|
| Precedente :: Successivo |
| Autore |
Messaggio |
thebutcher
Eroe
Registrato: 11/07/08 23:21
Messaggi: 61
|
 Inviato: 12 Lug 2008 12:32 Oggetto: [RISOLTO] Infezione da Trojan.Win32.Vundo.EH |
 |
|
Ciao a tutti, anch'io sono nuovo del forum e devo farvi i complimenti.
Veniamo al problema. Ieri ho beccato un bel virus che in pochi secondi ha fatto sparire dal desk i vari collegamenti a: Risorse computer, pannello controllo, tutti gli accessi ai vari programmi. Inoltre vedo la CPU sempre al 100% e da IE (uso Firefox) si aprono continuamente finestre credo SPYWARE.
Sistema XP SP2 aggiornato 8 luglio. Ho tolto il ripristino. Il portatile è un Acer Aspire 5610.
Inizialmente con AVIRA installato ha beccato subito i TRojan, che io ho eliminato, ma subito dopo si sono infiltrati un po' ovunque.
Poi ho fatto girare AD-Aware, trovando vari Malware che ha tolto.
Scansione con Avast, in quarantena ci sono questi file di sistema, gli altri li ho eliminati (erano Temporary Internet File)
Kernel32.dll
winsock.dll
wsock32.dll
Con kasperky è risultato questo:kasperky.txt
Con Vir-it:
VirIT eXplorer Lite Log
--------------------------------------------------------
11/07/2008 - 16:14:04
[SCANSIONE DEL REGISTRO]
OK
StartPage di Internet Explorer Hijacked: http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
* * * RIMOSSO * * *
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 79897.
Files Totali: 79897.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
--------------------------------------------------------
11/07/2008 - 16:45:37
[SCANSIONE DEL REGISTRO]
OK
StartPage di Internet Explorer Hijacked: http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
* * * RIMOSSO * * *
[D:\FOUND.000]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 5.
Files Totali: 5.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
--------------------------------------------------------
11/07/2008 - 16:47:37
[SCANSIONE DEL REGISTRO]
OK
StartPage di Internet Explorer Hijacked: http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 1023.
Files Totali: 1023.
Files Cancellati: 0.
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
12/07/2008 - 10:56:36
[SCANSIONE DEL REGISTRO]
OK
StartPage di Internet Explorer Hijacked: http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
* * * RIMOSSO * * *
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 6483.
Files Totali: 6483.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
--------------------------------------------------------
12/07/2008 - 10:59:00
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\WINDOWS\system32\rqRIyyVO.dll Infetto da Trojan.Win32.Vundo.EH
C:\WINDOWS\system32\cbXRLccD.dll Infetto da Trojan.Win32.Vundo.EH
C:\WINDOWS\system32\yayaBRKA.dll Infetto da Trojan.Win32.Vundo.EH
C:\WINDOWS\system32\hgGwTnon.dll Infetto da Trojan.Win32.Vundo.EH
C:\Documents and Settings\Rudi\Impostazioni locali\Temporary Internet Files\Content.IE5\XDWC3JK4\faviconCAFTJY8W.ico Infetto da Trojan.Win32.Vundo.EH
Chiavi Registro infette: 0.
Files Infetti: 5.
Files Sospetti: 0.
Files Analizzati: 78141.
Files Totali: 78141.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
E ora? Che faccio? Ho parecchia roba importante, col Pc ci lavoro.
VI ringrazio per l'aiuto che vorrete darmi!
Ciao |
|
| Top |
|
 |
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 12 Lug 2008 13:41 Oggetto: |
|
|
Ciao thebutcher  e benvenuto...
Scarica Vundofix sul desktop
- Esegui VundoFix.exe
- Clicca Scan for Vundo.
- al termine della scansione, clicca su Fix Vundo.
- ti chiede se vuoi eliminare i files infetti, clicca YES
- il tuo video diventerà nero durante la rimozione di Vundo.
- al termine ti chiederà di riavviare il pc, clicca OK.
- Copia qui il contenuto del log C:\vundofix.txt.
Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.
Fai anche queste altre scansioni:
CCleaner;
Combofix;
Hijackthis; |
|
| Top |
|
|
thebutcher
Eroe
Registrato: 11/07/08 23:21
Messaggi: 61
|
| Inviato: 13 Lug 2008 12:48 Oggetto: |
|
|
| ok. Grazie mi ci metto subito al lavoro e ti vi faccio sapere. |
|
| Top |
|
|
thebutcher
Eroe
Registrato: 11/07/08 23:21
Messaggi: 61
|
| Inviato: 13 Lug 2008 13:25 Oggetto: |
|
|
| Vundo non trova niente (cavolo!). Ora provo con gli altri che mi hai dato e magari rifaccio una scansione con Vundo |
|
| Top |
|
|
thebutcher
Eroe
Registrato: 11/07/08 23:21
Messaggi: 61
|
| Inviato: 13 Lug 2008 13:34 Oggetto: |
|
|
| thebutcher ha scritto: | | ok. Grazie mi ci metto subito al lavoro e ti vi faccio sapere. |
Almeno la CPU non è più costantemente al 100% |
|
| Top |
|
|
thebutcher
Eroe
Registrato: 11/07/08 23:21
Messaggi: 61
|
| Inviato: 13 Lug 2008 14:19 Oggetto: |
|
|
| Sante62 ha scritto: | Ciao thebutcher e benvenuto...
