevjq.job deleted successfully.
File C:\WINDOWS\Tasks\xlane.job deleted successfully.
File C:\WINDOWS\Tasks\uld.job deleted successfully.
File C:\WINDOWS\Tasks\jbcstv.job deleted successfully.
File C:\WINDOWS\Tasks\srr.job deleted successfully.
File C:\WINDOWS\Tasks\wrmyrcx.job deleted successfully.
File C:\WINDOWS\Tasks\oqzno.job deleted successfully.
File C:\WINDOWS\Tasks\clojzkvl.job deleted successfully.
File C:\WINDOWS\Tasks\xqszg.job deleted successfully.
File C:\WINDOWS\Tasks\fbsr.job deleted successfully.
File C:\WINDOWS\Tasks\deor.job deleted successfully.
File C:\WINDOWS\Tasks\iytdqo.job deleted successfully.
File C:\WINDOWS\Tasks\elfzxhgg.job deleted successfully.
File C:\WINDOWS\Tasks\pkbo.job deleted successfully.
File C:\WINDOWS\Tasks\maomsnbl.job deleted successfully.
File C:\WINDOWS\Tasks\sbiwz.job deleted successfully.
File C:\WINDOWS\Tasks\dbjd.job deleted successfully.
File C:\WINDOWS\Tasks\lwwix.job deleted successfully.
File C:\WINDOWS\Tasks\xqpnu.job deleted successfully.
File C:\WINDOWS\Tasks\wtnqbkzu.job deleted successfully.
File C:\WINDOWS\Tasks\qmavuh.job deleted successfully.
File C:\WINDOWS\Tasks\komofpu.job deleted successfully.
File C:\WINDOWS\Tasks\nujtjei.job deleted successfully.
File C:\WINDOWS\Tasks\rktknuq.job deleted successfully.
File C:\WINDOWS\Tasks\kjabbg.job deleted successfully.
File C:\WINDOWS\Tasks\hauvpzw.job deleted successfully.
File C:\WINDOWS\Tasks\ujeh.job deleted successfully.
File C:\WINDOWS\Tasks\ayn.job deleted successfully.
File C:\WINDOWS\Tasks\qmwnrjy.job deleted successfully.
File C:\WINDOWS\Tasks\daym.job deleted successfully.
File C:\WINDOWS\Tasks\sjmsppsq.job deleted successfully.
File C:\WINDOWS\Tasks\supmumk.job deleted successfully.
File C:\WINDOWS\Tasks\xkupbu.job deleted successfully.
File C:\WINDOWS\Tasks\zeiinwid.job deleted successfully.
File C:\WINDOWS\Tasks\mgjhbblh.job deleted successfully.
File C:\WINDOWS\Tasks\lxaupfd.job deleted successfully.
File C:\WINDOWS\Tasks\auzqtl.job deleted successfully.
File C:\WINDOWS\Tasks\lzqdjzai.job deleted successfully.
File C:\WINDOWS\Tasks\gbqwgoe.job deleted successfully.
File C:\WINDOWS\Tasks\dxfin.job deleted successfully.
File C:\WINDOWS\Tasks\fzzucg.job deleted successfully.
File C:\WINDOWS\Tasks\quz.job deleted successfully.
File C:\WINDOWS\Tasks\abgnpck.job deleted successfully.
File C:\WINDOWS\Tasks\vpqek.job deleted successfully.
File C:\WINDOWS\Tasks\swjcuda.job deleted successfully.
File C:\WINDOWS\Tasks\whant.job deleted successfully.
File C:\WINDOWS\Tasks\rrrsqge.job deleted successfully.
File C:\WINDOWS\Tasks\ajyjhpk.job deleted successfully.
File C:\WINDOWS\Tasks\airybv.job deleted successfully.
File C:\WINDOWS\Tasks\gjht.job deleted successfully.
File C:\WINDOWS\Tasks\vvlkp.job deleted successfully.
File C:\WINDOWS\Tasks\hbsfe.job deleted successfully.
File C:\WINDOWS\Tasks\jrza.job deleted successfully.
File C:\WINDOWS\Tasks\ntuwj.job deleted successfully.
File C:\WINDOWS\Tasks\gbjrl.job deleted successfully.
File C:\WINDOWS\Tasks\zayc.job deleted successfully.
File C:\WINDOWS\Tasks\ovrt.job deleted successfully.
File C:\WINDOWS\Tasks\cfcb.job deleted successfully.
File C:\WINDOWS\Tasks\yrhlivs.job deleted successfully.
