Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
zonebac, abc123.pid, dialer...
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
paccone
Mortale devoto
Mortale devoto


Registrato: 13/01/08 11:40
Messaggi: 6

MessaggioInviato: 13 Gen 2008 18:06    Oggetto: zonebac, abc123.pid, dialer... Rispondi citando

Ciao a tutti. Ho seguito le indicazioni riportate nel topic rigardante quello da fare prima di postare un nuovo intervento di aiuto... ma i problemi restano:
da alcuni giorni mi parte un dialer verso il mio cellulare(che uso per connettermi a internet)+ho un file nella cartella impostazioni locali/temp di nome abc123.pid(naturalmente refrattario ad ogni cancellazione)+ molte cartelle bak con file duplicati... e dulcis in fundo alcuni messaggi di errore all'avvio di windows. In tutto ciò norton non nota niente(ma mi sa che è stato messo fuori uso...)

Spero possiate aiutarmi e possiate insegnarmi qualcosa da questa lezione.

Vi posto il log di HijacjThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.04.36, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.beatport.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174063698408
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FF0955E-C577-4D79-95A0-9AAE26F79C40}: NameServer = 213.230.128.222 213.230.129.94
O23 - Service: .nefuus - - (no file)
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Programmi\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 12436 bytes
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma

MessaggioInviato: 14 Gen 2008 10:38    Oggetto: Rispondi citando

Benvenuto paccone Smile

Zonebac altro non è che una variante di Instant Access. Per eseguire la procedura di rimozione ci servirebbe il log di FindAWF.
Intanto scarica anche Avenger, ci servirà piu tardi Wink
Top
Profilo Invia messaggio privato
paccone
Mortale devoto
Mortale devoto


Registrato: 13/01/08 11:40
Messaggi: 6

MessaggioInviato: 14 Gen 2008 18:38    Oggetto: Rispondi citando

ecco di seguito il report di Find AWF... la spada di Avenger è già sguainata! Laughing

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\ITUNES\BAK

27/04/2007 10.25 257.088 iTunesHelper.exe
1 File 257.088 byte
2 Directory 3.978.338.304 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\LEXMAR~1\BAK

19/08/2003 16.01 57.344 lxbkbmgr.exe
1 File 57.344 byte
2 Directory 3.978.338.304 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\QUICKT~1\BAK

27/04/2007 08.41 282.624 qttask.exe
1 File 282.624 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\WINAMP\BAK

10/10/2007 06.28 36.352 winampa.exe
1 File 36.352 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 16.39 15.360 ctfmon.exe
1 File 15.360 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

05/05/2003 08.57 143.360 SMTray.exe
1 File 143.360 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

02/01/2006 16.41 45.056 cli.exe
1 File 45.056 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\CANON\EASY-P~2\BAK

14/01/2004 02.10 409.600 BJPSMAIN.EXE
1 File 409.600 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\NOKIA\NOKIAP~1\BAK

29/06/2005 15.29 176.128 LaunchApplication.exe
24/06/2005 14.08 860.160 PcSync2.exe
2 File 1.036.288 byte
2 Directory 3.978.334.208 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\ADOBE\ACROBA~1.0\DISTILLR\BAK

14/12/2004 02.12 483.328 Acrotray.exe
1 File 483.328 byte
2 Directory 3.978.330.112 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\LANGUAGE\BAK

13/04/2006 11.09 49.152 Language.exe
1 File 49.152 byte
2 Directory 3.978.330.112 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK

12/01/2006 16.40 155.648 NeroCheck.exe
1 File 155.648 byte
2 Directory 3.978.330.112 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK

27/07/2004 15.50 81.920 issch.exe
27/07/2004 15.50 221.184 ISUSPM.exe
2 File 303.104 byte
2 Directory 3.978.330.112 byte disponibili
Il volume nell'unit? C ? DSK1_VOL1
Numero di serie del volume: E614-8960

Directory di C:\PROGRA~1\FILECO~1\PCSUITE\DATALA~1\BAK

07/06/2005 11.31 819.712 DataLayer.exe
1 File 819.712 byte
2 Directory 3.978.330.112 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\WINAMP\BAK

20/12/2004 19.41 33.792 winampa.exe
1 File 33.792 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\WINDOWS\SYSTEM32\BAK

19/08/2004 16.39 15.360 ctfmon.exe
09/07/2001 09.50 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

