Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
CiD!! Si aprono pagine internet da sole!!!
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
er maximo
Semidio
Semidio


Registrato: 15/01/08 18:16
Messaggi: 268
MessaggioInviato: 15 Gen 2008 19:39    Oggetto: CiD!! Si aprono pagine internet da sole!!! Rispondi citando
Salve, volvevo chiedervi come poter fare per eliminare una volta e per sempre un virus che ogni mi apre pagine internet (mi vanno su i nervi Evil or Very Mad ).

Ogni pagina aperta da qsto virus (ovvimente ogni pagina ha un suo nome) però qsto tipo di pagine iniziano sempre per CiD

ora non so ditemi voi che tipo d'informazioni vi serve conoscere per aiutarmi Wink grazie mille
Top
Profilo Invia messaggio privato MSN
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 16 Gen 2008 10:08    Oggetto: Rispondi citando
Benvenuto Smile

Non ti preoccupare per CiD-- è un nostro carissimo amico; fà parte del "corredo" di MSN (i cosidetti sponsor), ma per fortuna è di facile rimozione Smile
Guarda questa guida e posta un log di HijackThis
Top
Profilo Invia messaggio privato
er maximo
Semidio
Semidio


Registrato: 15/01/08 18:16
Messaggi: 268
MessaggioInviato: 16 Gen 2008 17:55    Oggetto: Rispondi citando
Grazie tantissimo

Orange ha scritto:
Benvenuto Smile

Non ti preoccupare per CiD-- è un nostro carissimo amico; fà parte del "corredo" di MSN (i cosidetti sponsor), ma per fortuna è di facile rimozione Smile
Guarda questa guida e posta un log di HijackThis
Top
Profilo Invia messaggio privato MSN
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 17 Gen 2008 12:14    Oggetto: Rispondi citando
er maximo ha scritto:
Grazie tantissimo

Shocked di che?

se vuoi liberarti da CiD, posta il log richiesto. Wink
Top
Profilo Invia messaggio privato
er maximo
Semidio
Semidio


Registrato: 15/01/08 18:16
Messaggi: 268
MessaggioInviato: 18 Gen 2008 14:30    Oggetto: Rispondi citando
Orange ha scritto:
er maximo ha scritto:
Grazie tantissimo

Shocked di che?

se vuoi liberarti da CiD, posta il log richiesto. Wink


Scusa per il tempo impiegatoci ma mio fratello rovinava l'opera ogni volta che la stavo per completarla Evil or Very Mad

Di seguito il file "hijackthis":

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.44.56, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
g:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
g:\Programmi\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
g:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
g:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
G:\Programmi\nuova cartella\1st Security Center Pro\scsrv.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\PowerMenu\PowerMenu.exe
C:\WINDOWS\system32\RunDll32.exe
G:\Programmi\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
G:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
g:\programmi\panda software\panda antivirus 2007\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Giulia\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programmi\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [scsrv.exe] G:\Programmi\nuova cartella\1st Security Center Pro\scsrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerMenu] C:\Programmi\PowerMenu\PowerMenu.exe -hideself on
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [APVXDWIN] "g:\Programmi\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LUPGCONF] "g:\Programmi\Panda Software\Panda Antivirus 2007\LUpgConf.exe" /RunOnce:2_00_03
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://noia01.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - g:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - g:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - g:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - G:\Programmi\nuova cartella\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - G:\Programmi\nuova cartella\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8742 bytes


(help me perchè nn so cosa eliminare Razz) grrrrrazie
Top
Profilo Invia messaggio privato MSN
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 18 Gen 2008 15:25    Oggetto: Rispondi citando
ciao.
Sicuro che si tratta di Cid? Confused Non ne vedo traccia..

Segui per favore queste istruzioni e posta il log di ComboFix.

Dopo collegati a Kaspersky on-line scanner, fai lo scan in modalità estesa come indicato qui e posta il log finale.
Top
Profilo Invia messaggio privato
er maximo
Semidio
Semidio


Registrato: 15/01/08 18:16
Messaggi: 268
MessaggioInviato: 18 Gen 2008 18:35    Oggetto: Rispondi citando
Orange ha scritto:
ciao.
Sicuro che si tratta di Cid? Confused Non ne vedo traccia..

Segui per favore queste istruzioni e posta il log di ComboFix.