File C:\WINDOWS\Tasks\dyebi.job deleted successfully.
File C:\WINDOWS\Tasks\clyjl.job deleted successfully.
File C:\WINDOWS\Tasks\ehezxu.job deleted successfully.
File C:\WINDOWS\Tasks\bpgm.job deleted successfully.
File C:\WINDOWS\Tasks\jtti.job deleted successfully.
File C:\WINDOWS\Tasks\szo.job deleted successfully.
File C:\WINDOWS\Tasks\iwbgmp.job deleted successfully.
File C:\WINDOWS\Tasks\arpixq.job deleted successfully.
File C:\WINDOWS\Tasks\srspcfu.job deleted successfully.
File C:\WINDOWS\Tasks\lifhlm.job deleted successfully.
File C:\WINDOWS\Tasks\ajbvx.job deleted successfully.
File C:\WINDOWS\Tasks\ztbwdshx.job deleted successfully.
File C:\WINDOWS\Tasks\rfvmtyfd.job deleted successfully.
File C:\WINDOWS\Tasks\qrhnzqi.job deleted successfully.
File C:\WINDOWS\Tasks\rzomgys.job deleted successfully.
File C:\WINDOWS\Tasks\poao.job deleted successfully.
File C:\WINDOWS\Tasks\jjpl.job deleted successfully.
File C:\WINDOWS\Tasks\ajqoo.job deleted successfully.
File C:\WINDOWS\Tasks\ugo.job deleted successfully.
File C:\WINDOWS\Tasks\gtxx.job deleted successfully.
File C:\WINDOWS\Tasks\xpqfzm.job deleted successfully.
File C:\WINDOWS\Tasks\ueyobzrp.job deleted successfully.
File C:\WINDOWS\Tasks\iysebtgv.job deleted successfully.
File C:\WINDOWS\Tasks\gzsafiyp.job deleted successfully.
File C:\WINDOWS\Tasks\qealywq.job deleted successfully.
File C:\WINDOWS\Tasks\jelnlekv.job deleted successfully.
File C:\WINDOWS\Tasks\uql.job deleted successfully.
File C:\WINDOWS\Tasks\brd.job deleted successfully.
File C:\WINDOWS\Tasks\atxoept.job deleted successfully.
File C:\WINDOWS\Tasks\zko.job deleted successfully.
File C:\WINDOWS\Tasks\mdigvl.job deleted successfully.
File C:\WINDOWS\Tasks\thylk.job deleted successfully.
File C:\WINDOWS\Tasks\rchtevc.job deleted successfully.
File C:\WINDOWS\Tasks\dvh.job deleted successfully.
File C:\WINDOWS\Tasks\wlpipopl.job deleted successfully.
File C:\WINDOWS\Tasks\sqw.job deleted successfully.
File C:\WINDOWS\Tasks\gteaf.job deleted successfully.
File C:\WINDOWS\Tasks\zjcq.job deleted successfully.
File C:\WINDOWS\Tasks\pipzmgiq.job deleted successfully.
File C:\WINDOWS\Tasks\ymzcuxd.job deleted successfully.
File C:\WINDOWS\Tasks\gcqeth.job deleted successfully.
File C:\WINDOWS\Tasks\jmnazv.job deleted successfully.
File C:\WINDOWS\Tasks\lxa.job deleted successfully.
File C:\WINDOWS\Tasks\vsr.job deleted successfully.
File C:\WINDOWS\Tasks\pjuozy.job deleted successfully.
File C:\WINDOWS\Tasks\eksl.job deleted successfully.
File C:\WINDOWS\Tasks\ckfhmvq.job deleted successfully.
File C:\WINDOWS\Tasks\tubng.job deleted successfully.
File C:\WINDOWS\Tasks\qbetvf.job deleted successfully.
File C:\WINDOWS\Tasks\xmvzoetj.job deleted successfully.
File C:\WINDOWS\Tasks\ytrxewrt.job deleted successfully.
File C:\WINDOWS\Tasks\poqojbkk.job deleted successfully.
File C:\WINDOWS\Tasks\vlzwpm.job deleted successfully.
File C:\WINDOWS\Tasks\ohx.job deleted successfully.
File C:\WINDOWS\Tasks\uctyudv.job deleted successfully.
File C:\WINDOWS\Tasks\targ.job deleted successfully.
File C:\WINDOWS\Tasks\owdjsg.job deleted successfully.
File C:\WINDOWS\Tasks\ebvinh.job deleted successfully.
