Olimpo Informatico

maggiethebest86 · Mortale devoto Registrato: 25/11/07 21:29 Messaggi: 7

ciao a tutti...scrivo qui perchè l'ultima volta mi avete gentilmente aiutata ...e spero che qualcuno riesca a farlo anche ora...oggi ho fatto una bella scansione con il mio antivirus e mi ha trovato ben 12 file infetti da qst virus...WORM/VB.NPM.2 Shocked

...ovviamente nn so cosa posso fare...se qualcuno riesce e darmi una mano... Shocked

qst è qll che mi ha detto antivir

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '53' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP54\A0009596.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP55\A0009650.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP55\A0009675.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP55\A0009726.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP56\A0010727.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP57\A0011727.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP57\A0011745.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP58\A0011797.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP59\A0011839.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP59\A0011867.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP59\A0011893.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
Begin scan in 'D:\' <HP_RECOVERY>
D:\Autorun.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
D:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP54\A0009599.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
D:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP55\A0009653.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
D:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP55\A0009678.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
D:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP55\A0009729.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
D:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP56\A0010730.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
D:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP57\A0011730.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
D:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP57\A0011748.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
D:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP58\A0011800.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
D:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP59\A0011842.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
D:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP59\A0011870.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
D:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP59\A0011895.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!
D:\System Volume Information\_restore{A2052244-BBE2-42A9-B565-DA7B9B0D0B2A}\RP74\A0013959.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[INFO] The file was deleted!

End of the scan: venerdì 25 gennaio 2008 20:19
Used time: 2:04:25 min

The scan has been done completely.

13027 Scanning directories
573526 Files were scanned
24 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
24 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
573502 Files not concerned
18172 Archives were scanned
2 Warnings
1 Notes

e qst è qll che mi dice HiJackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.28.28, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\HP DigitalMedia Archive\DMAScheduler.exe
C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\BTTray.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\File comuni\Autodesk Shared\WSCommCntr1.exe
C:\Programmi\internet explorer\iexplore.exe
C:\PER TOGLIERE IL VIRUSolimpic information\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Programmi\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [System Services Monitor] C:\WINDOWS\winfp.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gisonweb.it/provincia.milano/progetto/advscriptscfm/mgaxctrl.cab
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://www.cartografia.regione.lombardia.it/include/ecwplugins/ncs.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maggielamigliore.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6163072-5205-44F9-9708-65781950C6A3}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13567 bytes

ps vi prego aiuto!!!

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Ciao maggiethebest86 Ciao

Il tuo antivirus un pò di pulizia l'ha fatta...ma c'è ancora dell'altro.
Guarda questa discussione
relativa a Combofix, e fai la scansione del PC postando il risultato come indicato. Posta anche un nuovo log di Hijackthis. Dopo fai questi passaggi:
Scansione con GMER
Ricorda che i log di GMER sono due: Autostart e Rootkit. Postali su www.freefilehosting.net come indicato quì