| Precedente :: Successivo |
| Autore |
Messaggio |
Venere80
Eroe in grazia degli dei
Registrato: 18/07/07 20:28
Messaggi: 92
|
 Inviato: 10 Gen 2008 20:36 Oggetto: Un dialer o un trojan ha cambiato qualcosa nel portatile |
 |
|
Ieri stavo cercando con google il sito "giramondo.net", attenzione, quando mi sono apparsi una serie di dati alfanumerici e la connessione è
caduta cercando di ricomporre velocemente il numero. Ho staccato il cavo telefonico e subito ho notato strane cose.
Nella scheda connessioni di IE c' era "Internet connection", oltre a quella mia originaria.
In C:\windows\Temp si era inserito un programma a 10 cifre con estensione.exe che sono riuscita ad eliminare. Ma ad ogni accensione del pc si
ripresenta abc123.pid sempre in c:\windows\Temp.
Inoltre mi sono sparite una ventina di applicazioni nel task manager tra cui Symantec che però è attivo. Sempre nel task ci sono 2 cssauth.exe, non uguali, uno ha circa il doppio di kb,
e altra stranezza, iexplore.exe è già presente nonostante non sia ancora collegata alla rete. Ah non appaiono più le linee del volume che devo aumentare
ad orecchio.
Il mio pc è un portatile Lenovo con S.O. XP Professional service pack 2 con HD da 60 Gb. Mi connetto tramite dial-up.
Ho Norton antivirus che in genere mi segnalava qualche anomalia, ma stavolta ha fallito.
Grazie, aiutatemi per favore. |
|
| Top |
|
 |
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 11 Gen 2008 12:42 Oggetto: |
|
|
Ciao Venere80 
Guarda questa discussione
per postare un log di Hijackthis. Posta anche un log di FindAWF |
|
| Top |
|
|
Venere80
Eroe in grazia degli dei
Registrato: 18/07/07 20:28
Messaggi: 92
|
| Inviato: 11 Gen 2008 14:36 Oggetto: |
|
|
Ciao mitico Sante e grazie della risposta 
Dopo il log di Hijackthis ho allegato quello di Find Awf.
Ecco il log di Hiajckthis:
Logfile of HijackThis v1.99.1
Scan saved at 12.53.22, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\lenovo\system update\suservice.exe
C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmi\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programmi\File comuni\Lenovo\Logger\logmon.exe
C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmi\Lenovo\Client Security Solution\cssauth.exe
C:\Programmi\Lenovo\Client Security Solution\bak\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Programmi\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\tp4serv.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\DOCUME~1\Mionome~1\IMPOST~1\Temp\Directory temporanea 1 per hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/welcome/thinkpad
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Programmi\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167387531215
O17 - HKLM\System\CCS\Services\Tcpip\..\{D35CAF2C-A1A6-472A-99A0-2EFDD7E55C40}: NameServer = 130.000.00.00,130.000.00.00
O20 - Winlogon Notify: AwayNotify - C:\Programmi\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmi\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programmi\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe
ECCO IL REPORT DI FIND AWF
Find AWF report by noahdfear ©2006
Version 1.40
bak folders found
~~~~~~~~~~~
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\MESSEN~1\BAK
0 File 0 byte
2 Directory 39.898.271.744 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\PICASA2\BAK
16/03/2006 00.07 421.888 PicasaMediaDetector.exe
1 File 421.888 byte
2 Directory 39.898.271.744 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\SPYWAR~1\BAK
21/09/2007 20.29 2.778.112 SpywareTerminatorShield.exe
1 File 2.778.112 byte
2 Directory 39.898.267.648 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\WINDOW~1\BAK
02/11/2006 22.56 204.288 WMPNSCFG.exe
1 File 204.288 byte
2 Directory 39.898.267.648 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\WINDOWS\SYSTEM32\BAK
19/08/2004 22.00 15.360 ctfmon.exe
25/07/2006 07.17 77.824 hkcmd.exe
25/07/2006 07.21 118.784 igfxpers.exe
25/07/2006 07.21 94.208 igfxtray.exe
4 File 306.176 byte
2 Directory 39.898.267.648 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\ANALOG~1\CORE\BAK
20/05/2005 01.11 925.696 smax4pnp.exe
1 File 925.696 byte
2 Directory 39.898.267.648 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK
06/05/2005 15.06 716.800 Smax4.exe
1 File 716.800 byte
2 Directory 39.898.267.648 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\DISKEE~1\DISKEE~1\BAK
18/05/2006 16.24 196.696 DkIcon.exe
1 File 196.696 byte
2 Directory 39.898.267.648 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\LENOVO\AWAYTASK\BAK
16/08/2006 18.07 69.632 AwaySch.EXE
1 File 69.632 byte
2 Directory 39.898.267.648 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\LENOVO\CLIENT~1\BAK
14/07/2006 18.13 2.341.632 cssauth.exe
1 File 2.341.632 byte
2 Directory 39.898.267.648 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\LENOVO\SAFEGU~1\BAK
13/03/2006 16.38 41.472 pdservice.exe
1 File 41.472 byte
2 Directory 39.898.267.648 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\SYMANT~2\SYMANT~1\BAK
22/08/2002 11.56 77.824 vptray.exe
1 File 77.824 byte
2 Directory 39.898.263.552 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\THINKPAD\CONNEC~1\BAK
26/08/2006 00.22 409.600 ACTray.exe
26/08/2006 00.17 110.592 ACWLIcon.exe
2 File 520.192 byte
2 Directory 39.898.263.552 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\THINKPAD\UTILIT~1\BAK
23/02/2006 18.22 237.568 EzEjMnAp.Exe
02/06/2006 22.00 856.064 TpKmapAp.exe
2 File 1.093.632 byte
2 Directory 39.898.263.552 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\THINKV~1\AMSG\BAK
14/11/2005 07.23 487.424 amsg.exe
1 File 487.424 byte
2 Directory 39.898.263.552 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\THINKV~1\PRDCTR\BAK
04/07/2006 17.11 110.592 LPMGR.exe
1 File 110.592 byte
2 Directory 39.898.263.552 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\WINDOWS\SYSTEM32\DLA\BAK
02/02/2006 05.20 122.940 DLACTRLW.EXE
1 File 122.940 byte
2 Directory 39.898.263.552 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK
30/03/2006 16.45 313.472 AdobeUpdateManager.exe
1 File 313.472 byte
2 Directory 39.898.263.552 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK
27/07/2004 16.50 81.920 issch.exe
27/07/2004 16.50 221.184 ISUSPM.exe
2 File 303.104 byte
2 Directory 39.898.263.552 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\FILECO~1\LENOVO\SCHEDU~1\BAK
10/07/2007 15.16 540.672 scheduler_proxy.exe
1 File 540.672 byte
2 Directory 39.898.263.552 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK
09/11/2006 15.07 49.263 jusched.exe
1 File 49.263 byte
2 Directory 39.898.263.552 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\BAK
25/07/2006 02.19 94.208 TPHKMGR.exe
1 File 94.208 byte
2 Directory 39.898.263.552 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
516096 16 Mar 2006 "C:\Programmi\Picasa2\PicasaUpdate.exe"
421888 16 Mar 2006 "C:\Programmi\Picasa2\bak\PicasaMediaDetector.exe"
655360 16 Mar 2006 "C:\Programmi\Picasa2\cdautorun\PicasaRestore.exe"
4900600 15 Aug 2006 "C:\SWTOOLS\Apps\GOOGLE\PICASA\picasa2-oem-lenovo.exe"
10691432 22 Aug 2007 "C:\Programmi\Spyware Terminator\SpywareTerminator.exe"
3464312 3 Jul 2007 "C:\Documents and Settings\Mionome\Desktop\SpywareTerminator.exe"
2778112 21 Sep 2007 "C:\Programmi\Spyware Terminator\bak\SpywareTerminatorShield.exe"
14348 9 Jan 2008 "C:\Programmi\Windows Media Player\WMPNSCFG.exe"
204288 2 Nov 2006 "C:\Programmi\Windows Media Player\bak\WMPNSCFG.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 9 Jan 2008 "C:\WINDOWS\system32\hkcmd.exe"
77824 25 Jul 2006 "C:\WINDOWS\system32\bak\hkcmd.exe"
77824 25 Jul 2006 "C:\SWTOOLS\DRIVERS\VIDEO\WIN2000\HKCMD.EXE"
14348 9 Jan 2008 "C:\WINDOWS\system32\igfxpers.exe"
118784 25 Jul 2006 "C:\WINDOWS\system32\bak\igfxpers.exe"
118784 25 Jul 2006 "C:\SWTOOLS\DRIVERS\VIDEO\WIN2000\IGFXPERS.EXE"
14348 9 Jan 2008 "C:\WINDOWS\system32\igfxtray.exe"
94208 25 Jul 2006 "C:\WINDOWS\system32\bak\igfxtray.exe"
94208 25 Jul 2006 "C:\SWTOOLS\DRIVERS\VIDEO\WIN2000\IGFXTRAY.EXE"
925696 20 May 2005 "C:\DRIVERS\audio\SMAX4PNP.EXE"
14348 9 Jan 2008 "C:\Programmi\Analog Devices\Core\smax4pnp.exe"
925696 20 May 2005 "C:\Programmi\Analog Devices\Core\bak\smax4pnp.exe"
925696 20 May 2005 "C:\SWTOOLS\DRIVERS\AUDIO\SMAXWDM\W2K_XP\SMAX4PNP.EXE"
14348 9 Jan 2008 "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe"
716800 6 May 2005 "C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe"
716800 6 May 2005 "C:\SWTOOLS\DRIVERS\AUDIO\SM_PANEL\SYS\SMAX4.EXE"
14348 9 Jan 2008 "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
73728 16 Nov 2006 "C:\WINDOWS\Installer\{796E076A-82F7-4D49-98C8-DEC0C3BC733A}\DkIcon.exe"
196696 18 May 2006 "C:\Programmi\Diskeeper Corporation\Diskeeper\bak\DkIcon.exe"
14348 9 Jan 2008 "C:\Programmi\Lenovo\AwayTask\AwaySch.EXE"
69632 16 Aug 2006 "C:\Programmi\Lenovo\AwayTask\bak\AwaySch.EXE"
69632 16 Aug 2006 "C:\SWTOOLS\Apps\AWAYTASK\AwayTask\AwaySch.exe"
14348 9 Jan 2008 "C:\Programmi\Lenovo\Client Security Solution\cssauth.exe"
2341632 14 Jul 2006 "C:\Programmi\Lenovo\Client Security Solution\bak\cssauth.exe"
14348 9 Jan 2008 "C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
41472 13 Mar 2006 "C:\Programmi\Lenovo\SafeGuard PrivateDisk\bak\pdservice.exe"
14348 9 Jan 2008 "C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe"
77824 22 Aug 2002 "C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\bak\vptray.exe"
14348 9 Jan 2008 "C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe"
409600 26 Aug 2006 "C:\Programmi\ThinkPad\ConnectUtilities\bak\ACTray.exe"
14348 9 Jan 2008 "C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe"
110592 26 Aug 2006 "C:\Programmi\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe"
14348 9 Jan 2008 "C:\Programmi\ThinkPad\Utilities\EzEjMnAp.Exe"
237568 23 Feb 2006 "C:\SWTOOLS\DRIVERS\EZEJECT\EZEJMNAP.EXE"
237568 23 Feb 2006 "C:\Programmi\ThinkPad\Utilities\bak\EzEjMnAp.Exe"
14348 9 Jan 2008 "C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe"
856064 2 Jun 2006 "C:\Programmi\ThinkPad\Utilities\bak\TpKmapAp.exe"
14348 9 Jan 2008 "C:\Programmi\ThinkVantage\AMSG\amsg.exe"
487424 14 Nov 2005 "C:\Programmi\ThinkVantage\AMSG\bak\amsg.exe"
487424 14 Nov 2005 "C:\SWTOOLS\Apps\AMSG\exe\Amsg.exe"
14348 9 Jan 2008 "C:\Programmi\ThinkVantage\PrdCtr\LPMGR.exe"
110592 4 Jul 2006 "C:\SWTOOLS\Apps\PRDCTR\LPMGR.EXE"
110592 4 Jul 2006 "C:\Programmi\ThinkVantage\PrdCtr\bak\LPMGR.exe"
14348 9 Jan 2008 "C:\WINDOWS\system32\DLA\DLACTRLW.EXE"
122940 2 Feb 2006 "C:\Programmi\Multimedia Center for Think Offerings\DLA\install\dlactrlw.exe"
122940 2 Feb 2006 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
14348 9 Jan 2008 "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 30 Mar 2006 "C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
14348 9 Jan 2008 "C:\Programmi\File comuni\Installshield\UpdateService\issch.exe"
81920 27 Jul 2004 "C:\Programmi\File comuni\Installshield\UpdateService\bak\issch.exe"
14348 9 Jan 2008 "C:\Programmi\File comuni\Installshield\UpdateService\ISUSPM.exe"
221184 27 Jul 2004 "C:\Programmi\File comuni\Installshield\UpdateService\bak\ISUSPM.exe"
14348 9 Jan 2008 "C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe"
540672 10 Jul 2007 "C:\Programmi\File comuni\Lenovo\Scheduler\bak\scheduler_proxy.exe"
36975 10 Nov 2005 "C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe"
14348 9 Jan 2008 "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
49263 9 Nov 2006 "C:\Programmi\Java\jre1.5.0_10\bin\bak\jusched.exe"
14348 9 Jan 2008 "C:\Programmi\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
94208 25 Jul 2006 "C:\Programmi\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe"
94208 25 Jul 2006 "C:\SWTOOLS\DRIVERS\HOTKEY\OSD\COMMON\TPHKMGR.EXE"
end of report
Grazie ancora per il lavoro che svolgi tu e chi collabora a questo prezioso sito.  |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 11 Gen 2008 17:50 Oggetto: |
|
|
Bene...Scarica The Avenger
Scompattalo in una sua cartella in c:\
Avvialo
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
| Citazione: | files to delete:
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
C:\Programmi\Lenovo\Client Security Solution\cssauth.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmi\ThinkPad\Utilities\EzEjMnAp.Exe
C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe
C:\Programmi\ThinkVantage\AMSG\amsg.exe
C:\Programmi\ThinkVantage\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Programmi\File comuni\Installshield\UpdateService\issch.exe
C:\Programmi\File comuni\Installshield\UpdateService\ISUSPM.exe
C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
files to move:
C:\Programmi\Windows Media Player\bak\WMPNSCFG.exe | C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\bak\hkcmd.exe | C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\bak\igfxpers.exe | C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\bak\igfxtray.exe | C:\WINDOWS\system32\igfxtray.exe
C:\Programmi\Analog Devices\Core\bak\smax4pnp.exe | C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe | C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Lenovo\AwayTask\bak\AwaySch.EXE | C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
C:\Programmi\Lenovo\Client Security Solution\bak\cssauth.exe | C:\Programmi\Lenovo\Client Security Solution\cssauth.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\bak\vptray.exe | C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Programmi\ThinkPad\ConnectUtilities\bak\ACTray.exe | C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmi\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe | C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmi\ThinkPad\Utilities\bak\EzEjMnAp.Exe | C:\Programmi\ThinkPad\Utilities\EzEjMnAp.Exe
C:\Programmi\ThinkPad\Utilities\bak\TpKmapAp.exe | C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe
C:\Programmi\ThinkVantage\AMSG\bak\amsg.exe | C:\Programmi\ThinkVantage\AMSG\amsg.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe | C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Programmi\File comuni\Installshield\UpdateService\bak\issch.exe | C:\Programmi\File comuni\Installshield\UpdateService\issch.exe
C:\Programmi\File comuni\Installshield\UpdateService\bak\ISUSPM.exe | C:\Programmi\File comuni\Installshield\UpdateService\ISUSPM.exe
C:\Programmi\File comuni\Lenovo\Scheduler\bak\scheduler_proxy.exe | C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmi\Java\jre1.5.0_10\bin\bak\jusched.exe | C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe | C:\Programmi\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato con un log aggiornato di hijackthis. Ti consiglio di disinstallare Java e scaricarti la nuova versione http://java.sun.com/javase/downloads/index.jsp
scorri la pagina fino a trovare "Java Runtime Environment (JRE) 6 Update 2
The Java SE Runtime Environment (JRE) allows end-users to run Java applications." clicca sul pulsante download e scarica ed installa la nuova versione.
Riavvia il pc |
|
| Top |
|
|
Venere80
Eroe in grazia degli dei
Registrato: 18/07/07 20:28
Messaggi: 92
|
| Inviato: 11 Gen 2008 21:27 Oggetto: |
|
|
Caro Sante sei un grande ,ci siamo quasi, sono riapparse tutte le applicazioni originarie nel task manager. Unica noia, questa iexplore.exe sui 23.000 Kb che continua
ad esserci senza collegamento. Senti lo strano, mi sono salvata la pagina web in cui tu mi spiegavi i procedimenti per pulire il pc. Ad un certo punto mentre la leggevo
si è chiusa da sè, senza che io avessi toccato qualcosa. Ho riprovato con altre pagine e continua. Inoltre sempre nel task ci sono 2 Picasa Media Detector.
Le linee del volume adesso sono ritornate e rifunziona.
Ecco il log di Avenger a seguire ti ho inserito quello di Hijackthis
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cmbyxfmw
*******************
Script file located at: \??\C:\Program Files\qvihchxv.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Programmi\Windows Media Player\WMPNSCFG.exe deleted successfully.
File C:\WINDOWS\system32\hkcmd.exe deleted successfully.
File C:\WINDOWS\system32\igfxpers.exe deleted successfully.
File C:\WINDOWS\system32\igfxtray.exe deleted successfully.
File C:\Programmi\Analog Devices\Core\smax4pnp.exe deleted successfully.
File C:\Programmi\Analog Devices\SoundMAX\Smax4.exe deleted successfully.
File C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe deleted successfully.
File C:\Programmi\Lenovo\AwayTask\AwaySch.EXE deleted successfully.
File C:\Programmi\Lenovo\Client Security Solution\cssauth.exe deleted successfully.
File C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe deleted successfully.
File C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe deleted successfully.
File C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe deleted successfully.
File C:\Programmi\ThinkPad\Utilities\EzEjMnAp.Exe deleted successfully.
File C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe deleted successfully.
File C:\Programmi\ThinkVantage\AMSG\amsg.exe deleted successfully.
File C:\Programmi\ThinkVantage\PrdCtr\LPMGR.exe deleted successfully.
File C:\WINDOWS\system32\DLA\DLACTRLW.EXE deleted successfully.
File C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe deleted successfully.
File C:\Programmi\File comuni\Installshield\UpdateService\issch.exe deleted successfully.
File C:\Programmi\File comuni\Installshield\UpdateService\ISUSPM.exe deleted successfully.
File C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe deleted successfully.
File C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe deleted successfully.
File C:\Programmi\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe deleted successfully.
File move operation C:\Programmi\Windows Media Player\bak\WMPNSCFG.exe|C:\Programmi\Windows Media Player\WMPNSCFG.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\hkcmd.exe|C:\WINDOWS\system32\hkcmd.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\igfxpers.exe|C:\WINDOWS\system32\igfxpers.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\igfxtray.exe|C:\WINDOWS\system32\igfxtray.exe completed successfully.
File move operation C:\Programmi\Analog Devices\Core\bak\smax4pnp.exe|C:\Programmi\Analog Devices\Core\smax4pnp.exe completed successfully.
File move operation C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe|C:\Programmi\Analog Devices\SoundMAX\Smax4.exe completed successfully.
File move operation C:\Programmi\Lenovo\AwayTask\bak\AwaySch.EXE|C:\Programmi\Lenovo\AwayTask\AwaySch.EXE completed successfully.
File move operation C:\Programmi\Lenovo\Client Security Solution\bak\cssauth.exe|C:\Programmi\Lenovo\Client Security Solution\cssauth.exe completed successfully.
File move operation C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\bak\vptray.exe|C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\vptray.exe completed successfully.
File move operation C:\Programmi\ThinkPad\ConnectUtilities\bak\ACTray.exe|C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe completed successfully.
File move operation C:\Programmi\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe|C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe completed successfully.
File move operation C:\Programmi\ThinkPad\Utilities\bak\EzEjMnAp.Exe|C:\Programmi\ThinkPad\Utilities\EzEjMnAp.Exe completed successfully.
File move operation C:\Programmi\ThinkPad\Utilities\bak\TpKmapAp.exe|C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe completed successfully.
File move operation C:\Programmi\ThinkVantage\AMSG\bak\amsg.exe|C:\Programmi\ThinkVantage\AMSG\amsg.exe completed successfully.
File move operation C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe|C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe completed successfully.
File move operation C:\Programmi\File comuni\Installshield\UpdateService\bak\issch.exe|C:\Programmi\File comuni\Installshield\UpdateService\issch.exe completed successfully.
File move operation C:\Programmi\File comuni\Installshield\UpdateService\bak\ISUSPM.exe|C:\Programmi\File comuni\Installshield\UpdateService\ISUSPM.exe completed successfully.
File move operation C:\Programmi\File comuni\Lenovo\Scheduler\bak\scheduler_proxy.exe|C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe completed successfully.
File move operation C:\Programmi\Java\jre1.5.0_10\bin\bak\jusched.exe|C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe completed successfully.
File move operation C:\Programmi\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe|C:\Programmi\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe completed successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 19.53.54, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\lenovo\system update\suservice.exe
C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmi\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programmi\File comuni\Lenovo\Logger\logmon.exe
C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Programmi\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmi\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmi\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Picasa2\bak\PicasaMediaDetector.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\DOCUME~1\Mionome~1\IMPOST~1\Temp\Directory temporanea 2 per hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/welcome/thinkpad
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Programmi\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167387531215
O17 - HKLM\System\CCS\Services\Tcpip\..\{D35CAF2C-A1A6-472A-99A0-2EFDD7E55C40}: NameServer = 130.000.00.00,130.000.00.00
O20 - Winlogon Notify: AwayNotify - C:\Programmi\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmi\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programmi\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe
Grazie ancora. |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 11 Gen 2008 22:50 Oggetto: |
|
|
OK, Avenger ha fatto il suo lavoro.
Non so se conosci questo indirizzo IP:
| Citazione: | | O17 - HKLM\System\CCS\Services\Tcpip\..\{D35CAF2C-A1A6-472A-99A0-2EFDD7E55C40}: NameServer = 130.000.00.00,130.000.00.00 |
Se non lo conosci selezionalo in HJT e poi premi fix Checked.
Adesso guarda questa discussione relativa a Combofix, scaricalo e fai la scansione del PC, postando il risultato come indicato. Fai anche questi passi:
Scansione con GMER
Ricorda che i log di GMER sono due: Autostart e Rootkit. E non postarli quì perchè sono troppo lunghi. Mettiti anche un firewall con una certa urgenza scegliendone uno tramite questa discussione |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 11 Gen 2008 22:53 Oggetto: |
|
|
| Venere80 ha scritto: | | C:\DOCUME~1\Mionome~1\IMPOST~1\Temp\Directory temporanea 2 per hijackthis_199.zip\HijackThis.exe |
Hijackthis va salvato in una sua cartella non temporanea e non sul desktop. 
Ti conviene scaricare la versione aggiornata.
Posta i logs di GMER su FreeFileHosting come indicato qui.
Segui le indicazioni di Sante62. |
|
| Top |
|
|
Venere80
Eroe in grazia degli dei
Registrato: 18/07/07 20:28
Messaggi: 92
|
| Inviato: 12 Gen 2008 13:43 Oggetto: |
|
|
Buongiorno Sante e Bdoriano e grazie. Sto correndo prima che quel malefico programma mi riblocchi la connessione.
Sono andata in windows firewall che è attivo, anche se alla scheda avanzate ho trovato la maledetta voce internet connection e per di più selezionata. Che firewall mi consigliate?
Uno semplice da installare se c' è.
Adesso faccio le altre operazioni da voi indicate e poi ve le invio .
Ciao per ora. |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 12 Gen 2008 13:48 Oggetto: |
|
|
| Un firewall semplice da installare e configurare è Zone Alarm ed esiste anche la versione in italiano. Ricorda però che va configurato comunque correttamente, altrimenti la navigazione risulta quasi impossibile. |
|
| Top |
|
|
Venere80
Eroe in grazia degli dei
Registrato: 18/07/07 20:28
Messaggi: 92
|
| Inviato: 12 Gen 2008 15:34 Oggetto: |
|
|
URL="http://www.freefilehosting.net/files/3aa0j"]Gmer 12 gennaio.txt[/URL]
[URL="http://www.freefilehosting.net/files/3aa11"]autostart di gmer 12 gennaio.txt[/URL]
Ecco i log di combo e a seguire di Hijackthis. Per quest' ultimo ho scaricato la versione più recente, però non si è creata una cartella compressa, ma si è aperto subito il file che ho salvato in una cartella in c:\windows. Spero di aver fatto correttamente.
Ah gli indirizzi ip li ho "mascherati io", non per voi, ma per la qualche curiosone. Grazie mille ancora.
ComboFix 08-01-09.2 - Mionome 2008-01-12 13.19.39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.129 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Mionome\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((( Files Creati Da 2007-12-12 al 2008-01-12 )))))))))))))))))))))))))))))))))))
.
2008-01-12 13:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 13:11 . 2008-01-12 13:12 <DIR> d-------- C:\Hijack
2008-01-11 19:24 . 2008-01-11 19:24 127,378 --a------ C:\avenger.zip
2008-01-09 18:46 . 2008-01-11 19:35 <DIR> d-------- C:\WINDOWS\system32\bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 00:12 --------- d---a-w C:\Programmi\Spyware Terminator
2008-01-09 17:53 --------- d---a-w C:\Programmi\Picasa2
2008-01-08 18:48 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
2007-12-28 10:04 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:49 732,672 ------w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:49 732,672 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 16:53 360,832 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:42 1,292,800 ------w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:42 1,292,800 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:42 8,489,472 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-07-27 19:28 502,055 -c--a-w C:\Programmi\gmer.zip
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 196,696 2006-05-18 15:24:06 C:\Programmi\Diskeeper Corporation\Diskeeper\bak\DkIcon.exe
----a-r 41,472 2006-03-13 15:38:56 C:\Programmi\Lenovo\SafeGuard PrivateDisk\bak\pdservice.exe
----a-w 14,348 2008-01-09 17:51:46 C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe
----a-w 421,888 2006-03-15 23:07:06 C:\Programmi\Picasa2\bak\PicasaMediaDetector.exe
----a-w 14,348 2008-01-09 17:51:46 C:\Programmi\Picasa2\PicasaMediaDetector.exe
----a-w 2,778,112 2007-09-21 19:29:58 C:\Programmi\Spyware Terminator\bak\SpywareTerminatorShield.exe
----a-w 2,778,112 2008-01-09 18:01:25 C:\Programmi\Spyware Terminator\Spywareterminatorshield.Exe
----a-w 110,592 2006-07-04 16:11:00 C:\Programmi\ThinkVantage\PrdCtr\bak\LPMGR.exe
----a-w 15,360 2004-08-19 21:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 21:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 122,940 2006-02-02 04:20:00 C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:56 204288]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 22:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe" [2002-08-22 11:56 77824]
"TVT Scheduler Proxy"="C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe" [2007-07-10 15:16 540672]
"TrackPointSrv"="tp4serv.exe" [2005-07-12 19:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"TPKMAPHELPER"="C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 22:00 856064]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 02:19 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 01:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-09 19:01 2778112]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 01:11 925696]
"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06 716800]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 17:13 151552]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2008-01-09 18:51 14348]
"PDService.exe"="C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2008-01-09 18:51 14348]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [ ]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-25 07:21 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-25 07:21 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-25 07:17 77824]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 18:22 237568]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [ ]
"DiskeeperSystray"="C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe" [ ]
"cssauth"="C:\Programmi\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 18:13 2341632]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 17:13 208896]
"AwaySch"="C:\Programmi\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 18:07 69632]
"AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [2005-11-14 07:23 487424]
"ACWLIcon"="C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-08-26 00:17 110592]
"ACTray"="C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe" [2006-08-26 00:22 409600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 22:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BTTray.lnk - C:\Programmi\ThinkPad\Bluetooth Software\BTTray.exe [2006-05-31 14:51:02]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-16 17:33:35]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Programmi\Lenovo\AwayTask\AwayNotify.dll 2006-08-16 18:07 49152 C:\Programmi\Lenovo\AwayTask\AwayNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 15:45 28672 C:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 12:16 24576 C:\WINDOWS\system32\tphklock.dll
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-09-21 20:31]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-25 17:13]
R2 DbgMsg;Debug Message;C:\WINDOWS\System32\Drivers\DbgMsg.sys [2004-07-21 09:38]
R2 PrivateDisk;PrivateDisk;C:\Programmi\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 16:05]
R2 smi2;smi2;C:\Programmi\SMI2\smi2.sys [2006-07-14 15:55]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-12 19:55]
S3 MosIrUsb;MosIrUsb.sys;C:\WINDOWS\system32\DRIVERS\MosIrUsb.sys []
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-12 12:27:06 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2007-07-08 21:10:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 13:26:48
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
-> C:\WINDOWS\system32\NavLogon.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\PROGRA~1\ThinkPad\UTILIT~1\IT\PWRMGRRT.DLL
-> C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
.
Ora fine scansione: 2008-01-12 13:29:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-12 12:29:14
.
2008-01-11 00:11:51 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.16.05, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\lenovo\system update\suservice.exe
C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmi\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmi\File comuni\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmi\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmi\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Picasa2\bak\PicasaMediaDetector.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Hijack\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/welcome/thinkpad
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Programmi\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167387531215
O17 - HKLM\System\CCS\Services\Tcpip\..\{D35CAF2C-A1A6-472A-99A0-2EFDD7E55C40}: NameServer = 131.xxx.xx.xx,131.xxx.xx.xx
O20 - Winlogon Notify: AwayNotify - C:\Programmi\Lenovo\AwayTask\AwayNotify.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmi\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programmi\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe
--
End of file - 11899 bytes |
|
| Top |
|
|
Venere80
Eroe in grazia degli dei
Registrato: 18/07/07 20:28
Messaggi: 92
|
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
|
| Top |
|
|
Venere80
Eroe in grazia degli dei
Registrato: 18/07/07 20:28
Messaggi: 92
|
| Inviato: 12 Gen 2008 20:16 Oggetto: |
|
|
Grazie Bdoriano. Una domanda, Sante mi ha detto di sostituire Java 5.0 update 10 che ho io con Java 6 update 2. Sono andata sul sito, ma Java è updated a 4. Posso scaricarlo o devo devo cercare aggiornamenti precedenti?
Grazie  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 12 Gen 2008 20:36 Oggetto: |
|
|
| E' sempre meglio scaricare l'ultima versione disponibile, visto che corregge eventuali bugs o falle. |
|
| Top |
|
|
Venere80
Eroe in grazia degli dei
Registrato: 18/07/07 20:28
Messaggi: 92
|
| Inviato: 12 Gen 2008 20:37 Oggetto: |
|
|
Ecco il report fatto pochi minuti fa di Find AWF
Ciao
Find AWF report by noahdfear ©2006
Version 1.40
bak folders found
~~~~~~~~~~~
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\MESSEN~1\BAK
0 File 0 byte
2 Directory 39.649.648.640 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\PICASA2\BAK
16/03/2006 00.07 421.888 PicasaMediaDetector.exe
1 File 421.888 byte
3 Directory 39.649.648.640 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\SPYWAR~1\BAK
21/09/2007 20.29 2.778.112 SpywareTerminatorShield.exe
1 File 2.778.112 byte
2 Directory 39.649.644.544 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\WINDOW~1\BAK
0 File 0 byte
2 Directory 39.649.644.544 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\WINDOWS\SYSTEM32\BAK
19/08/2004 22.00 15.360 ctfmon.exe
1 File 15.360 byte
2 Directory 39.649.644.544 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\ANALOG~1\CORE\BAK
0 File 0 byte
2 Directory 39.649.644.544 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK
0 File 0 byte
2 Directory 39.649.644.544 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\DISKEE~1\DISKEE~1\BAK
18/05/2006 16.24 196.696 DkIcon.exe
1 File 196.696 byte
2 Directory 39.649.644.544 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\LENOVO\AWAYTASK\BAK
0 File 0 byte
2 Directory 39.649.644.544 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\LENOVO\CLIENT~1\BAK
0 File 0 byte
2 Directory 39.649.644.544 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\LENOVO\SAFEGU~1\BAK
13/03/2006 16.38 41.472 pdservice.exe
1 File 41.472 byte
2 Directory 39.649.644.544 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\SYMANT~2\SYMANT~1\BAK
0 File 0 byte
2 Directory 39.649.644.544 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\THINKPAD\CONNEC~1\BAK
0 File 0 byte
2 Directory 39.649.640.448 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\THINKPAD\UTILIT~1\BAK
0 File 0 byte
2 Directory 39.649.640.448 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\THINKV~1\AMSG\BAK
0 File 0 byte
2 Directory 39.649.640.448 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\THINKV~1\PRDCTR\BAK
04/07/2006 17.11 110.592 LPMGR.exe
1 File 110.592 byte
2 Directory 39.649.640.448 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\WINDOWS\SYSTEM32\DLA\BAK
02/02/2006 05.20 122.940 DLACTRLW.EXE
1 File 122.940 byte
2 Directory 39.649.640.448 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK
0 File 0 byte
2 Directory 39.649.640.448 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK
0 File 0 byte
2 Directory 39.649.640.448 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\FILECO~1\LENOVO\SCHEDU~1\BAK
0 File 0 byte
2 Directory 39.649.640.448 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK
0 File 0 byte
2 Directory 39.649.640.448 byte disponibili
Il volume nell'unit? C ? Preload
Numero di serie del volume: CC24-E19B
Directory di C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\BAK
0 File 0 byte
2 Directory 39.649.640.448 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
516096 16 Mar 2006 "C:\Programmi\Picasa2\PicasaUpdate.exe"
421888 16 Mar 2006 "C:\Programmi\Picasa2\bak\PicasaMediaDetector.exe"
655360 16 Mar 2006 "C:\Programmi\Picasa2\cdautorun\PicasaRestore.exe"
4900600 15 Aug 2006 "C:\SWTOOLS\Apps\GOOGLE\PICASA\picasa2-oem-lenovo.exe"
10691432 22 Aug 2007 "C:\Programmi\Spyware Terminator\SpywareTerminator.exe"
3464312 3 Jul 2007 "C:\Documents and Settings\Mionome\Desktop\SpywareTerminator.exe"
2778112 21 Sep 2007 "C:\Programmi\Spyware Terminator\bak\SpywareTerminatorShield.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
73728 16 Nov 2006 "C:\WINDOWS\Installer\{796E076A-82F7-4D49-98C8-DEC0C3BC733A}\DkIcon.exe"
196696 18 May 2006 "C:\Programmi\Diskeeper Corporation\Diskeeper\bak\DkIcon.exe"
14348 9 Jan 2008 "C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
41472 13 Mar 2006 "C:\Programmi\Lenovo\SafeGuard PrivateDisk\bak\pdservice.exe"
110592 4 Jul 2006 "C:\SWTOOLS\Apps\PRDCTR\LPMGR.EXE"
110592 4 Jul 2006 "C:\Programmi\ThinkVantage\PrdCtr\bak\LPMGR.exe"
122940 2 Feb 2006 "C:\Programmi\Multimedia Center for Think Offerings\DLA\install\dlactrlw.exe"
122940 2 Feb 2006 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
end of report |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 12 Gen 2008 21:04 Oggetto: |
|
|
Ne era sfuggito uno! 
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
| Citazione: | Files to delete:
C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe
Files to move:
C:\Programmi\Lenovo\SafeGuard PrivateDisk\bak\pdservice.exe | C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Scarica DelDomains sul desktop (clic con destro sul link e scegli Salva con nome), poi clic con destro sul file e seleziona Installa. |
|
| Top |
|
|
Venere80
Eroe in grazia degli dei
Registrato: 18/07/07 20:28
Messaggi: 92
|
| Inviato: 12 Gen 2008 21:26 Oggetto: |
|
|
mentre scarico Delldomains un' altra domanda su Java. Nel sito dopo aver premuto download mi chiede di scaricare la versione presente su Sun Download Manager, quella con il desktop e valida per giochi ecc. Va bene quella? non vorrei fare casini 
Grazie ancora |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
|
| Top |
|
|
Venere80
Eroe in grazia degli dei
Registrato: 18/07/07 20:28
Messaggi: 92
|
| Inviato: 13 Gen 2008 00:09 Oggetto: |
|
|
Ecco il nuovo log di avenger e a seguire quello di Hijackthis
Nel task ci sono ancora 2 PicasaMedia Detector e il maledetto IExplore.exe e ogni tanto si ripresenta Internet Connection 
Grazie mille per ora
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qpymmvvx
*******************
Script file located at: \??\C:\WINDOWS\gbrfasmc.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe deleted successfully.
File move operation C:\Programmi\Lenovo\SafeGuard PrivateDisk\bak\pdservice.exe|C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe completed successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22.35.46, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\lenovo\system update\suservice.exe
C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmi\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmi\File comuni\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmi\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmi\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Picasa2\bak\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Hijack\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/welcome/thinkpad
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Programmi\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167387531215
O17 - HKLM\System\CCS\Services\Tcpip\..\{D35CAF2C-A1A6-472A-99A0-2EFDD7E55C40}: NameServer = 131.xxx.xx.xx,131.xxx.xx.xx
O20 - Winlogon Notify: AwayNotify - C:\Programmi\Lenovo\AwayTask\AwayNotify.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmi\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programmi\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe
--
End of file - 11462 bytes |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 13 Gen 2008 09:44 Oggetto: |
 |
|
| Prova a collegarti a Panda Active Scan e procedi con la scansione del PC. Durante le operazioni, tieni disattivato il tuo antivirus. |
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