File C:\WINDOWS\Tasks\ndvmxpyy.job deleted successfully.
File C:\WINDOWS\Tasks\qrvlzssk.job deleted successfully.
File C:\WINDOWS\Tasks\jwg.job deleted successfully.
File C:\WINDOWS\Tasks\tomdiyte.job deleted successfully.
File C:\WINDOWS\Tasks\uuakf.job deleted successfully.
File C:\WINDOWS\Tasks\tiid.job deleted successfully.
File C:\WINDOWS\Tasks\dkv.job deleted successfully.
File C:\WINDOWS\Tasks\sen.job deleted successfully.
File C:\WINDOWS\Tasks\xvibz.job deleted successfully.
File C:\WINDOWS\Tasks\pkfyg.job deleted successfully.
File C:\WINDOWS\Tasks\blmvhvpl.job deleted successfully.
File C:\WINDOWS\Tasks\rbqa.job deleted successfully.
File C:\WINDOWS\Tasks\swzwo.job deleted successfully.
File C:\WINDOWS\Tasks\xwdyjga.job deleted successfully.
File C:\WINDOWS\Tasks\pqdgm.job deleted successfully.
File C:\WINDOWS\Tasks\cdbn.job deleted successfully.
File C:\WINDOWS\Tasks\pwzr.job deleted successfully.
File C:\WINDOWS\Tasks\gytvm.job deleted successfully.
File C:\WINDOWS\Tasks\embc.job deleted successfully.
File C:\WINDOWS\Tasks\twk.job deleted successfully.
File C:\WINDOWS\Tasks\otpw.job deleted successfully.
File C:\WINDOWS\Tasks\euk.job deleted successfully.
File C:\WINDOWS\Tasks\irtpj.job deleted successfully.
File C:\WINDOWS\Tasks\atbcrk.job deleted successfully.
File C:\WINDOWS\Tasks\lvckyg.job deleted successfully.
File C:\WINDOWS\Tasks\btpj.job deleted successfully.
File C:\WINDOWS\Tasks\msjgusxt.job deleted successfully.
File C:\WINDOWS\Tasks\enwcy.job deleted successfully.
File C:\WINDOWS\Tasks\prdva.job deleted successfully.
File C:\WINDOWS\Tasks\ccrqxcw.job deleted successfully.
File C:\WINDOWS\Tasks\ofxunbzw.job deleted successfully.
File C:\WINDOWS\Tasks\nilzzg.job deleted successfully.
File C:\WINDOWS\Tasks\fkcq.job deleted successfully.
File C:\WINDOWS\Tasks\jpmfi.job deleted successfully.
File C:\WINDOWS\Tasks\nofn.job deleted successfully.
File C:\WINDOWS\Tasks\riwwyynw.job deleted successfully.
File C:\WINDOWS\Tasks\pozn.job deleted successfully.
File C:\WINDOWS\Tasks\lbzeoavp.job deleted successfully.
File C:\WINDOWS\Tasks\cisyxba.job deleted successfully.
File C:\WINDOWS\Tasks\ebjfuutl.job deleted successfully.
File C:\WINDOWS\Tasks\ulqx.job deleted successfully.
File C:\WINDOWS\Tasks\bpetny.job deleted successfully.
File C:\WINDOWS\Tasks\lttd.job deleted successfully.
File C:\WINDOWS\Tasks\oyjwxutx.job deleted successfully.
File C:\WINDOWS\Tasks\yosphk.job deleted successfully.
File C:\WINDOWS\Tasks\kwu.job deleted successfully.
File C:\WINDOWS\Tasks\uplujfpc.job deleted successfully.
File C:\WINDOWS\Tasks\zzp.job deleted successfully.
File C:\WINDOWS\Tasks\hmh.job deleted successfully.
File C:\WINDOWS\Tasks\tdhpbm.job deleted successfully.
File C:\WINDOWS\Tasks\uvf.job deleted successfully.
File C:\WINDOWS\Tasks\eohn.job deleted successfully.
File C:\WINDOWS\Tasks\pytlbph.job deleted successfully.
File C:\WINDOWS\Tasks\yslxwr.job deleted successfully.
File C:\WINDOWS\Tasks\izpjqxh.job deleted successfully.
File C:\WINDOWS\Tasks\bkytt.job deleted successfully.
File C:\WINDOWS\Tasks\fwm.job deleted successfully.
File C:\WINDOWS\Tasks\xcmqmh.job deleted successfully.
File C:\WINDOWS\Tasks\runqk.job deleted successfully.