Scarica Vundofix sul desktop
- Esegui VundoFix.exe
- Clicca Scan for Vundo.
- al termine della scansione, clicca su Fix Vundo.
- ti chiede se vuoi eliminare i files infetti, clicca YES
- il tuo video diventerà nero durante la rimozione di Vundo.
- al termine ti chiederà di riavviare il pc, clicca OK.
- Copia qui il contenuto del log C:\vundofix.txt.
Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.
Fai anche queste altre scansioni:
CCleaner;
Combofix;
Hijackthis; |
Ho eseguito Combofix, e prima ho chiuso tutte le applicazioni.
Dopo il riavvio il desktop e il menù start è tornato come prima (wow!). Solo un messaggio di errore (spero non sia troppo grave): "errore durante il caricamento di C:\windows\system32\bwqntbpo.dll".
Continua ad esserci un messaggio nella barra strumenti in basso a destra che mi dice che la protezione di windows non è attiva, c'era anche prima con virus attivi e mi faceva partire vari pop-up di finti spyware. Provo con Spybot?
Cmq ecco il log di combofix:
ComboFix 08-07-12.2 - Rudi 2008-07-13 13.51.24.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.476 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Rudi\Desktop\Combo-fix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Rudi\Preferiti\Error Cleaner.url
C:\Documents and Settings\Rudi\Preferiti\Privacy Protector.url
C:\Documents and Settings\Rudi\Preferiti\Spyware&Malware Protection.url
C:\Programmi\PCHealthCenter
C:\Programmi\PCHealthCenter\0.gif
C:\Programmi\PCHealthCenter\1.gif
C:\Programmi\PCHealthCenter\2.gif
C:\Programmi\PCHealthCenter\3.gif
C:\Programmi\PCHealthCenter\sex1.ico
C:\Programmi\PCHealthCenter\sex2.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\eorp.exe
C:\WINDOWS\fsrpknov.dll
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\sqvgnrpx.dll
C:\WINDOWS\system32\bwqntbpo.dll
C:\WINDOWS\system32\cbXRLccD.dll
C:\WINDOWS\system32\ciifbsgo.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\hgGwTnon.dll
C:\WINDOWS\system32\jltunqpu.ini
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\opbtnqwb.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\rqRIyyVO.dll
C:\WINDOWS\system32\ttAIRXbc.ini
C:\WINDOWS\system32\ttAIRXbc.ini2
C:\WINDOWS\system32\upqnutlj.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\yayaBRKA.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Creati Da 2008-06-13 al 2008-07-13 )))))))))))))))))))))))))))))))))))
.
2008-07-13 13:26 . 2008-07-13 13:26 <DIR> d-------- C:\Programmi\CCleaner
2008-07-13 12:51 . 2008-07-13 12:51 <DIR> d-------- C:\VundoFix Backups
2008-07-12 11:16 . 2008-07-12 11:16 24,400 --a------ C:\Documents and Settings\Rudi\mlwrwqop.exe
2008-07-12 09:09 . 2008-07-12 09:09 7,168 --a------ C:\WINDOWS\system32\drivers\uteyodgx.sys
2008-07-11 23:32 . 2008-03-05 11:41 148,496 --a------ C:\WINDOWS\system32\drivers\15948730.sys
2008-07-11 23:32 . 2008-07-13 13:56 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-11 23:32 . 2008-07-13 13:56 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-11 17:29 . 2008-07-11 17:29 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-11 17:22 . 2008-07-11 17:22 <DIR> d-------- C:\Programmi\Alwil Software
2008-07-11 17:12 . 2008-07-11 17:12 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-07-11 17:03 . 2008-07-11 17:03 321,792 --a------ C:\WINDOWS\system32\cbXRIAtt.dll
2008-07-11 13:58 . 2004-09-07 20:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-09 15:42 . 2008-06-20 12:45 360,320 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2008-07-09 15:42 . 2008-06-20 11:52 225,920 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2008-07-09 15:42 . 2008-06-20 12:44 138,368 --a------ C:\WINDOWS\system32\drivers\afd.sys
2008-06-19 16:53 . 2008-06-19 16:53 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-06-19 16:53 . 2008-06-19 16:53 <DIR> d-------- C:\Documents and Settings\Rudi\Dati applicazioni\skypePM
2008-06-19 16:53 . 2008-06-19 16:53 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-15 13:17 . 2008-06-15 13:17 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-15 13:13 . 2008-06-15 13:13 <DIR> d--hs---- C:\FOUND.015
2008-06-15 00:09 . 2008-06-27 20:00 40 --a------ C:\WINDOWS\SIERRA.INI
2008-06-15 00:07 . 2008-06-15 00:07 <DIR> d-------- C:\Sierra
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 18:37 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-25 11:47 20 ---h--w C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLec.DAT
2008-06-25 11:47 20 ---h--w C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLds.DAT
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 15:26 --------- d-----w C:\Programmi\Flock
2008-06-09 15:26 --------- d-----w C:\Documents and Settings\Rudi\Dati applicazioni\Flock
2008-05-29 10:35 --------- d-----w C:\Programmi\ViDown
2008-05-29 10:20 --------- d-----w C:\Programmi\Replay Media Catcher
2008-05-29 10:18 --------- d-----w C:\Documents and Settings\Rudi\Dati applicazioni\GetRightToGo
2008-05-13 14:47 --------- d-----w C:\Programmi\Stardock
2008-05-13 14:47 --------- d-----w C:\Programmi\File comuni\Stardock
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,293,312 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-20 13:09 1,516,280 ----a-w C:\Programmi\mozilla firefox\plugins\RineraProxy.dll
2008-03-20 13:09 86,070 ----a-w C:\Programmi\mozilla firefox\plugins\pthreadVC2.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87797C66-F6FA-4601-9ACE-E903CB02A6B1}]