Dopo collegati a Kaspersky on-line scanner, fai lo scan in modalità estesa come indicato qui e posta il log finale.


per qnto riguarda il CoboFix ecco -->
ComboFix 08-01-09.2 - Giulia 2008-01-18 15.26.28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.145 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Giulia\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2007-12-18 al 2008-01-18 )))))))))))))))))))))))))))))))))))
.

2008-01-18 15:22 . 2008-01-18 15:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-18 15:22 . 2008-01-18 15:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Kaspersky Lab
2008-01-18 15:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 12:49 . 2008-01-18 12:49 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-17 23:57 . 2008-01-18 00:01 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-17 16:43 . 2008-01-17 16:43 <DIR> d-------- C:\Documents and Settings\Giulia\Dati applicazioni\Grisoft
2008-01-17 16:43 . 2008-01-17 16:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Grisoft
2008-01-17 16:43 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-17 14:48 . 2008-01-17 15:51 <DIR> d-------- C:\Programmi\a-squared Free
2008-01-17 14:08 . 2008-01-17 14:46 <DIR> d-------- C:\Programmi\a-squared Anti-Malware
2008-01-17 01:47 . 2008-01-17 01:49 <DIR> d-------- C:\Garmin
2008-01-16 23:21 . 2008-01-18 08:13 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-16 23:21 . 2008-01-18 08:13 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-16 23:03 . 2008-01-16 23:03 <DIR> d-------- C:\Programmi\iPod
2008-01-16 23:03 . 2008-01-17 23:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 23:03 . 2008-01-16 23:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 23:02 . 2008-01-17 20:39 <DIR> d-------- C:\Programmi\iTunes
2008-01-16 23:00 . 2008-01-16 23:01 <DIR> d-------- C:\Programmi\QuickTime
2008-01-16 19:08 . 2008-01-16 19:08 <DIR> d-------- C:\Documents and Settings\Giulia\Dati applicazioni\Systweak
2008-01-16 19:05 . 2008-01-16 19:10 <DIR> d-------- C:\Programmi\Advanced System Optimizer
2008-01-16 17:13 . 2008-01-16 17:13 <DIR> d-------- C:\Programmi\Advanced Registry Optimizer
2008-01-16 17:13 . 2008-01-16 17:13 <DIR> d-------- C:\Documents and Settings\Giulia\Dati applicazioni\Sammsoft
2008-01-16 15:50 . 2008-01-16 15:50 37 --a------ C:\WINDOWS\r007
2008-01-16 14:42 . 2008-01-16 14:42 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-01-16 12:37 . 2006-02-22 11:43 71,552 -ra------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-01-16 12:35 . 2008-01-16 16:31 <DIR> d-------- C:\WINDOWS\system32\PAV
2008-01-16 12:35 . 2005-09-27 12:13 45,056 --a------ C:\WINDOWS\system32\avldr.dll
2008-01-15 02:23 . 2008-01-15 02:23 <DIR> d-------- C:\Programmi\Poll Byte Wipe
2008-01-14 20:52 . 2008-01-16 01:11 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-01-13 20:28 . 2008-01-13 20:28 <DIR> d-------- C:\Programmi\SilverCrest Vibration Headset
2008-01-13 20:28 . 2006-12-01 13:47 129,654 -r------- C:\WINDOWS\JACKBMP.BMP
2008-01-13 20:28 . 2007-01-15 23:49 65,536 -r------- C:\WINDOWS\VMix.dll
2008-01-13 20:28 . 2005-12-29 07:46 40,960 -r------- C:\WINDOWS\CmiUSB2Uninstall.exe
2008-01-13 20:28 . 2005-12-29 07:45 5,690 -r------- C:\WINDOWS\Cmudau.ini
2008-01-13 20:28 . 2006-12-01 12:02 2,302 -r------- C:\WINDOWS\logo.ico
2008-01-13 17:57 . 2004-08-19 15:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-13 17:57 . 2004-08-19 15:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-13 17:56 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-13 17:56 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-12 23:43 . 2008-01-12 23:43 <DIR> d-------- C:\Documents and Settings\Giulia\Dati applicazioni\F-Secure
2008-01-12 22:30 . 2008-01-16 20:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\F-Secure
2008-01-12 22:29 . 2008-01-16 21:51 <DIR> d-------- C:\Programmi\F-Secure Internet Security
2008-01-12 22:11 . 2008-01-13 00:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\fssg
2008-01-11 21:58 . 2008-01-11 21:58 <DIR> d-------- C:\Programmi\File comuni\Panda Software
2008-01-11 21:43 . 2008-01-12 11:53 <DIR> d-------- C:\Documents and Settings\Giulia\Dati applicazioni\SiteAdvisor
2008-01-11 20:41 . 2008-01-11 22:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\McAfee.com
2008-01-11 20:38 . 2008-01-16 12:34 <DIR> d-------- C:\Programmi\DAEMON Tools
2008-01-11 19:27 . 2008-01-11 19:27 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-11 19:18 . 2008-01-12 22:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\McAfee
2008-01-11 11:13 . 2008-01-11 11:13 <DIR> d-------- C:\Programmi\Circle Developement
2008-01-11 11:12 . 2008-01-15 02:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Proxy Long Chin Ping
2008-01-11 11:11 . 2008-01-11 11:11 <DIR> d-------- C:\Programmi\MessengerPlus! 3
2008-01-11 11:00 . 2008-01-11 11:00 <DIR> d-------- C:\Documents and Settings\Giulia\Tracing
2008-01-11 10:53 . 2008-01-11 10:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Avg7
2008-01-11 10:49 . 2008-01-11 10:54 <DIR> d-------- C:\Documents and Settings\Giulia\Dati applicazioni\Windows Live Writer
2008-01-10 16:16 . 2008-01-10 16:16 244 ---h----- C:\sqmnoopt14.sqm
2008-01-10 16:16 . 2008-01-10 16:16 232 ---h----- C:\sqmdata14.sqm
2008-01-10 16:15 . 2008-01-10 16:15 244 ---h----- C:\sqmnoopt13.sqm
2008-01-10 16:15 . 2008-01-10 16:15 232 ---h----- C:\sqmdata13.sqm
2008-01-10 16:14 . 2008-01-10 16:14 244 ---h----- C:\sqmnoopt12.sqm
2008-01-10 16:14 . 2008-01-10 16:14 244 ---h----- C:\sqmnoopt11.sqm
2008-01-10 16:14 . 2008-01-10 16:14 244 ---h----- C:\sqmnoopt10.sqm
2008-01-10 16:14 . 2008-01-10 16:14 232 ---h----- C:\sqmdata12.sqm
2008-01-10 16:14 . 2008-01-10 16:14 232 ---h----- C:\sqmdata11.sqm
2008-01-10 16:14 . 2008-01-10 16:14 232 ---h----- C:\sqmdata10.sqm
2008-01-10 16:03 . 2008-01-10 16:03 244 ---h----- C:\sqmnoopt09.sqm
2008-01-10 16:03 . 2008-01-10 16:03 232 ---h----- C:\sqmdata09.sqm
2008-01-10 15:41 . 2008-01-11 10:37 742 --a------ C:\WINDOWS\DigbysDonuts.ini
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-10 13:05 . 2008-01-10 13:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Yahoo!
2008-01-10 13:04 . 2008-01-10 13:04 <DIR> d-------- C:\Programmi\Yahoo!
2008-01-09 20:49 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-09 19:52 . 2008-01-11 10:19 1,276 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-01-09 12:58 . 2008-01-09 12:58 268 ---h----- C:\sqmdata08.sqm
2008-01-09 12:58 . 2008-01-09 12:58 244 ---h----- C:\sqmnoopt08.sqm
2008-01-09 01:02 . 2008-01-09 01:02 <DIR> d-------- C:\Documents and Settings\Giulia\Dati applicazioni\vlc
2008-01-08 18:22 . 2008-01-11 10:12 477,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-08 18:22 . 2008-01-11 10:12 11,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-08 18:22 . 2008-01-11 10:12 1,124 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-08 18:22 . 2008-01-11 10:12 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-08 15:45 . 2008-01-16 01:00 10 --a------ C:\WINDOWS\popcinfo.dat
2008-01-08 15:29 . 2008-01-08 15:30 <DIR> d-------- C:\Programmi\Zuma Deluxe
2008-01-08 14:36 . 2008-01-08 14:36 244 ---h----- C:\sqmnoopt07.sqm
2008-01-08 14:36 . 2008-01-08 14:36 232 ---h----- C:\sqmdata07.sqm
2008-01-08 13:28 . 2005-03-22 13:48 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-01-08 13:28 . 2005-10-14 22:42 46,592 --a------ C:\WINDOWS\system32\hpzll43a.dll
2008-01-08 13:20 . 2008-01-08 13:20 <DIR> d-------- C:\Documents and Settings\Giulia\Dati applicazioni\HP
2008-01-08 12:17 . 2008-01-08 12:17 <DIR> d-------- C:\WINDOWS\Sun
2008-01-08 12:02 . 2008-01-08 12:02 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-08 12:00 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-08 12:00 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-08 12:00 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-08 11:25 . 2008-01-08 11:25 268 ---h----- C:\sqmdata06.sqm
2008-01-08 11:25 . 2008-01-08 11:25 244 ---h----- C:\sqmnoopt06.sqm
2008-01-08 10:18 . 2008-01-08 10:18 4,808 --a------ C:\WINDOWS\system32\gaeffect.sti
2008-01-08 10:18 . 2008-01-08 10:18 3,176 --a------ C:\WINDOWS\system32\gafilter.sti
2008-01-08 10:18 . 2008-01-16 01:24 550 --a------ C:\WINDOWS\ULEAD32.INI
2008-01-08 09:20 . 2008-01-08 09:20 <DIR> d-------- C:\Documents and Settings\Giulia\Dati applicazioni\Live-Prod
2008-01-08 09:19 . 2008-01-08 11:25 <DIR> d-------- C:\Programmi\LiveKillCleanMessenger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 23:10 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-24 09:27 --------- d-----w C:\Programmi\microsoft frontpage
2007-12-24 09:25 --------- d-----w C:\Programmi\Servizi in linea
2007-12-24 09:24 --------- d-----w C:\Programmi\File comuni\MSSoap
2007-12-24 00:08 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2007-12-24 00:08 --------- d-----w C:\Programmi\File comuni\ODBC
2007-11-07 09:49 732,672 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((( snapshot@2008-01-18_15.11.13,45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"scsrv.exe"="G:\Programmi\nuova cartella\1st Security Center Pro\scsrv.exe" [2007-04-11 12:30 710144]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"PowerMenu"="C:\Programmi\PowerMenu\PowerMenu.exe" [2002-12-20 20:17 57344]
"CmUsbSound"="cmcnfgu.cpl" []
"APVXDWIN"="g:\Programmi\Panda Software\Panda Antivirus 2007\APVXDWIN.exe" [2006-07-21 20:13 311296]
"LUPGCONF"="g:\Programmi\Panda Software\Panda Antivirus 2007\LUpgConf.exe" [2005-03-07 20:09 412160]
"!AVG Anti-Spyware"="G:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"muBlinder"="C:\Documents and Settings\Giulia\Desktop\muBlinder\muBlinder.exe" [2007-05-13 04:43 1433600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispAppearancePage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoWinKeys"= 0 (0x0)
"NoTrayContextMenu"= 0 (0x0)
"HideRunAsVerb"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"RestrictRun"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"StartMenuLogoff"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoWinKeys"= 0 (0x0)
"NoViewContextMenu"= 0 (0x0)
"NoTrayContextMenu"= 0 (0x0)
"HideRunAsVerb"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 g:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
--a------ 2008-01-07 17:56 1816208 C:\Programmi\a-squared Anti-Malware\a2guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-22 15:09 63712 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
--a------ 2007-07-23 09:34 2084480 C:\Programmi\Advanced Registry Optimizer\aro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-08 23:00 128920 C:\Programmi\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2007-08-14 03:44 113136 G:\Programmi\nuova cartella\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 11:18 49152 C:\Programmi\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-04-13 11:09 49152 C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 22:57 30208 C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-24 15:52 240112 C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run StartupMonitor]
--a------ 2000-05-20 17:23 86016 C:\WINDOWS\StartupMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-11 11:44 68856 C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systweak Wallpaper Changer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3 (0x3)
"NBService"=3 (0x3)
"iPod Service"=3 (0x3)

R0 axwhisky;axwhisky;C:\WINDOWS\system32\DRIVERS\axwhisky.sys [2003-07-02 17:41]
R0 axwskbus;axwskbus;C:\WINDOWS\system32\DRIVERS\axwskbus.sys [2003-07-02 16:49]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S0 AFPAnsi;Alfa File Protector Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys []
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"G:\Programmi\nuova cartella\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 15:52]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 15:52]
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2005-12-29 07:46]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"G:\Programmi\nuova cartella\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53]
S3 RoxMediaDB10;RoxMediaDB10;"C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 15:52]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

*Newly Created Service* - CLR_OPTIMIZATION_V2.0.50727_32
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-18 14:00:00 C:\WINDOWS\Tasks\AACED02990F94EB9.job"
- c:\docume~1\giulia\datiap~1\pollby~1\metamfcddead.exe
"2008-01-16 21:50:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 15:28:49
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> G:\Programmi\nuova cartella\1st Security Center Pro\utccwin.dll
-> C:\Programmi\WinRAR\rarext.dll
.
Ora fine scansione: 2008-01-18 15.30.17
ComboFix-quarantined-files.txt 2008-01-18 14:29:40
ComboFix2.txt 2008-01-18 14:11:43
.
2008-01-17 11:03:03 --- E O F ---


ma con kaspersky nn lo so... ma alla fine di quello che fa (nn so cosa) dice che c'è una qualcosa che nn riesce a mettere/trovare nn so. Guarda l'immagine e vedrai... (solo il mio compiter fa il capriccioso)

Top
Profilo Invia messaggio privato MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 18 Gen 2008 18:41    Oggetto: Rispondi citando
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Files to delete:
C:\WINDOWS\Tasks\AACED02990F94EB9.job
c:\docume~1\giulia\datiap~1\pollby~1\metamfcddead.exe

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.

Per quanto riguarda Kaspersky, devi rimanere online fino a quando non ha scaricato gli aggiornamenti. Ritenta, vediamo se ti si blocca ancora.
Top
Profilo Invia messaggio privato
er maximo
Semidio
Semidio


Registrato: 15/01/08 18:16
Messaggi: 268
MessaggioInviato: 18 Gen 2008 19:44    Oggetto: Rispondi citando
bdoriano ha scritto:
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Files to delete:
C:\WINDOWS\Tasks\AACED02990F94EB9.job
c:\docume~1\giulia\datiap~1\pollby~1\metamfcddead.exe

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.

Per quanto riguarda Kaspersky, devi rimanere online fino a quando non ha scaricato gli aggiornamenti. Ritenta, vediamo se ti si blocca ancora.




Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.22.21, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
g:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
g:\Programmi\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\a-squared Free\a2service.exe
G:\Programmi\nuova cartella\1st Security Center Pro\scsrv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\PowerMenu\PowerMenu.exe
C:\WINDOWS\system32\RunDll32.exe
G:\Programmi\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
g:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
g:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
G:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
g:\programmi\panda software\panda antivirus 2007\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Giulia\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programmi\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [scsrv.exe] G:\Programmi\nuova cartella\1st Security Center Pro\scsrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerMenu] C:\Programmi\PowerMenu\PowerMenu.exe -hideself on
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [APVXDWIN] "g:\Programmi\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LUPGCONF] "g:\Programmi\Panda Software\Panda Antivirus 2007\LUpgConf.exe" /RunOnce:2_00_03
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Giulia\Desktop\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://noia01.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - g:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - g:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - g:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - G:\Programmi\nuova cartella\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - G:\Programmi\nuova cartella\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9046 bytes




Qsto è "hijackthis".
Avernger una ovlta riavviato ha cercato di darmi qualche risultato ma diceva "Avernger.txt nn è stato trovato.
crearne uno?"
Anche se l'ho fatto + volta, una volta cn "si", un'altra con "no" e l'ultima con "annulla" nn è mai uscito nessun log ho cercato anche nella directory dov'era alloggiato ma non ho trovato niente.
per kaspersly è la stessa cosa di prima.

Cmq sia anche se non sapevamo cos'era ti ringrazio lo stesso per il tempo e anche perchè il problema si è risolto e adesso so cosa fare nel caso ricapitasse Razz

Posso farti un ultima domanda??? Very Happy

con quale criterio hai escluso:
C:\WINDOWS\Tasks\AACED02990F94EB9.job
e me lo hai fatto eliminare?

GraziE TantE
Top
Profilo Invia messaggio privato MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 19 Gen 2008 16:14    Oggetto: Rispondi citando
er maximo ha scritto:
Posso farti un ultima domanda??? Very Happy

con quale criterio hai escluso:
C:\WINDOWS\Tasks\AACED02990F94EB9.job
e me lo hai fatto eliminare?

Per due motivi:
  1. Era un job con un nome astruso (C:\WINDOWS\Tasks\AACED02990F94EB9.job)
  2. richiamava un programma con un nome astruso che si trovava dove non doveva essere (c:\docume~1\giulia\datiap~1\pollby~1\metamfcddead.exe)
Wink
Riscontri ancora problemi?
Top
Profilo Invia messaggio privato
er maximo
Semidio
Semidio


Registrato: 15/01/08 18:16
Messaggi: 268
MessaggioInviato: 20 Gen 2008 00:13    Oggetto: Rispondi citando
bdoriano ha scritto:
er maximo ha scritto:
Posso farti un ultima domanda??? Very Happy

con quale criterio hai escluso:
C:\WINDOWS\Tasks\AACED02990F94EB9.job
e me lo hai fatto eliminare?

Per due motivi:
  1. Era un job con un nome astruso (C:\WINDOWS\Tasks\AACED02990F94EB9.job)
  2. richiamava un programma con un nome astruso che si trovava dove non doveva essere (c:\docume~1\giulia\datiap~1\pollby~1\metamfcddead.exe)
Wink
Riscontri ancora problemi?



no prorpio nulla...
solo che qndo ho reinstallato discovery per msn (visto che la scasione l'aveva cacelato(e anche se io nn volevo metterlo per via dei cid) non ho resistito e l'ho messo edesso ogni tanto mi riesce qlc pagina devo solo trovare i file colpevoli di ciò e sterminarli... ^^
grazie per tuttoooo
Top
Profilo Invia messaggio privato MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 20 Gen 2008 10:41    Oggetto: Rispondi citando
Se vuoi, posta un nuovo log di hijackthis. Wink
Top
Profilo Invia messaggio privato
er maximo
Semidio
Semidio


Registrato: 15/01/08 18:16
Messaggi: 268
MessaggioInviato: 20 Gen 2008 13:54    Oggetto: Rispondi citando
bdoriano ha scritto:
Se vuoi, posta un nuovo log di hijackthis. Wink


Tenere protretta la mia giulia (computer) nn è mai poco importante ecco-->

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.52.17, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
g:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
g:\Programmi\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\PowerMenu\PowerMenu.exe
C:\WINDOWS\system32\RunDll32.exe
G:\Programmi\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
G:\Programmi\Nuova cartella\1st Security Center Pro\scsrv.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
g:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
g:\programmi\panda software\panda antivirus 2007\WebProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Programmi\Impostazioni\Impostazioni\Nuova cartella\Programmini utili per il pc\Protezione\CiD\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programmi\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerMenu] C:\Programmi\PowerMenu\PowerMenu.exe -hideself on
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [APVXDWIN] "g:\Programmi\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LUPGCONF] "g:\Programmi\Panda Software\Panda Antivirus 2007\LUpgConf.exe" /RunOnce:2_00_03
O4 - HKLM\..\Run: [scsrv.exe] G:\Programmi\Nuova cartella\1st Security Center Pro\scsrv.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://noia01.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - g:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - g:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - G:\Programmi\nuova cartella\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - G:\Programmi\nuova cartella\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8620 bytes

TNK
Top
Profilo Invia messaggio privato MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 20 Gen 2008 14:23    Oggetto: Rispondi citando
Il log sembra pulito.
Fai questa scansione con FindAWF
Segui le istruzioni di questo topic per postare il log di combofix.
Top
Profilo Invia messaggio privato
er maximo
Semidio
Semidio


Registrato: 15/01/08 18:16
Messaggi: 268
MessaggioInviato: 20 Gen 2008 15:17    Oggetto: Rispondi
bdoriano ha scritto:
Il log sembra pulito.
Fai questa scansione con FindAWF
Segui le istruzioni di questo topic per postare il log di combofix.



qsto è il log di FindAWF


Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report




invece per ComboFix quello che avevo ha detto che era scaduto e lo ha cancellato automaticmanete... ho pravato a riscaricarlo cn ma il primo link che mho a dispoizione (come anche l'altra volta) non mi funzionava, e cn il secondo link(l'altra volta funzionava) dice che "il file non è stato trovato nel server"
Top
Profilo Invia messaggio privato MSN
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi