Olimpo Informatico

paccone · Mortale devoto Registrato: 13/01/08 11:40 Messaggi: 6

Ciao a tutti. Ho seguito le indicazioni riportate nel topic rigardante quello da fare prima di postare un nuovo intervento di aiuto... ma i problemi restano:
da alcuni giorni mi parte un dialer verso il mio cellulare(che uso per connettermi a internet)+ho un file nella cartella impostazioni locali/temp di nome abc123.pid(naturalmente refrattario ad ogni cancellazione)+ molte cartelle bak con file duplicati... e dulcis in fundo alcuni messaggi di errore all'avvio di windows. In tutto ciò norton non nota niente(ma mi sa che è stato messo fuori uso...)

Spero possiate aiutarmi e possiate insegnarmi qualcosa da questa lezione.

Vi posto il log di HijacjThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.04.36, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.beatport.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174063698408
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FF0955E-C577-4D79-95A0-9AAE26F79C40}: NameServer = 213.230.128.222 213.230.129.94
O23 - Service: .nefuus - - (no file)
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Programmi\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 12436 bytes

Orange · Dio maturo Registrato: 18/02/07 13:20 Messaggi: 2224 Residenza: Roma

Benvenuto paccone Smile

Zonebac altro non è che una variante di Instant Access. Per eseguire la procedura di rimozione ci servirebbe il log di FindAWF.
Intanto scarica anche Avenger, ci servirà piu tardi Wink

paccone · Mortale devoto Registrato: 13/01/08 11:40 Messaggi: 6

ecco di seguito il report di Find AWF... la spada di Avenger è già sguainata! Laughing

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\ITUNES\BAK

27/04/2007 10.25 257.088 iTunesHelper.exe
1 File 257.088 byte
2 Directory 3.978.338.304 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\LEXMAR~1\BAK

19/08/2003 16.01 57.344 lxbkbmgr.exe
1 File 57.344 byte
2 Directory 3.978.338.304 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\QUICKT~1\BAK

27/04/2007 08.41 282.624 qttask.exe
1 File 282.624 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\WINAMP\BAK

10/10/2007 06.28 36.352 winampa.exe
1 File 36.352 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 16.39 15.360 ctfmon.exe
1 File 15.360 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

05/05/2003 08.57 143.360 SMTray.exe
1 File 143.360 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

02/01/2006 16.41 45.056 cli.exe
1 File 45.056 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\CANON\EASY-P~2\BAK

14/01/2004 02.10 409.600 BJPSMAIN.EXE
1 File 409.600 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\NOKIA\NOKIAP~1\BAK

29/06/2005 15.29 176.128 LaunchApplication.exe
24/06/2005 14.08 860.160 PcSync2.exe
2 File 1.036.288 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\ADOBE\ACROBA~1.0\DISTILLR\BAK

14/12/2004 02.12 483.328 Acrotray.exe
1 File 483.328 byte
2 Directory 3.978.330.112 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\LANGUAGE\BAK

13/04/2006 11.09 49.152 Language.exe
1 File 49.152 byte
2 Directory 3.978.330.112 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK

12/01/2006 16.40 155.648 NeroCheck.exe
1 File 155.648 byte
2 Directory 3.978.330.112 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK

27/07/2004 15.50 81.920 issch.exe
27/07/2004 15.50 221.184 ISUSPM.exe
2 File 303.104 byte
2 Directory 3.978.330.112 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\FILECO~1\PCSUITE\DATALA~1\BAK

07/06/2005 11.31 819.712 DataLayer.exe
1 File 819.712 byte
2 Directory 3.978.330.112 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\WINAMP\BAK

20/12/2004 19.41 33.792 winampa.exe
1 File 33.792 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\WINDOWS\SYSTEM32\BAK

19/08/2004 16.39 15.360 ctfmon.exe
09/07/2001 09.50 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

05/05/2003 08.57 143.360 SMTray.exe
1 File 143.360 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\ATITEC~1\ATICON~1\BAK

29/09/2004 06.15 344.064 atiptaxx.exe
1 File 344.064 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\CANON\EASY-P~2\BAK

14/01/2004 02.10 409.600 BJPSMAIN.EXE
1 File 409.600 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\CYBERL~1\POWERDVD\BAK

02/11/2004 19.24 32.768 PDVDServ.exe
1 File 32.768 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

25/11/2006 08.54 369.664 avgcc.exe
1 File 369.664 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\NOKIA\NOKIAP~1\BAK

29/06/2005 15.29 176.128 LaunchApplication.exe
24/06/2005 14.08 860.160 PcSync2.exe
2 File 1.036.288 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\ADOBE\ACROBA~2.0\DISTILLR\BAK

14/12/2004 02.12 483.328 Acrotray.exe
1 File 483.328 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK

27/07/2004 15.50 81.920 issch.exe
27/07/2004 15.50 221.184 ISUSPM.exe
2 File 303.104 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\FILECO~1\PCSUITE\DATALA~1\BAK

07/06/2005 11.31 819.712 DataLayer.exe
1 File 819.712 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

16/04/2005 01.07 180.269 realsched.exe
1 File 180.269 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK

09/11/2006 15.07 49.263 jusched.exe
1 File 49.263 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? F ? Yang
Numero di serie del volume: 8C9B-6C68

Directory di F:\MIDIHE~1\PROFFE~1\PROFFE~1\WWWHAN~1.UK\HO042\LUVSONGS.BAK

21/04/1987 21.41 1.445 DMS_0313.INF
21/04/1987 21.41 15.939 DMS_0313.MID
21/04/1987 21.40 8.446 LUVSONGS.INF
21/04/1987 21.41 3.128 LUVSONGS.LYC
21/04/1987 21.41 58.285 LUVSONGS.MID
21/04/1987 21.41 5.249 LUVSONGS.WDS
6 File 92.492 byte
2 Directory 11.950.338.048 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

257088 27 Apr 2007 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
14348 7 Jan 2008 "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
57344 19 Aug 2003 "C:\Programmi\Lexmark X1100 Series\bak\lxbkbmgr.exe"
57344 19 Aug 2003 "E:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
14348 7 Jan 2008 "C:\Programmi\QuickTime\qttask.exe"
282624 27 Apr 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
77824 24 Jul 2004 "E:\Documents and Settings\PC\Desktop\SupaDisk\windows\SYSTEM\qttask.exe"
28672 17 Oct 2001 "F:\IBMdeskstar\WINDOWS\SYSTEM\qttask.exe"
28672 17 Oct 2001 "F:\IBMdeskstar\bach2\Windows altro HD\SYSTEM\qttask.exe"
14348 7 Jan 2008 "C:\Programmi\Winamp\winampa.exe"
36352 10 Oct 2007 "C:\Programmi\Winamp\bak\winampa.exe"
33792 20 Dec 2004 "E:\Programmi\Winamp\bak\winampa.exe"
33792 13 Dec 2003 "E:\Documents and Settings\PC\Desktop\SupaDisk\Programmi\Winamp\winampa.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 19 Aug 2004 "E:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "E:\WINDOWS\system32\bak\ctfmon.exe"
14348 7 Jan 2008 "C:\Programmi\Analog Devices\SoundMAX\SMTray.exe"
143360 5 May 2003 "C:\Drivers\AD1888\SM_Panel\Sys\SMTray.exe"
143360 5 May 2003 "C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe"
143360 5 May 2003 "E:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe"
14348 7 Jan 2008 "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe"
45056 2 Jan 2006 "C:\Programmi\ATI Technologies\ATI.ACE\bak\cli.exe"
14348 7 Jan 2008 "C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE"
409600 14 Jan 2004 "C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE"
409600 14 Jan 2004 "E:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE"
14348 7 Jan 2008 "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe"
176128 29 Jun 2005 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe"
176128 29 Jun 2005 "E:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe"
14348 7 Jan 2008 "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe"
860160 24 Jun 2005 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe"
860160 24 Jun 2005 "E:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe"
14348 7 Jan 2008 "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
483328 14 Dec 2004 "C:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe"
483328 14 Dec 2004 "E:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe"
14348 7 Jan 2008 "C:\Programmi\CyberLink\PowerDVD\Language\Language.exe"
49152 13 Apr 2006 "C:\Programmi\CyberLink\PowerDVD\Language\bak\Language.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
155648 12 Jan 2006 "C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe"
155648 9 Jul 2001 "E:\WINDOWS\system32\bak\NeroCheck.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe"
81920 27 Jul 2004 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
81920 27 Jul 2004 "E:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe"
221184 27 Jul 2004 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe"
221184 27 Jul 2004 "E:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe"
819712 7 Jun 2005 "C:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe"
819712 7 Jun 2005 "E:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe"
14348 7 Jan 2008 "C:\Programmi\Winamp\winampa.exe"
36352 10 Oct 2007 "C:\Programmi\Winamp\bak\winampa.exe"
33792 20 Dec 2004 "E:\Programmi\Winamp\bak\winampa.exe"
33792 13 Dec 2003 "E:\Documents and Settings\PC\Desktop\SupaDisk\Programmi\Winamp\winampa.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 19 Aug 2004 "E:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "E:\WINDOWS\system32\bak\ctfmon.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
155648 12 Jan 2006 "C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe"
155648 9 Jul 2001 "E:\WINDOWS\system32\bak\NeroCheck.exe"
14348 7 Jan 2008 "C:\Programmi\Analog Devices\SoundMAX\SMTray.exe"
143360 5 May 2003 "C:\Drivers\AD1888\SM_Panel\Sys\SMTray.exe"
143360 5 May 2003 "C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe"
143360 5 May 2003 "E:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe"
344064 29 Sep 2004 "E:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
14348 7 Jan 2008 "C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE"
409600 14 Jan 2004 "C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE"
409600 14 Jan 2004 "E:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE"
30208 7 Dec 2005 "C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe"
32768 2 Nov 2004 "E:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe"
369664 25 Nov 2006 "E:\Programmi\Grisoft\AVG Free\bak\avgcc.exe"
14348 7 Jan 2008 "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe"
176128 29 Jun 2005 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe"
176128 29 Jun 2005 "E:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe"
14348 7 Jan 2008 "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe"
860160 24 Jun 2005 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe"
860160 24 Jun 2005 "E:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe"
14348 7 Jan 2008 "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
483328 14 Dec 2004 "C:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe"
483328 14 Dec 2004 "E:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe"
81920 27 Jul 2004 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
81920 27 Jul 2004 "E:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe"
221184 27 Jul 2004 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe"
221184 27 Jul 2004 "E:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe"
819712 7 Jun 2005 "C:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe"
819712 7 Jun 2005 "E:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe"
180269 16 Apr 2005 "E:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
155648 23 Jul 2005 "E:\Documents and Settings\PC\Desktop\SupaDisk\Programmi\File comuni\Real\Update_OB\realsched.exe"
49263 12 Oct 2006 "E:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
49263 9 Nov 2006 "E:\Programmi\Java\jre1.5.0_10\bin\bak\jusched.exe"
32881 19 Nov 2003 "E:\Documents and Settings\PC\Desktop\SupaDisk\Programmi\Java\j2re1.4.2_03\bin\jusched.exe"
1445 21 Apr 1987 "F:\MidiHeaven\Proffesional midi files\Proffesional midi files\WWW.HANDS-ON-MIDI.CO.UK\HO042\LUVSONGS.BAK\DMS_0313.INF"
15939 21 Apr 1987 "F:\MidiHeaven\Proffesional midi files\Proffesional midi files\WWW.HANDS-ON-MIDI.CO.UK\HO042\LUVSONGS.BAK\DMS_0313.MID"
8446 21 Apr 1987 "F:\MidiHeaven\Proffesional midi files\Proffesional midi files\WWW.HANDS-ON-MIDI.CO.UK\HO042\LUVSONGS.BAK\LUVSONGS.INF"
3128 21 Apr 1987 "F:\MidiHeaven\Proffesional midi files\Proffesional midi files\WWW.HANDS-ON-MIDI.CO.UK\HO042\LUVSONGS.BAK\LUVSONGS.LYC"
58285 21 Apr 1987 "F:\MidiHeaven\Proffesional midi files\Proffesional midi files\WWW.HANDS-ON-MIDI.CO.UK\HO042\LUVSONGS.BAK\LUVSONGS.MID"
5249 21 Apr 1987 "F:\MidiHeaven\Proffesional midi files\Proffesional midi files\WWW.HANDS-ON-MIDI.CO.UK\HO042\LUVSONGS.BAK\LUVSONGS.WDS"