2008-07-11 17:03 321792 --a------ C:\WINDOWS\system32\cbXRIAtt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 20:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 00:11 68856]
"LDM"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-14 23:54 36864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 22:40 64512]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"ntiMUI"="C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 20:00 455168]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NTI Scheduler"="C:\Programmi\File comuni\NewTech Infosystems\Scheduler\Schdlr32.exe" [2006-01-19 17:59 73728]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"avgnt"="C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-22 09:44 262401]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-30 00:12 1836544]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"LVCOMSX"="C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"is-IKNAL"="C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-IKNAL\is-IKNAL.exe" [2008-06-07 15:26 217088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:53 110592 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"AdslTaskBar"="stmctrl.dll" [2003-03-27 14:11 151552 C:\WINDOWS\system32\stmctrl.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 20:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\Rudi\Dati applicazioni\Mozilla\Firefox\Profiles\x9vqro0b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe" [2007-04-22 16:17 674138]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MPG4"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP42"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP43"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.DIV3"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32.dll
"VIDC.DIV4"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32f.dll
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.HFYU"= C:\PROGRA~1\K-LITE~1\codecs\huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"D:\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\System32\\FXSCLNT.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-06-25 20:37]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 is-IKNALdrv;is-IKNALdrv;C:\WINDOWS\system32\drivers\15948730.sys [2008-03-05 11:41]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 is-IKNAL;is-IKNAL;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-IKNAL\is-IKNAL.exe [2008-06-07 15:26]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:45]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-12 10:47]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-09-07 20:00]
S3 uteyodgx;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\uteyodgx.sys [2008-07-12 09:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28ea37b0-7e3f-11dc-9c9c-0016d45ac4f3}]
\Shell\AutoRun\command - F:\
\Shell\explore\Command - camp.exe
\Shell\open\Command - camp.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-07 10:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Netlog 24 - C:\Programmi\Netlog 24\Notifier\Netlog24Notifier.exe
HKCU-Run-RocketDock - C:\Programmi\RocketDock\RocketDock.exe
HKLM-Run-09541673 - C:\WINDOWS\system32\bwqntbpo.dll
SSODL-fsrpknov-{C2D2D233-E739-46E7-AE6D-76A83FC730D4} - C:\WINDOWS\fsrpknov.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 13:58:53
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\RtkBtMnt.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-13 14:05:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-13 12:04:58
17 Directory 6,690,177,024 byte disponibili
35 Directory 6,826,065,920 byte disponibili
271 --- E O F --- 2008-07-10 22:35:50
ora faccio hijackthis.
a più tardi e grazie. |
|
| Top |
|
|
thebutcher
Eroe
Registrato: 11/07/08 23:21
Messaggi: 61
|
| Inviato: 13 Lug 2008 15:14 Oggetto: |
|
|
ecco il log di hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://controlpage.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NTI Scheduler] "C:\Programmi\File comuni\NewTech Infosystems\Scheduler\Schdlr32.exe" -s
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FFTI] C:\Documents and Settings\Rudi\Dati applicazioni\Mozilla\Firefox\Profiles\x9vqro0b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FFTI] C:\Documents and Settings\Rudi\Dati applicazioni\Mozilla\Firefox\Profiles\x9vqro0b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: Use ViDown to download - C:\Programmi\ViDown\vd_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.archiviosex.net
O15 - Trusted Zone: *.otherchance.com
O15 - Trusted Zone: *.whatsnew.name
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184942006125
O17 - HKLM\System\CCS\Services\Tcpip\..\{1840382E-449D-4A7E-A224-C67E0CEBEE9F}: NameServer = 193.70.152.15,193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1840382E-449D-4A7E-A224-C67E0CEBEE9F}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: bw+0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 24270 bytes
P.S. c'è ancora quel messaggio sospetto di avviso protezione disattivato. anche dal pannello di controllo/centro sicurezza, non si riesce ad attivarlo. ciò mi puzza parecchio.
aspetto con impazienza e grazie ancora per l'aiuto! |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 14 Lug 2008 00:27 Oggetto: |
|
|
C'è ancora qualcos'altro che non sono riuscito a inquadrare bene;
scarica e fai la scansione con Norman Malware Cleaner
avvia il PC in modalità provvisoria
Avvia Norman Malware Cleaner.
Viene generato un log sul desktop chiamandolo NFix_2008-01-gg_hh-mm-ss.log, alla fine della scansione postalo qui. |
|
| Top |
|
|
thebutcher
Eroe
Registrato: 11/07/08 23:21
Messaggi: 61
|
| Inviato: 14 Lug 2008 15:36 Oggetto: |
|
|
| Sante62 ha scritto: | C'è ancora qualcos'altro che non sono riuscito a inquadrare bene;
scarica e fai la scansione con Norman Malware Cleaner
avvia il PC in modalità provvisoria
Avvia Norman Malware Cleaner.
Viene generato un log sul desktop chiamandolo NFix_2008-01-gg_hh-mm-ss.log, alla fine della scansione postalo qui. |
Allora, questo è il log fatto inizialmente:
Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/07/07 18:58:09
Norman Scanner Engine Version: 5.92.08
Nvcbin.def Version: 5.92.00, Date: 2008/07/07 18:58:09, Variants: 1826343
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: RUDY\Rudi
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Scan started: 14/07/2008 09:57:11
Scanning running processes and process memory...
Number of processes/threads found: 4183
Number of processes/threads scanned: 4183
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 4m 12s
Scanning file system...
Scanning: C:\*.*
C:\Documents and Settings\Rudi\mlwrwqop.exe (Infected with Dialer.HN)
Deleted file
C:\Documents and Settings\Rudi\Documenti\Musica\iTunes\iTunes Music\Discografia Jimi Hendrix\DISCOGRAFIA Jimi Hendrix Vol.2.rar.MP3/CMT (Error whilst scanning file: I/O Error)
C:\Documents and Settings\Rudi\Documenti\Musica\iTunes\iTunes Music\Discografia Jimi Hendrix\DISCOGRAFIA Jimi Hendrix Vol.2.rar.MP3/RR (Error whilst scanning file: I/O Error)
C:\System Volume Information\_RESTO~1\RP3\A0001320.exe (Infected with Dialer.HN)
Deleted file
Scanning: D:\*.*
Scanning: c:\System Volume Information\*.*
Running post-scan cleanup routine:
Number of files found: 178338
Number of archives unpacked: 6425
Number of files scanned: 178264
Number of files not scanned: 74
Number of files skipped due to exclude list: 0
Number of infected files found: 2
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 1h 24m 59s
Mentre questo in modalità provvisoria:
Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/07/07 18:58:09
Norman Scanner Engine Version: 5.92.08
Nvcbin.def Version: 5.92.00, Date: 2008/07/07 18:58:09, Variants: 1826343
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: RUDY\Rudi
Scan started: 14/07/2008 12:33:56
Scanning running processes and process memory...
Number of processes/threads found: 635
Number of processes/threads scanned: 635
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 37s
Scanning file system...
Scanning: C:\*.*
C:\Documents and Settings\Rudi\Documenti\Musica\iTunes\iTunes Music\Discografia Jimi Hendrix\DISCOGRAFIA Jimi Hendrix Vol.2.rar.MP3/CMT (Error whilst scanning file: I/O Error)
C:\Documents and Settings\Rudi\Documenti\Musica\iTunes\iTunes Music\Discografia Jimi Hendrix\DISCOGRAFIA Jimi Hendrix Vol.2.rar.MP3/RR (Error whilst scanning file: I/O Error)
Scanning: D:\*.*
Running post-scan cleanup routine:
Number of files found: 177592
Number of archives unpacked: 6426
Number of files scanned: 177570
Number of files not scanned: 22
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 2h 13m 9s
p.s. il problema all'avviso protezione windows continua ad esserci. Poi vari pop-up che si aprono con IE. |
|
| Top |
|
|
thebutcher
Eroe
Registrato: 11/07/08 23:21
Messaggi: 61
|
| Inviato: 14 Lug 2008 15:43 Oggetto: |
|
|
| thebutcher ha scritto: | | Sante62 ha scritto: | C'è ancora qualcos'altro che non sono riuscito a inquadrare bene;
scarica e fai la scansione con Norman Malware Cleaner
avvia il PC in modalità provvisoria
Avvia Norman Malware Cleaner.
Viene generato un log sul desktop chiamandolo NFix_2008-01-gg_hh-mm-ss.log, alla fine della scansione postalo qui. |
Allora, questo è il log fatto inizialmente:
Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/07/07 18:58:09
Norman Scanner Engine Version: 5.92.08
Nvcbin.def Version: 5.92.00, Date: 2008/07/07 18:58:09, Variants: 1826343
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: RUDY\Rudi
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Scan started: 14/07/2008 09:57:11
Scanning running processes and process memory...
Number of processes/threads found: 4183
Number of processes/threads scanned: 4183
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 4m 12s
Scanning file system...
Scanning: C:\*.*
C:\Documents and Settings\Rudi\mlwrwqop.exe (Infected with Dialer.HN)
Deleted file
C:\Documents and Settings\Rudi\Documenti\Musica\iTunes\iTunes Music\Discografia Jimi Hendrix\DISCOGRAFIA Jimi Hendrix Vol.2.rar.MP3/CMT (Error whilst scanning file: I/O Error)
C:\Documents and Settings\Rudi\Documenti\Musica\iTunes\iTunes Music\Discografia Jimi Hendrix\DISCOGRAFIA Jimi Hendrix Vol.2.rar.MP3/RR (Error whilst scanning file: I/O Error)
C:\System Volume Information\_RESTO~1\RP3\A0001320.exe (Infected with Dialer.HN)
Deleted file
Scanning: D:\*.*
Scanning: c:\System Volume Information\*.*
Running post-scan cleanup routine:
Number of files found: 178338
Number of archives unpacked: 6425
Number of files scanned: 178264
Number of files not scanned: 74
Number of files skipped due to exclude list: 0
Number of infected files found: 2
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 1h 24m 59s
Mentre questo in modalità provvisoria:
Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/07/07 18:58:09
Norman Scanner Engine Version: 5.92.08
Nvcbin.def Version: 5.92.00, Date: 2008/07/07 18:58:09, Variants: 1826343
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: RUDY\Rudi
Scan started: 14/07/2008 12:33:56
Scanning running processes and process memory...
Number of processes/threads found: 635
Number of processes/threads scanned: 635
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 37s
Scanning file system...
Scanning: C:\*.*
C:\Documents and Settings\Rudi\Documenti\Musica\iTunes\iTunes Music\Discografia Jimi Hendrix\DISCOGRAFIA Jimi Hendrix Vol.2.rar.MP3/CMT (Error whilst scanning file: I/O Error)
C:\Documents and Settings\Rudi\Documenti\Musica\iTunes\iTunes Music\Discografia Jimi Hendrix\DISCOGRAFIA Jimi Hendrix Vol.2.rar.MP3/RR (Error whilst scanning file: I/O Error)
Scanning: D:\*.*
Running post-scan cleanup routine:
Number of files found: 177592
Number of archives unpacked: 6426
Number of files scanned: 177570
Number of files not scanned: 22
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 2h 13m 9s
ieri ho installato anche Spybot, consigliato da un amico e questo è il log:
--- Report generated: 2008-07-13 16.04 ---
Hint of the Day: Click the bar at the right of this to see more information! ()
Win32.Dialer.aeh: [SBI $831B13F5] Impostazioni (Valore di registro, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AccessoD
Win32.Dialer.aeh: [SBI $52D9A8BC] Impostazioni (Valore di registro, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AccessoM
Win32.Dialer.aeh: [SBI $79F4FB7F] Impostazioni (Valore di registro, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AccessoN
Win32.Dialer.aeh: [SBI $25C44157] Impostazioni (Valore di registro, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AccessoNM
BPSSpywareRemover: [SBI $56D821C1] Libreria dei tipi (Chiave di registro, fixed)
HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}
Virtumonde: [SBI $42352499] Impostazioni utente (Chiave di registro, fixed)
HKEY_USERS\S-1-5-21-1229355848-2500032266-877903093-1005\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Impostazioni (Chiave di registro, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Tisemabana: [SBI $4E2CBCED] Impostazioni (Chiave di registro, fixed)
HKEY_USERS\S-1-5-21-1229355848-2500032266-877903093-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\whatsnew.name
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-13 unins000.exe (51.49.0.0)
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 advcheck.dll (1.6.1.12)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-07-07 Tools.dll (2.1.5.7)
2008-06-14 DelZip179.dll (1.79.11.1)
2007-04-02 aports.dll (2.1.0.0)
2008-06-19 sqlite3.dll
2007-11-07 Includes\Revision.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-06-03 Includes\HeavyDuty.sbi (*)
2008-07-08 Includes\Hijackers.sbi (*)
2008-06-25 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-07-02 Includes\Malware.sbi (*)
2008-06-17 Includes\PUPS.sbi (*)
2008-06-10 Includes\Security.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-17 Includes\Spyware.sbi (*)
2008-06-17 Includes\Adware.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-06-24 Includes\Trojans.sbi (*)
2008-07-07 Includes\DialerC.sbi (*)
2008-07-08 Includes\HijackersC.sbi (*)
2008-07-08 Includes\KeyloggersC.sbi (*)
2008-07-08 Includes\MalwareC.sbi (*)
2008-07-01 Includes\PUPSC.sbi (*)
2008-07-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-07-08 Includes\SpywareC.sbi (*)
2008-07-07 Includes\AdwareC.sbi (*)
2008-07-08 Includes\TrojansC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
p.s. il problema all'avviso protezione windows continua ad esserci. Poi vari pop-up che si aprono con IE. |
|
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 14 Lug 2008 16:07 Oggetto: |
|
|
Sia Spybot che Norman hanno tolto qualcosa, ma ancora non basta...
fai la scansione con Systemscan e posta il log generato come
indicato quì |
|
| Top |
|
|
thebutcher
Eroe
Registrato: 11/07/08 23:21
Messaggi: 61
|
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 14 Lug 2008 22:03 Oggetto: |
|
|
Prepara un file col blocco note e mettici queste scritte in rosso:
| Citazione: | File::
C:\WINDOWS\system32\mtjdapyi.dll
C:\DOCUME~1\Rudi\IMPOST~1\Temp\olrzauvg.exe
C:\WINDOWS\system32\mtjdapyi.dll
C:\WINDOWS\system32\sabbjrlw.dll
C:\WINDOWS\system32\wlrjbbas.ini
C:\WINDOWS\system32\iypadjtm.ini
C:\DOCUME~1\Rudi\IMPOST~1\Temp\huu14wg0.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\zlbbw0ks.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\1wh8d9fy.exe
Registry::
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"09541673"=- |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. 
Posta i logs aggiornati di combofix;
Avvia Hijackthis, seleziona queste righe se presenti e clicca poi su fix Checked: (meglio farlo dalla modalità provvisoria)
| Citazione: | O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\mtjdapyi.dll",b
O15 - Trusted Zone: *.archiviosex.net
O15 - Trusted Zone: *.otherchance.com |
Scarica questo file sul desktop
Disconettiti da internet, seleziona il file DelDomains.inf, tasto destro del mouse e scegli l'opzione "Installa"; serve per ripristinare la zona attendibile di Internet explorer;
Alla fine di tutto, riavvia il PC e posta anche un log aggiornato di Hijackthis. |
|
| Top |
|
|
thebutcher
Eroe
Registrato: 11/07/08 23:21
Messaggi: 61
|
| Inviato: 15 Lug 2008 12:56 Oggetto: |
|
|
| Sante62 ha scritto: | Prepara un file col blocco note e mettici queste scritte in rosso:
| Citazione: | File::
C:\WINDOWS\system32\mtjdapyi.dll
C:\DOCUME~1\Rudi\IMPOST~1\Temp\olrzauvg.exe
C:\WINDOWS\system32\mtjdapyi.dll
C:\WINDOWS\system32\sabbjrlw.dll
C:\WINDOWS\system32\wlrjbbas.ini
C:\WINDOWS\system32\iypadjtm.ini
C:\DOCUME~1\Rudi\IMPOST~1\Temp\huu14wg0.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\zlbbw0ks.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\1wh8d9fy.exe
Registry::
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"09541673"=- |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
Posta i logs aggiornati di combofix;
Avvia Hijackthis, seleziona queste righe se presenti e clicca poi su fix Checked: (meglio farlo dalla modalità provvisoria)
| Citazione: | O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\mtjdapyi.dll",b
O15 - Trusted Zone: *.archiviosex.net
O15 - Trusted Zone: *.otherchance.com |
Scarica questo file sul desktop
Disconettiti da internet, seleziona il file DelDomains.inf, tasto destro del mouse e scegli l'opzione "Installa"; serve per ripristinare la zona attendibile di Internet explorer;
Alla fine di tutto, riavvia il PC e posta anche un log aggiornato di Hijackthis. |
ECCO il LOG di COMBOFIX:
ComboFix 08-07-14.2 - Rudi 2008-07-15 12.33.55.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.542 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Rudi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rudi\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\DOCUME~1\Rudi\IMPOST~1\Temp\1wh8d9fy.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\huu14wg0.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\olrzauvg.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\zlbbw0ks.exe
C:\WINDOWS\system32\iypadjtm.ini
C:\WINDOWS\system32\mtjdapyi.dll
C:\WINDOWS\system32\sabbjrlw.dll
C:\WINDOWS\system32\wlrjbbas.ini
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Rudi\IMPOST~1\Temp\1wh8d9fy.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\huu14wg0.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\olrzauvg.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\zlbbw0ks.exe
C:\WINDOWS\system32\iypadjtm.ini
C:\WINDOWS\system32\mtjdapyi.dll
C:\WINDOWS\system32\sabbjrlw.dll
C:\WINDOWS\system32\ttAIRXbc.ini
C:\WINDOWS\system32\ttAIRXbc.ini2
C:\WINDOWS\system32\wlrjbbas.ini
.
((((((((((((((((((((((((( Files Creati Da 2008-06-15 al 2008-07-15 )))))))))))))))))))))))))))))))))))
.
2008-07-14 15:47 . 2008-07-14 15:47 24,400 --a------ C:\Documents and Settings\Rudi\iluisxtm.exe
2008-07-13 15:33 . 2008-07-13 15:33 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-07-13 15:33 . 2008-07-13 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-13 15:06 . 2008-07-13 15:06 <DIR> d-------- C:\Hijackthis
2008-07-13 13:26 . 2008-07-13 13:26 <DIR> d-------- C:\Programmi\CCleaner
2008-07-13 12:51 . 2008-07-13 12:51 <DIR> d-------- C:\VundoFix Backups
2008-07-12 09:09 . 2008-07-12 09:09 7,168 --a------ C:\WINDOWS\system32\drivers\uteyodgx.sys
2008-07-11 23:32 . 2008-07-13 14:42 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-11 23:32 . 2008-07-13 14:42 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-11 17:29 . 2008-07-11 17:29 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-11 17:22 . 2008-07-11 17:22 <DIR> d-------- C:\Programmi\Alwil Software
2008-07-11 17:12 . 2008-07-11 17:12 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-07-11 17:03 . 2008-07-11 17:03 321,792 --a------ C:\WINDOWS\system32\cbXRIAtt.dll
2008-07-11 13:58 . 2004-09-07 20:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-09 15:42 . 2008-06-20 12:45 360,320 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2008-07-09 15:42 . 2008-06-20 11:52 225,920 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2008-07-09 15:42 . 2008-06-20 12:44 138,368 --a------ C:\WINDOWS\system32\drivers\afd.sys
2008-06-19 16:53 . 2008-06-19 16:53 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-06-19 16:53 . 2008-06-19 16:53 <DIR> d-------- C:\Documents and Settings\Rudi\Dati applicazioni\skypePM
2008-06-19 16:53 . 2008-06-19 16:53 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-15 13:17 . 2008-06-15 13:17 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-15 13:13 . 2008-06-15 13:13 <DIR> d--hs---- C:\FOUND.015
2008-06-15 00:09 . 2008-06-27 20:00 40 --a------ C:\WINDOWS\SIERRA.INI
2008-06-15 00:07 . 2008-06-15 00:07 <DIR> d-------- C:\Sierra
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 18:37 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-25 11:47 20 ---h--w C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLec.DAT
2008-06-25 11:47 20 ---h--w C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLds.DAT
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 15:26 --------- d-----w C:\Programmi\Flock
2008-06-09 15:26 --------- d-----w C:\Documents and Settings\Rudi\Dati applicazioni\Flock
2008-05-29 10:35 --------- d-----w C:\Programmi\ViDown
2008-05-29 10:20 --------- d-----w C:\Programmi\Replay Media Catcher
2008-05-29 10:18 --------- d-----w C:\Documents and Settings\Rudi\Dati applicazioni\GetRightToGo
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,293,312 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-20 13:09 1,516,280 ----a-w C:\Programmi\mozilla firefox\plugins\RineraProxy.dll
2008-03-20 13:09 86,070 ----a-w C:\Programmi\mozilla firefox\plugins\pthreadVC2.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BCB86CA-DB03-4518-BEFF-9ED208862AF3}]
2008-07-11 17:03 321792 --a------ C:\WINDOWS\system32\cbXRIAtt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 20:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 00:11 68856]
"LDM"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-14 23:54 36864]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 22:40 64512]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"ntiMUI"="C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 20:00 455168]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NTI Scheduler"="C:\Programmi\File comuni\NewTech Infosystems\Scheduler\Schdlr32.exe" [2006-01-19 17:59 73728]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"avgnt"="C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-22 09:44 262401]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-30 00:12 1836544]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"LVCOMSX"="C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"09541673"="C:\WINDOWS\system32\mtjdapyi.dll" [BU]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:53 110592 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"AdslTaskBar"="stmctrl.dll" [2003-03-27 14:11 151552 C:\WINDOWS\system32\stmctrl.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 20:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\Rudi\Dati applicazioni\Mozilla\Firefox\Profiles\x9vqro0b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe" [2007-04-22 16:17 674138]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MPG4"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP42"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP43"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.DIV3"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32.dll
"VIDC.DIV4"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32f.dll
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.HFYU"= C:\PROGRA~1\K-LITE~1\codecs\huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"D:\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\WINDOWS\\System32\\FXSCLNT.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-06-25 20:37]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:45]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-12 10:47]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-09-07 20:00]
S3 uteyodgx;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\uteyodgx.sys [2008-07-12 09:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28ea37b0-7e3f-11dc-9c9c-0016d45ac4f3}]
\Shell\AutoRun\command - F:\
\Shell\explore\Command - camp.exe
\Shell\open\Command - camp.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-07 10:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 12:40:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-15 12:45:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 10:45:12
ComboFix2.txt 2008-07-13 12:05:16
18 Directory 7,424,671,744 byte disponibili
36 Directory 7,425,818,624 byte disponibili
243 --- E O F --- 2008-07-10 22:35:50
P.S. HO UN DUBBIO SU SPYBOT: MI CHIEDE SE MODIFICARE LA VOCE DI REGISTRO RUNDLL32.EXE c:\WINDOWS\SYSTEM32\MTJDAPYI.DLL,B
CON RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NTTWDSOP.DLL,B
COSA DEVO FARE: CONSENTI O NEGA? |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 15 Lug 2008 15:02 Oggetto: |
|
|
Nega...
Hai fatto questi passaggi? Altrimenti provvedi e posta un nuovo log di HJT.
| Sante62 ha scritto: |
Avvia Hijackthis, seleziona queste righe se presenti e clicca poi su fix Checked: (meglio farlo dalla modalità provvisoria)
| Citazione: | O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\mtjdapyi.dll",b
O15 - Trusted Zone: *.archiviosex.net
O15 - Trusted Zone: *.otherchance.com |
Scarica questo file sul desktop
Disconettiti da internet, seleziona il file DelDomains.inf, tasto destro del mouse e scegli l'opzione "Installa"; serve per ripristinare la zona attendibile di Internet explorer;
Alla fine di tutto, riavvia il PC e posta anche un log aggiornato di Hijackthis.
|
|
|
| Top |
|
|
thebutcher
Eroe
Registrato: 11/07/08 23:21
Messaggi: 61
|
| Inviato: 15 Lug 2008 15:08 Oggetto: |
|
|
| Sante62 ha scritto: | Nega...
Hai fatto questi passaggi? Altrimenti provvedi e posta un nuovo log di HJT.
| Sante62 ha scritto: |
Avvia Hijackthis, seleziona queste righe se presenti e clicca poi su fix Checked: (meglio farlo dalla modalità provvisoria)
| Citazione: | O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\mtjdapyi.dll",b
O15 - Trusted Zone: *.archiviosex.net
O15 - Trusted Zone: *.otherchance.com |
Scarica questo file sul desktop
Disconettiti da internet, seleziona il file DelDomains.inf, tasto destro del mouse e scegli l'opzione "Installa"; serve per ripristinare la zona attendibile di Internet explorer;
Alla fine di tutto, riavvia il PC e posta anche un log aggiornato di Hijackthis.
|
|
azz... leggendo la guida mi sembrava corretto consentire. Ecco ho fatto na cazzata! Non posso togliere quella funzione di Spybot, mi son accorto di non saperlo gestire tanto bene!
ora faccio andare hijakthis comunque... |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 15 Lug 2008 15:13 Oggetto: |
|
|
| Secondo me ti conviene lasciarlo stare, perchè di avvisa di eventuali accessi al sistema, in questo caso è malevolo, ma la maggior parte delle volte è lecito... |
|
| Top |
|
|
thebutcher
Eroe
Registrato: 11/07/08 23:21
Messaggi: 61
|
| Inviato: 15 Lug 2008 15:19 Oggetto: |
|
|
| Sante62 ha scritto: | | Secondo me ti conviene lasciarlo stare, perchè di avvisa di eventuali accessi al sistema, in questo caso è malevolo, ma la maggior parte delle volte è lecito... |
ok, non è che devo rifare tutto da capo! quindi continuo con la procedura suggeritami da te prima.. con hijackthis e poi il resto.
grazie. |
|
| Top |
|
|
thebutcher
Eroe
Registrato: 11/07/08 23:21
Messaggi: 61
|
| Inviato: 15 Lug 2008 16:23 Oggetto: |
|
|
Ecco il log aggiornato:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\RtkBtMnt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://controlpage.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NTI Scheduler] "C:\Programmi\File comuni\NewTech Infosystems\Scheduler\Schdlr32.exe" -s
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FFTI] C:\Documents and Settings\Rudi\Dati applicazioni\Mozilla\Firefox\Profiles\x9vqro0b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FFTI] C:\Documents and Settings\Rudi\Dati applicazioni\Mozilla\Firefox\Profiles\x9vqro0b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: Use ViDown to download - C:\Programmi\ViDown\vd_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184942006125
O17 - HKLM\System\CCS\Services\Tcpip\..\{1840382E-449D-4A7E-A224-C67E0CEBEE9F}: NameServer = 193.70.152.15,193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1840382E-449D-4A7E-A224-C67E0CEBEE9F}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: bw+0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 23926 bytes |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 15 Lug 2008 19:41 Oggetto: |
 |
|
Avvia Hijackthis e fixa quest'altra riga come hai fatto in precedenza:
| Citazione: | | R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://controlpage.info/ |
Prepara un file con il blocco note e mettici questa scritta in rosso:
| Citazione: | Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28ea37b0-7e3f-11dc-9c9c-0016d45ac4f3}] |
Salva il file come hai già fatto, e trascinalo sull'icona di Combofix;
Posta i logs aggiornati di Combofix e HJT. |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