File C:\WINDOWS\Tasks\wxenv.job deleted successfully.
File C:\WINDOWS\Tasks\sqsjurua.job deleted successfully.
File C:\WINDOWS\Tasks\yevza.job deleted successfully.
File C:\WINDOWS\Tasks\melm.job deleted successfully.
File C:\WINDOWS\Tasks\nsama.job deleted successfully.
File C:\WINDOWS\Tasks\zuhm.job deleted successfully.
File C:\WINDOWS\Tasks\spvye.job deleted successfully.
File C:\WINDOWS\Tasks\oxqtta.job deleted successfully.
File C:\WINDOWS\Tasks\ulvjd.job deleted successfully.
File C:\WINDOWS\Tasks\ygvhfv.job deleted successfully.
File C:\WINDOWS\Tasks\efas.job deleted successfully.
File C:\WINDOWS\Tasks\liktht.job deleted successfully.
File C:\WINDOWS\Tasks\cvhlaiwy.job deleted successfully.
File C:\WINDOWS\Tasks\hsxca.job deleted successfully.
File C:\WINDOWS\Tasks\zihyzsl.job deleted successfully.
File C:\WINDOWS\Tasks\xaal.job deleted successfully.
File C:\WINDOWS\Tasks\envg.job deleted successfully.
File C:\WINDOWS\Tasks\bszcc.job deleted successfully.
File C:\WINDOWS\Tasks\krylqpyw.job deleted successfully.
File C:\WINDOWS\Tasks\fcx.job deleted successfully.
File C:\WINDOWS\Tasks\mjtv.job deleted successfully.
File C:\WINDOWS\Tasks\eveoc.job deleted successfully.
File C:\WINDOWS\Tasks\zry.job deleted successfully.
File C:\WINDOWS\Tasks\skpjril.job deleted successfully.
File C:\WINDOWS\Tasks\ddvamx.job deleted successfully.
File C:\WINDOWS\Tasks\baijh.job deleted successfully.
File C:\WINDOWS\Tasks\bfwmozt.job deleted successfully.
File C:\WINDOWS\Tasks\eodc.job deleted successfully.
File C:\WINDOWS\Tasks\rsdowo.job deleted successfully.
File C:\WINDOWS\Tasks\nik.job deleted successfully.
File C:\WINDOWS\Tasks\vebzydk.job deleted successfully.
File C:\WINDOWS\Tasks\wpvgr.job deleted successfully.
File C:\WINDOWS\Tasks\dsjf.job deleted successfully.
File C:\WINDOWS\Tasks\mqcsy.job deleted successfully.
File C:\WINDOWS\Tasks\syzuv.job deleted successfully.
File C:\WINDOWS\Tasks\ecojvzki.job deleted successfully.
File C:\WINDOWS\Tasks\umtka.job deleted successfully.
File C:\WINDOWS\Tasks\cia.job deleted successfully.
File C:\WINDOWS\Tasks\wvvza.job deleted successfully.
File C:\WINDOWS\Tasks\twnel.job deleted successfully.
File C:\WINDOWS\Tasks\xtuowr.job deleted successfully.
File C:\WINDOWS\Tasks\sdaecn.job deleted successfully.
File C:\WINDOWS\Tasks\rvgbp.job deleted successfully.
File C:\WINDOWS\Tasks\qlugtyjp.job deleted successfully.
File C:\WINDOWS\Tasks\dshmdp.job deleted successfully.
File C:\WINDOWS\Tasks\kij.job deleted successfully.
File C:\WINDOWS\Tasks\qpzclsqp.job deleted successfully.
File C:\WINDOWS\Tasks\dkxa.job deleted successfully.
File C:\WINDOWS\Tasks\ctl.job deleted successfully.
File C:\WINDOWS\Tasks\qzuv.job deleted successfully.
File C:\WINDOWS\Tasks\pdxdgxe.job deleted successfully.
File C:\WINDOWS\Tasks\kzhsyk.job deleted successfully.
File C:\WINDOWS\Tasks\cofiui.job deleted successfully.
File C:\WINDOWS\Tasks\owdqpja.job deleted successfully.
File C:\WINDOWS\Tasks\jgb.job deleted successfully.
File C:\WINDOWS\Tasks\rqov.job deleted successfully.
File C:\WINDOWS\Tasks\alzdk.job deleted successfully.
File C:\WINDOWS\Tasks\knys.job deleted successfully.
File C:\WINDOWS\Tasks\bfcg.job deleted successfully.
File C:\WINDOWS\Tasks\tszbcrlf.job deleted successfully.
File C:\WINDOWS\Tasks\hrof.job deleted successfully.
File C:\WINDOWS\Tasks\fwwmvmfi.job deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
-------------------------------------------------------------------------------------
Ho fatto uno scan con Kaspersky online, ho salvato il report e caricato
sul server di freehosting. Ecco il link che mi è stato dato:
http://www.freefilehosting.net/download/3bm0f
Cosa devo fare ancora?
Grazie!
Stefano |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 10 Feb 2008 20:32 Oggetto: |
|
|
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione: | files to delete:
C:\WINDOWS\temp\bnzfaa.exe
G:\Molo1\Installare-2\setup-ms.exe
G:\Molo1\Installare-2\inst_antispy_botspot.exe |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
mIRC non te l'ho fatto cancellare perché, presumo, tu lo utilizzi. Giusto?
Dimmi se riscontri ancora problemi. |
|
Top |
|
 |
avva_necate Mortale pio

Registrato: 07/02/08 14:35 Messaggi: 15
|
Inviato: 10 Feb 2008 20:43 Oggetto: |
|
|
Ok, bdoriano. Fatto tutto.
Allora, ecco il report di Avenger dopo il riavvio:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wkfovbij
*******************
Script file located at: \??\C:\mbifapas.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\temp\bnzfaa.exe deleted successfully.
File G:\Molo1\Installare-2\setup-ms.exe deleted successfully.
File G:\Molo1\Installare-2\inst_antispy_botspot.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
-------------------------------------------------------------------------------------
Ed ecco il log di Hijackthis fatto or ora:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.40.57, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\hijackthis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\bak\bak\bak\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
--
End of file - 8036 bytes
--------------------------------------------------------------------------------------
Sì, io il mIRC ogni tanto lo uso. Ma se è infetto, lo disinstallo all'istante. Oppure devo togliere in modo particolare?
Ciao,
Stefano |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 10 Feb 2008 20:52 Oggetto: |
|
|
avva_necate ha scritto: | Sì, io il mIRC ogni tanto lo uso. Ma se è infetto, lo disinstallo all'istante. Oppure devo togliere in modo particolare? |
No, viene solo indicato come "pericoloso" perché potresti ricevere files infetti tramite mIRC.
Nel log di hijackthis, è rimasta solo una voce sospetta:
Citazione: | R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe" |
Ma, dato che punta a un programma legittimo (Outlook Express), non credo che debba essere toccata.  |
|
Top |
|
 |
avva_necate Mortale pio

Registrato: 07/02/08 14:35 Messaggi: 15
|
Inviato: 10 Feb 2008 21:23 Oggetto: |
|
|
Grazie mille, bdoriano! Non ti rendi conto del problema che mi hai risolto! Adesso vedo se nelle prossime 24 ore il PC si sconnette da solo, poi vi faccio sapere. In ogni modo vi ringrazio già da adesso per tutta l'assistenza che mi avete dato! Siete stati dei grandi!
È fantastico che ci sia gente che, volontariamente, aiuti in questo modo, gratuito e online, gli utenti in difficoltà. Credo che sia una delle cose per la quale la Rete vale davvero così tanto. Inoltre, la vostra fama di professionalità e disponibilità è pienamente meritata!
Adesso, speriamo per il meglio. Vi farò sapere!
Ciao e grazie ancora!
Stefano |
|
Top |
|
 |
avva_necate Mortale pio

Registrato: 07/02/08 14:35 Messaggi: 15
|
Inviato: 11 Feb 2008 21:00 Oggetto: |
|
|
Ragazzi, pare proprio che il problema sia risolto. Ho lasciato la connessione ADSL attaccata da ieri fino ad ora e non c'è mai stata un'interruzione! Ti ringrazio Bdoriano! Mi hai veramente risolto un problema fastidiosissimo che mi portavo dietro da tanto tempo!
Una domanda: mi sapete consigliare un programma che sappia individuare dialer e malware di questo tipo?
Stefano |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 11 Feb 2008 23:36 Oggetto: |
|
|
Premessa: non esiste l'antivirus o antimalware perfetto.
Puoi dare un'occhiata a questo thread con un elenco di programmi molto validi per aiutarti a proteggere il pc.  |
|
Top |
|
 |
|
|
Non puoi inserire nuovi argomenti Non puoi rispondere a nessun argomento Non puoi modificare i tuoi messaggi Non puoi cancellare i tuoi messaggi Non puoi votare nei sondaggi
|
|