05/05/2003 08.57 143.360 SMTray.exe
1 File 143.360 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\ATITEC~1\ATICON~1\BAK

29/09/2004 06.15 344.064 atiptaxx.exe
1 File 344.064 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\CANON\EASY-P~2\BAK

14/01/2004 02.10 409.600 BJPSMAIN.EXE
1 File 409.600 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\CYBERL~1\POWERDVD\BAK

02/11/2004 19.24 32.768 PDVDServ.exe
1 File 32.768 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

25/11/2006 08.54 369.664 avgcc.exe
1 File 369.664 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\NOKIA\NOKIAP~1\BAK

29/06/2005 15.29 176.128 LaunchApplication.exe
24/06/2005 14.08 860.160 PcSync2.exe
2 File 1.036.288 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\ADOBE\ACROBA~2.0\DISTILLR\BAK

14/12/2004 02.12 483.328 Acrotray.exe
1 File 483.328 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK

27/07/2004 15.50 81.920 issch.exe
27/07/2004 15.50 221.184 ISUSPM.exe
2 File 303.104 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\FILECO~1\PCSUITE\DATALA~1\BAK

07/06/2005 11.31 819.712 DataLayer.exe
1 File 819.712 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

16/04/2005 01.07 180.269 realsched.exe
1 File 180.269 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? E ? Yin
Numero di serie del volume: 5067-89D6

Directory di E:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK

09/11/2006 15.07 49.263 jusched.exe
1 File 49.263 byte
2 Directory 33.963.470.848 byte disponibili
Il volume nell'unit? F ? Yang
Numero di serie del volume: 8C9B-6C68

Directory di F:\MIDIHE~1\PROFFE~1\PROFFE~1\WWWHAN~1.UK\HO042\LUVSONGS.BAK

21/04/1987 21.41 1.445 DMS_0313.INF
21/04/1987 21.41 15.939 DMS_0313.MID
21/04/1987 21.40 8.446 LUVSONGS.INF
21/04/1987 21.41 3.128 LUVSONGS.LYC
21/04/1987 21.41 58.285 LUVSONGS.MID
21/04/1987 21.41 5.249 LUVSONGS.WDS
6 File 92.492 byte
2 Directory 11.950.338.048 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