end of report

Orange · Dio maturo Registrato: 18/02/07 13:20 Messaggi: 2224 Residenza: Roma

scompatta Avenger sul desktop
avvialo, seleziona Input script manually
clicca sulla lente d'ingrandimento
nella finestra che si apre View/Edit scrit copia/incolla queste righe:

paccone · Mortale devoto Registrato: 13/01/08 11:40 Messaggi: 6

ciao, finora pare che le cose stanno procedendo bene.
Segue log di Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kiucnjll

*******************

Script file located at: \??\C:\pemstttt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe deleted successfully.
File C:\Programmi\QuickTime\qttask.exe deleted successfully.
File C:\Programmi\Winamp\winampa.exe deleted successfully.
File C:\Programmi\Analog Devices\SoundMAX\SMTray.exe deleted successfully.
File C:\Programmi\ATI Technologies\ATI.ACE\cli.exe deleted successfully.
File C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE deleted successfully.
File C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe deleted successfully.
File C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe deleted successfully.
File C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe deleted successfully.
File C:\Programmi\CyberLink\PowerDVD\Language\Language.exe deleted successfully.
File C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe deleted successfully.
File C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe deleted successfully.
File C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe deleted successfully.
File C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe deleted successfully.
File move operation C:\Programmi\Lexmark X1100 Series\bak\lxbkbmgr.exe|C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe completed successfully.
File move operation C:\Programmi\Winamp\bak\winampa.exe|C:\Programmi\Winamp\winampa.exe completed successfully.
File move operation C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe|C:\Programmi\Analog Devices\SoundMAX\SMTray.exe completed successfully.
File move operation C:\Programmi\ATI Technologies\ATI.ACE\bak\cli.exe|C:\Programmi\ATI Technologies\ATI.ACE\cli.exe completed successfully.
File move operation C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE|C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE completed successfully.
File move operation C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe|C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe completed successfully.
File move operation C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe|C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe completed successfully.
File move operation C:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe|C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe completed successfully.
File move operation C:\Programmi\CyberLink\PowerDVD\Language\bak\Language.exe|C:\Programmi\CyberLink\PowerDVD\Language\Language.exe completed successfully.
File move operation C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe|C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe completed successfully.
File move operation C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe|C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe completed successfully.
File move operation C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe|C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe completed successfully.
File move operation C:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe|C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.

paccone · Mortale devoto Registrato: 13/01/08 11:40 Messaggi: 6

ComboFix 08-01-09.2 - PC 2008-01-15 19.44.31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.526 [GMT 1:00]
Eseguito da: C:\Documents and Settings\PC\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2007-12-15 al 2008-01-15 )))))))))))))))))))))))))))))))))))
.

2008-01-15 19:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 12:19 . 2008-01-15 12:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-15 12:19 . 2008-01-15 12:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-12 19:52 . 2008-01-12 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-01-12 19:40 . 2008-01-13 10:28 <DIR> d-------- C:\Programmi\a-squared Free
2008-01-12 19:34 . 2008-01-12 20:24 <DIR> d-------- C:\Programmi\a-squared Anti-Dialer
2008-01-12 19:33 . 2008-01-12 19:34 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-01-12 19:26 . 2008-01-12 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-12 19:17 . 2008-01-12 19:22 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-01-12 19:17 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-01-12 19:12 . 2008-01-12 19:15 <DIR> d-------- C:\Programmi\Antivirus
2008-01-12 13:09 . 2008-01-12 13:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-12 13:09 . 2008-01-12 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-12 11:17 . 2008-01-12 11:17 <DIR> d-------- C:\Programmi\Trend Micro
2008-01-07 17:51 . 2008-01-07 17:51 <DIR> d-------- C:\WINDOWS\system32\bak
2007-12-26 10:06 . 2007-12-26 10:07 137 --a------ C:\WINDOWS\RUBDUCK.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 18:29 --------- d-----w C:\Programmi\Winamp
2008-01-15 18:29 --------- d-----w C:\Programmi\QuickTime
2008-01-15 18:29 --------- d-----w C:\Programmi\Lexmark X1100 Series
2008-01-14 18:09 --------- d-----w C:\Programmi\eMule
2008-01-13 09:26 --------- d-----w C:\Programmi\iTunes
2008-01-08 20:53 --------- d-----w C:\Programmi\MySpace
2008-01-07 16:51 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2007-12-10 23:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2007-12-05 07:43 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 07:43 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 07:43 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 07:43 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 07:43 --------- d-----w C:\Programmi\Symantec
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-26 16:55 --------- d-----w C:\Programmi\Norton AntiVirus
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-03-18 15:45 18 ----a-w C:\Documents and Settings\PC\ambt.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:39 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 14:08 860160]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"Smapp"="C:\Programmi\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]
"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"Lexmark X1100 Series"="C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:01 57344]
"Acrobat Assistant 7.0"="C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50 221184]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50 81920]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Programmi\Norton AntiVirus\osCheck.exe" [2006-09-05 19:22 26248]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"WinampAgent"="C:\Programmi\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"a-squared"="C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" [2008-01-12 19:37 1329152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:39 15360]

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R2 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Programmi\a-squared Anti-Dialer\a2service.exe" [2008-01-12 19:36]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-08 15:52]
R3 echogals;Gina20 Service;C:\WINDOWS\system32\drivers\echogals.sys [2004-09-09 12:24]
R3 USBMN2X2;M-Audio USB MidiSport 2x2;C:\WINDOWS\system32\drivers\usbmn2x2.sys [2007-03-26 17:11]
S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 12:44]
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2007-03-26 17:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b05e62b0-32b4-11dc-9332-0011d80d5d39}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-11 19:00:04 C:\WINDOWS\Tasks\Norton AntiVirus - Scansione completa sistema - PC.job"
- C:\PROGRA~1\NORTON~1\Navw32.exei/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 19:48:54
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-15 19.49.33
.
2008-01-15 17:58:29 --- E O F ---

paccone · Mortale devoto Registrato: 13/01/08 11:40 Messaggi: 6

...e infine il nuovo log di Hijackthis. Al momento tutto sembra essersi risulto(niente dialer, niente messaggi strani...)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.51.50, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
c:\progra~1\fileco~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.beatport.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174063698408
O23 - Service: .nefuus - - (no file)
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Programmi\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 12694 bytes

Orange · Dio maturo Registrato: 18/02/07 13:20 Messaggi: 2224 Residenza: Roma

Scarica Autoruns, avvialo e tra le varie voci presenti nel menu sopra seleziona Services. Il tool farà uno scan veloce di servizi caricati. Quando sotto appare la scritta Ready fai: File-- Save as.. e salvalo dove vuoi tu (anche sul desktop). Posta per favore il contenuto del blocco note.

paccone · Mortale devoto Registrato: 13/01/08 11:40 Messaggi: 6

ciao orange,
chiedo scusa per il mio notevole ritardo nella risposta... ma eccomi. Come mi suggerivi di fare ho eseguito il programma autoruns ed ecco il resoconto:

(ancora garzie, il computer sembra gia funzionare molto meglio)

edit by bdoriano: log eliminato perché incompleto. I logs vanno caricati su FreeFileHosting come indicato qui.