257088 27 Apr 2007 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
14348 7 Jan 2008 "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
57344 19 Aug 2003 "C:\Programmi\Lexmark X1100 Series\bak\lxbkbmgr.exe"
57344 19 Aug 2003 "E:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
14348 7 Jan 2008 "C:\Programmi\QuickTime\qttask.exe"
282624 27 Apr 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
77824 24 Jul 2004 "E:\Documents and Settings\PC\Desktop\SupaDisk\windows\SYSTEM\qttask.exe"
28672 17 Oct 2001 "F:\IBMdeskstar\WINDOWS\SYSTEM\qttask.exe"
28672 17 Oct 2001 "F:\IBMdeskstar\bach2\Windows altro HD\SYSTEM\qttask.exe"
14348 7 Jan 2008 "C:\Programmi\Winamp\winampa.exe"
36352 10 Oct 2007 "C:\Programmi\Winamp\bak\winampa.exe"
33792 20 Dec 2004 "E:\Programmi\Winamp\bak\winampa.exe"
33792 13 Dec 2003 "E:\Documents and Settings\PC\Desktop\SupaDisk\Programmi\Winamp\winampa.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 19 Aug 2004 "E:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "E:\WINDOWS\system32\bak\ctfmon.exe"
14348 7 Jan 2008 "C:\Programmi\Analog Devices\SoundMAX\SMTray.exe"
143360 5 May 2003 "C:\Drivers\AD1888\SM_Panel\Sys\SMTray.exe"
143360 5 May 2003 "C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe"
143360 5 May 2003 "E:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe"
14348 7 Jan 2008 "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe"
45056 2 Jan 2006 "C:\Programmi\ATI Technologies\ATI.ACE\bak\cli.exe"
14348 7 Jan 2008 "C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE"
409600 14 Jan 2004 "C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE"
409600 14 Jan 2004 "E:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE"
14348 7 Jan 2008 "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe"
176128 29 Jun 2005 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe"
176128 29 Jun 2005 "E:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe"
14348 7 Jan 2008 "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe"
860160 24 Jun 2005 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe"
860160 24 Jun 2005 "E:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe"
14348 7 Jan 2008 "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
483328 14 Dec 2004 "C:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe"
483328 14 Dec 2004 "E:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe"
14348 7 Jan 2008 "C:\Programmi\CyberLink\PowerDVD\Language\Language.exe"
49152 13 Apr 2006 "C:\Programmi\CyberLink\PowerDVD\Language\bak\Language.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
155648 12 Jan 2006 "C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe"
155648 9 Jul 2001 "E:\WINDOWS\system32\bak\NeroCheck.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe"
81920 27 Jul 2004 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
81920 27 Jul 2004 "E:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe"
221184 27 Jul 2004 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe"
221184 27 Jul 2004 "E:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe"
819712 7 Jun 2005 "C:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe"
819712 7 Jun 2005 "E:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe"
14348 7 Jan 2008 "C:\Programmi\Winamp\winampa.exe"
36352 10 Oct 2007 "C:\Programmi\Winamp\bak\winampa.exe"
33792 20 Dec 2004 "E:\Programmi\Winamp\bak\winampa.exe"
33792 13 Dec 2003 "E:\Documents and Settings\PC\Desktop\SupaDisk\Programmi\Winamp\winampa.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 19 Aug 2004 "E:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "E:\WINDOWS\system32\bak\ctfmon.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
155648 12 Jan 2006 "C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe"
155648 9 Jul 2001 "E:\WINDOWS\system32\bak\NeroCheck.exe"
14348 7 Jan 2008 "C:\Programmi\Analog Devices\SoundMAX\SMTray.exe"
143360 5 May 2003 "C:\Drivers\AD1888\SM_Panel\Sys\SMTray.exe"
143360 5 May 2003 "C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe"
143360 5 May 2003 "E:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe"
344064 29 Sep 2004 "E:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
14348 7 Jan 2008 "C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE"
409600 14 Jan 2004 "C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE"
409600 14 Jan 2004 "E:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE"
30208 7 Dec 2005 "C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe"
32768 2 Nov 2004 "E:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe"
369664 25 Nov 2006 "E:\Programmi\Grisoft\AVG Free\bak\avgcc.exe"
14348 7 Jan 2008 "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe"
176128 29 Jun 2005 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe"
176128 29 Jun 2005 "E:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe"
14348 7 Jan 2008 "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe"
860160 24 Jun 2005 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe"
860160 24 Jun 2005 "E:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe"
14348 7 Jan 2008 "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
483328 14 Dec 2004 "C:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe"
483328 14 Dec 2004 "E:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe"
81920 27 Jul 2004 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
81920 27 Jul 2004 "E:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe"
221184 27 Jul 2004 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe"
221184 27 Jul 2004 "E:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe"
14348 7 Jan 2008 "C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe"
819712 7 Jun 2005 "C:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe"
819712 7 Jun 2005 "E:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe"
180269 16 Apr 2005 "E:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
155648 23 Jul 2005 "E:\Documents and Settings\PC\Desktop\SupaDisk\Programmi\File comuni\Real\Update_OB\realsched.exe"
49263 12 Oct 2006 "E:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
49263 9 Nov 2006 "E:\Programmi\Java\jre1.5.0_10\bin\bak\jusched.exe"
32881 19 Nov 2003 "E:\Documents and Settings\PC\Desktop\SupaDisk\Programmi\Java\j2re1.4.2_03\bin\jusched.exe"
1445 21 Apr 1987 "F:\MidiHeaven\Proffesional midi files\Proffesional midi files\WWW.HANDS-ON-MIDI.CO.UK\HO042\LUVSONGS.BAK\DMS_0313.INF"
15939 21 Apr 1987 "F:\MidiHeaven\Proffesional midi files\Proffesional midi files\WWW.HANDS-ON-MIDI.CO.UK\HO042\LUVSONGS.BAK\DMS_0313.MID"
8446 21 Apr 1987 "F:\MidiHeaven\Proffesional midi files\Proffesional midi files\WWW.HANDS-ON-MIDI.CO.UK\HO042\LUVSONGS.BAK\LUVSONGS.INF"
3128 21 Apr 1987 "F:\MidiHeaven\Proffesional midi files\Proffesional midi files\WWW.HANDS-ON-MIDI.CO.UK\HO042\LUVSONGS.BAK\LUVSONGS.LYC"
58285 21 Apr 1987 "F:\MidiHeaven\Proffesional midi files\Proffesional midi files\WWW.HANDS-ON-MIDI.CO.UK\HO042\LUVSONGS.BAK\LUVSONGS.MID"
5249 21 Apr 1987 "F:\MidiHeaven\Proffesional midi files\Proffesional midi files\WWW.HANDS-ON-MIDI.CO.UK\HO042\LUVSONGS.BAK\LUVSONGS.WDS"


end of report
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma

MessaggioInviato: 15 Gen 2008 10:13    Oggetto: Rispondi citando

scompatta Avenger sul desktop
avvialo, seleziona Input script manually
clicca sulla lente d'ingrandimento
nella finestra che si apre View/Edit scrit copia/incolla queste righe:
Citazione:
Files to delete:
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe

Files to move:
C:\Programmi\Lexmark X1100 Series\bak\lxbkbmgr.exe|C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Winamp\bak\winampa.exe|C:\Programmi\Winamp\winampa.exe
C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe|C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\ATI Technologies\ATI.ACE\bak\cli.exe|C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE|C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe|C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe|C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe|C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\CyberLink\PowerDVD\Language\bak\Language.exe|C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe|C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe|C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe|C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe|C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe

Clicca Done
poi sul icona del semaforo
rispondi Yes (a questo punto il PC dovrebbe riavviarsi. se così non fosse riavvialo manualmente) Al riavvio posta il log generato.

Dopo segui queste indicazioni e posta un log di ComboFix.
Top
Profilo Invia messaggio privato
paccone
Mortale devoto
Mortale devoto


Registrato: 13/01/08 11:40
Messaggi: 6

MessaggioInviato: 15 Gen 2008 20:40    Oggetto: Rispondi citando

ciao, finora pare che le cose stanno procedendo bene.
Segue log di Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kiucnjll

*******************

Script file located at: \??\C:\pemstttt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe deleted successfully.
File C:\Programmi\QuickTime\qttask.exe deleted successfully.
File C:\Programmi\Winamp\winampa.exe deleted successfully.
File C:\Programmi\Analog Devices\SoundMAX\SMTray.exe deleted successfully.
File C:\Programmi\ATI Technologies\ATI.ACE\cli.exe deleted successfully.
File C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE deleted successfully.
File C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe deleted successfully.
File C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe deleted successfully.
File C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe deleted successfully.
File C:\Programmi\CyberLink\PowerDVD\Language\Language.exe deleted successfully.
File C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe deleted successfully.
File C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe deleted successfully.
File C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe deleted successfully.
File C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe deleted successfully.
File move operation C:\Programmi\Lexmark X1100 Series\bak\lxbkbmgr.exe|C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe completed successfully.
File move operation C:\Programmi\Winamp\bak\winampa.exe|C:\Programmi\Winamp\winampa.exe completed successfully.
File move operation C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe|C:\Programmi\Analog Devices\SoundMAX\SMTray.exe completed successfully.
File move operation C:\Programmi\ATI Technologies\ATI.ACE\bak\cli.exe|C:\Programmi\ATI Technologies\ATI.ACE\cli.exe completed successfully.
File move operation C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE|C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE completed successfully.
File move operation C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe|C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe completed successfully.
File move operation C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe|C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe completed successfully.
File move operation C:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe|C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe completed successfully.
File move operation C:\Programmi\CyberLink\PowerDVD\Language\bak\Language.exe|C:\Programmi\CyberLink\PowerDVD\Language\Language.exe completed successfully.
File move operation C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe|C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe completed successfully.
File move operation C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe|C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe completed successfully.
File move operation C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe|C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe completed successfully.
File move operation C:\Programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe|C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.
Top
Profilo Invia messaggio privato
paccone
Mortale devoto
Mortale devoto


Registrato: 13/01/08 11:40
Messaggi: 6

MessaggioInviato: 15 Gen 2008 22:08    Oggetto: Rispondi citando

ComboFix 08-01-09.2 - PC 2008-01-15 19.44.31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.526 [GMT 1:00]
Eseguito da: C:\Documents and Settings\PC\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2007-12-15 al 2008-01-15 )))))))))))))))))))))))))))))))))))
.

2008-01-15 19:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 12:19 . 2008-01-15 12:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-15 12:19 . 2008-01-15 12:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-12 19:52 . 2008-01-12 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-01-12 19:40 . 2008-01-13 10:28 <DIR> d-------- C:\Programmi\a-squared Free
2008-01-12 19:34 . 2008-01-12 20:24 <DIR> d-------- C:\Programmi\a-squared Anti-Dialer
2008-01-12 19:33 . 2008-01-12 19:34 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-01-12 19:26 . 2008-01-12 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-12 19:17 . 2008-01-12 19:22 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-01-12 19:17 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-01-12 19:12 . 2008-01-12 19:15 <DIR> d-------- C:\Programmi\Antivirus
2008-01-12 13:09 . 2008-01-12 13:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-12 13:09 . 2008-01-12 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-12 11:17 . 2008-01-12 11:17 <DIR> d-------- C:\Programmi\Trend Micro
2008-01-07 17:51 . 2008-01-07 17:51 <DIR> d-------- C:\WINDOWS\system32\bak
2007-12-26 10:06 . 2007-12-26 10:07 137 --a------ C:\WINDOWS\RUBDUCK.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 18:29 --------- d-----w C:\Programmi\Winamp
2008-01-15 18:29 --------- d-----w C:\Programmi\QuickTime
2008-01-15 18:29 --------- d-----w C:\Programmi\Lexmark X1100 Series
2008-01-14 18:09 --------- d-----w C:\Programmi\eMule
2008-01-13 09:26 --------- d-----w C:\Programmi\iTunes
2008-01-08 20:53 --------- d-----w C:\Programmi\MySpace
2008-01-07 16:51 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2007-12-10 23:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2007-12-05 07:43 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 07:43 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 07:43 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 07:43 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 07:43 --------- d-----w C:\Programmi\Symantec
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-26 16:55 --------- d-----w C:\Programmi\Norton AntiVirus
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-03-18 15:45 18 ----a-w C:\Documents and Settings\PC\ambt.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:39 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 14:08 860160]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"Smapp"="C:\Programmi\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]
"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"Lexmark X1100 Series"="C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:01 57344]
"Acrobat Assistant 7.0"="C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50 221184]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50 81920]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Programmi\Norton AntiVirus\osCheck.exe" [2006-09-05 19:22 26248]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"WinampAgent"="C:\Programmi\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"a-squared"="C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" [2008-01-12 19:37 1329152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:39 15360]

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R2 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Programmi\a-squared Anti-Dialer\a2service.exe" [2008-01-12 19:36]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-08 15:52]
R3 echogals;Gina20 Service;C:\WINDOWS\system32\drivers\echogals.sys [2004-09-09 12:24]
R3 USBMN2X2;M-Audio USB MidiSport 2x2;C:\WINDOWS\system32\drivers\usbmn2x2.sys [2007-03-26 17:11]
S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 12:44]
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2007-03-26 17:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b05e62b0-32b4-11dc-9332-0011d80d5d39}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-11 19:00:04 C:\WINDOWS\Tasks\Norton AntiVirus - Scansione completa sistema - PC.job"
- C:\PROGRA~1\NORTON~1\Navw32.exei/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 19:48:54
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-15 19.49.33
.
2008-01-15 17:58:29 --- E O F ---
Top
Profilo Invia messaggio privato
paccone
Mortale devoto
Mortale devoto


Registrato: 13/01/08 11:40
Messaggi: 6

MessaggioInviato: 15 Gen 2008 22:14    Oggetto: Rispondi citando

...e infine il nuovo log di Hijackthis. Al momento tutto sembra essersi risulto(niente dialer, niente messaggi strani...)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.51.50, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
c:\progra~1\fileco~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.beatport.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174063698408
O23 - Service: .nefuus - - (no file)
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Programmi\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 12694 bytes
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma

MessaggioInviato: 16 Gen 2008 11:27    Oggetto: Rispondi citando

Scarica Autoruns, avvialo e tra le varie voci presenti nel menu sopra seleziona Services. Il tool farà uno scan veloce di servizi caricati. Quando sotto appare la scritta Ready fai: File-- Save as.. e salvalo dove vuoi tu (anche sul desktop). Posta per favore il contenuto del blocco note.
Top
Profilo Invia messaggio privato
paccone
Mortale devoto
Mortale devoto


Registrato: 13/01/08 11:40
Messaggi: 6

MessaggioInviato: 27 Gen 2008 19:33    Oggetto: Rispondi

ciao orange,
chiedo scusa per il mio notevole ritardo nella risposta... ma eccomi. Come mi suggerivi di fare ho eseguito il programma autoruns ed ecco il resoconto:

(ancora garzie, il computer sembra gia funzionare molto meglio)

edit by bdoriano: log eliminato perché incompleto. I logs vanno caricati su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi