Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » r16 uno di noi

2 pages: [1] 2
r16 uno di noi Opzioni
Topic Precedente · Topic Sucessivo
RIOLOTERME
Inviato: Friday, March 06, 2009 8:25:48 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
check in :voglio che siatutto pulito devo fare il back up
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.24.41, on 06/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\vVX1000.exe
C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImage\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImage\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S8F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234604706187
O17 - HKLM\System\CCS\Services\Tcpip\..\{83DFAA43-6D08-42EB-8256-C1E033205823}: NameServer = 85.37.17.47 85.38.28.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{83DFAA43-6D08-42EB-8256-C1E033205823}: NameServer = 85.37.17.47 85.38.28.82
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe

--
End of file - 8011 bytes
Torna in alto
 
Sponsor
Inviato: Friday, March 06, 2009 8:25:48 PM

 
Torna in alto
 
r16
Inviato: Friday, March 06, 2009 8:58:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao Rio.
Come mai hai 2 programmi di HJT uguali ?
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
Ne tieni 1 di riserva?Drool (uno lo puoi levare)
Il log è messo abbastanza bene, c'è poco da levare.
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected

Per sicurezza, visto che vuoi fare un Buckup, fai una scansione con Malwarebytes.
Poi una con KASPERSKY VIRUS REMOVAL TOOL:
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
Installa KASPERSKY VIRUS REMOVAL TOOL sul Desktop:
Doppio click sul Setup.exe.
verrà creata una apposta cartella sul Desktop e comparirà la schermata iniziale del Tool.
imposta le aree che intendi scansionare (Startup Objects e Disk boot sector sono impostate di default)
Nel tuo caso metti la spunta anche In "Risorse del computer" e clicca "SCAN"
Clicca "Reports" poi - "Save to file" e per comodità salvalo sul Desktop.(poi lo posti qui)
Al termine della scansione, clicca su "Neutralize All"
Per eliminare Kaspersky Virus Removal Tool ,devi chiudere il programma cliccando X in alto alla finestra, ti comparirà una finestra, che ti chiederà se vuoi rimuovere completamente il programma dal tuo computer.
Clicca SI.
Dopo la disistallazione ti chiederà di riavviare il pc.
Clicca SI di nuovo.
Torna in alto
 
RIOLOTERME
Inviato: Saturday, March 07, 2009 11:33:16 AM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
non so cosa sono gli ads....del resto tutto ok


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.28.03, on 07/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\vVX1000.exe
C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImage\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImage\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S8F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
Torna in alto
 
r16
Inviato: Saturday, March 07, 2009 11:38:46 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao Rio.
Sono dei file "nascosti" che si agganciano a file legittimi di Windows.
Il log non è completo.
Il Tool di Kaspersky, non ha trovato niente?.
Torna in alto
 
RIOLOTERME
Inviato: Saturday, March 07, 2009 2:40:29 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
l'hon installato ma non mi fa andare nella schermata iniziale del tool per spuntare le opzioni perche' mi trova delle minacce avg e se faccio ignora non arrivo lo stesso alla schermata iniziale del tool...o formatto tutto o dimmi te...
Torna in alto
 
r16
Inviato: Saturday, March 07, 2009 2:53:57 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao Rio.
Formattare per cosa.....perchè AVG rileva Kaspersky come una minaccia?
Disabilita temporaneamente AVG, e chiudi la connessione.
Poi vedi se parte Kaspersky.
Al termine della scansione,aspetta a eliminare le eventuali voci rilevate, con il tasto "Neutralize All", devo vedere prima il log.
Torna in alto
 
RIOLOTERME
Inviato: Saturday, March 07, 2009 8:47:27 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
ho disinstallato avg ma quando ho scaricato il programma sul desktop ho cliccato sul setup ma appena viene installato il programma non compare nessuna finestra del programma....e se entro nella sua cartella virus remove dove ce' scan e startup non parte niente lo stesso...mistero del programmmaThink
Torna in alto
 
r16
Inviato: Saturday, March 07, 2009 10:07:42 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao Rio.
Mi sono preso la briga di scaricarlo dal link che ti ho postato.
Non ho avuto problemi.
Forse richiede l'installazione del Java (che tu non hai).
Comunque Rio, disistallalo che non è un problema.
Fai una scansione con Combofix, e vediamo se trova qualcosa:

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)
Torna in alto
 
RIOLOTERME
Inviato: Sunday, March 08, 2009 11:11:04 AM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
r16 ha scritto:
Ciao Rio.
Mi sono preso la briga di scaricarlo dal link che ti ho postato.
Non ho avuto problemi.
Forse richiede l'installazione del Java (che tu non hai).
Comunque Rio, disistallalo che non è un problema.
Fai una scansione con Combofix, e vediamo se trova qualcosa:

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

scusami r16 allora:ho provato a disabilitare avg ma non so perche ' mi rimane attiva nell'pannello di controllo la protezione antivirus mentre il firewall lo riesco a disabilitare;qunado installo combofix mi dice che continua a rilevarmi avg e nella schermata che appare non mi fa digitare niente cosi' non posso mettere le spunte sulle cartelle da controllare;:aiutami vah r16 scusami di nuovo rispondi pure con calma non ho fretta ciao amico
Torna in alto
 
r16
Inviato: Sunday, March 08, 2009 12:30:24 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ma non ti preoccupare Rio.
Eccoti un link che ti aiuta a disabilitare AVG:
http://www.avg-antivirus.it/support/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=295
E forse dopo funzionerà anche Kaspersky.
Ciao!
Torna in alto
 
RIOLOTERME
Inviato: Sunday, March 08, 2009 3:13:38 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
ComboFix 09-03-06.02 - DAVIDE LINARI 2009-03-08 15:01:55.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.511.169 [GMT 1:00]
Eseguito da: c:\documents and settings\DAVIDE LINARI\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: PC Tools Firewall Plus *enabled*

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-02-08 al 2009-03-08 )))))))))))))))))))))))))))))))))))
.

2009-03-07 20:42 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\20945743.sys
2009-03-07 20:40 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\59269943.sys
2009-03-07 14:35 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\66290674.sys
2009-03-07 14:30 . 2009-03-07 14:41 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-07 14:29 . 2009-03-08 15:08 11,831,392 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-07 14:29 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\62306766.sys
2009-03-07 14:29 . 2009-03-08 15:06 139,808 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-07 11:38 . 2009-03-07 11:38 <DIR> d-------- c:\documents and settings\DAVIDE LINARI\Dati applicazioni\Malwarebytes
2009-03-07 11:38 . 2009-03-07 11:38 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-03-07 09:54 . 2001-08-30 23:07 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-03-07 09:54 . 2001-08-30 23:07 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-03-07 09:54 . 2001-08-30 23:07 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-03-07 09:54 . 2001-08-30 23:07 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-03-07 09:54 . 2008-04-14 03:12 6,144 --a------ c:\windows\system32\kbd106.dll
2009-03-07 09:54 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-03-07 09:54 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-03-07 09:54 . 2008-04-14 03:12 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-03-07 09:54 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-03-07 09:54 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-03-07 09:54 . 2001-08-17 22:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-03-07 09:54 . 2001-08-17 22:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-03-01 14:11 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2009-03-01 14:11 . 2001-08-17 21:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys
2009-03-01 12:41 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-03-01 12:41 . 2009-03-01 12:41 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-01 12:41 . 2009-03-01 12:41 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-03-01 12:35 . 2009-03-01 12:32 1,107,296 --a------ c:\windows\system32\WdfCoInstaller01007.dll
2009-03-01 12:35 . 2009-03-01 12:32 24,616 --a------ c:\windows\system32\drivers\ggsemc.sys
2009-03-01 12:35 . 2009-03-01 12:32 13,224 --a------ c:\windows\system32\drivers\ggflt.sys
2009-03-01 12:24 . 2006-09-18 14:59 90,800 -ra------ c:\windows\system32\drivers\se27unic.sys
2009-03-01 12:24 . 2006-09-18 14:58 88,688 -ra------ c:\windows\system32\drivers\SE27mgmt.sys
2009-03-01 12:24 . 2006-09-18 14:59 18,704 -ra------ c:\windows\system32\drivers\se27nd5.sys
2009-03-01 12:24 . 2006-09-18 14:58 4,128 -ra------ c:\windows\system32\drivers\se27cr.sys
2009-03-01 12:23 . 2006-09-18 14:58 97,184 -ra------ c:\windows\system32\drivers\SE27mdm.sys
2009-03-01 12:23 . 2006-09-18 14:59 86,560 -ra------ c:\windows\system32\drivers\SE27obex.sys
2009-03-01 12:23 . 2006-09-18 14:58 61,600 -ra------ c:\windows\system32\drivers\SE27bus.sys
2009-03-01 12:23 . 2006-09-18 14:58 9,360 -ra------ c:\windows\system32\drivers\SE27mdfl.sys
2009-03-01 12:23 . 2006-09-18 14:58 6,240 -ra------ c:\windows\system32\drivers\SE27cmnt.sys
2009-03-01 12:23 . 2006-09-18 14:58 6,240 -ra------ c:\windows\system32\drivers\SE27cm.sys
2009-03-01 12:23 . 2006-09-18 14:59 5,872 -ra------ c:\windows\system32\drivers\SE27whnt.sys
2009-03-01 12:23 . 2006-09-18 14:59 5,872 -ra------ c:\windows\system32\drivers\SE27wh.sys
2009-03-01 12:13 . 2009-03-01 12:24 <DIR> d-------- c:\documents and settings\DAVIDE LINARI\Dati applicazioni\Teleca
2009-03-01 12:12 . 2009-03-01 12:12 <DIR> d-------- c:\documents and settings\DAVIDE LINARI\Dati applicazioni\Sony Ericsson
2009-03-01 12:09 . 2009-03-01 17:11 <DIR> d-------- c:\programmi\Sony Ericsson
2009-03-01 12:09 . 2009-03-01 17:11 <DIR> d-------- c:\programmi\File comuni\Teleca Shared
2009-02-27 20:00 . 2009-03-08 09:33 69 --a------ c:\windows\NeroDigital.ini
2009-02-26 23:23 . 2009-02-26 23:23 <DIR> d-------- c:\documents and settings\DAVIDE LINARI\Dati applicazioni\Apple Computer
2009-02-26 23:22 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-02-26 23:22 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-26 23:21 . 2009-02-26 23:22 <DIR> d-------- c:\programmi\iTunes
2009-02-26 23:21 . 2009-02-26 23:21 <DIR> d-------- c:\programmi\iPod
2009-02-26 23:21 . 2009-02-26 23:21 <DIR> d-------- c:\programmi\Bonjour
2009-02-26 23:21 . 2009-02-26 23:22 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-26 23:20 . 2009-02-26 23:20 <DIR> d-------- c:\programmi\Apple Software Update
2009-02-26 23:20 . 2009-02-26 23:21 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-02-26 23:19 . 2009-03-07 11:59 <DIR> d-------- c:\programmi\File comuni\Apple
2009-02-26 23:19 . 2009-02-26 23:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-02-24 21:23 . 2009-02-24 21:23 1,374 --a------ c:\windows\imsins.BAK
2009-02-15 16:14 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-02-15 16:14 . 2008-12-11 12:32 132,976 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-02-15 16:14 . 2009-02-26 21:01 95,640 --a------ c:\windows\system32\drivers\pctplfw.sys
2009-02-15 16:14 . 2009-02-26 21:01 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-02-15 14:47 . 2009-02-15 14:47 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-02-15 14:32 . 2009-02-15 14:32 <DIR> d-------- c:\programmi\Chami
2009-02-15 14:13 . 2009-02-15 14:13 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Acronis
2009-02-15 14:11 . 2009-02-15 14:37 <DIR> d-------- c:\documents and settings\DAVIDE LINARI\Dati applicazioni\Ahead
2009-02-15 14:10 . 2009-02-15 14:10 <DIR> d-------- c:\programmi\Nero
2009-02-15 14:10 . 2009-02-15 14:12 <DIR> d-------- c:\programmi\File comuni\Ahead
2009-02-15 14:10 . 2009-02-15 14:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-02-15 14:04 . 2009-02-15 14:04 392,320 --a------ c:\windows\system32\drivers\timntr.sys
2009-02-15 14:04 . 2009-02-15 14:04 32,768 --a------ c:\windows\system32\drivers\tifsfilt.sys
2009-02-15 14:03 . 2009-02-15 14:03 114,048 --a------ c:\windows\system32\drivers\snapman.sys
2009-02-15 14:02 . 2009-02-15 14:03 <DIR> d-------- c:\programmi\File comuni\Acronis
2009-02-15 14:02 . 2009-02-15 14:02 <DIR> d-------- c:\programmi\Acronis
2009-02-15 12:08 . 2009-02-15 12:08 82,380 --a------ c:\windows\system32\drivers\AFS2K.SYS
2009-02-15 11:53 . 2009-02-15 11:53 <DIR> d-------- c:\documents and settings\DAVIDE LINARI\Dati applicazioni\Hewlett-Packard
2009-02-15 11:25 . 2009-02-15 11:25 <DIR> d-------- c:\programmi\File comuni\Hewlett-Packard
2009-02-15 11:24 . 2009-02-15 11:25 <DIR> d-------- C:\col3927
2009-02-15 06:58 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-15 06:58 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-02-15 06:58 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-15 01:56 . 2009-03-07 11:59 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-15 01:54 . 2009-02-15 01:55 <DIR> d-------- c:\programmi\Microsoft LifeCam
2009-02-15 01:53 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2009-02-14 19:43 . 2009-02-14 19:43 1,409 --a------ c:\windows\system32\tmpF7AE0.FOT
2009-02-14 19:43 . 2009-02-14 19:43 1,409 --a------ c:\windows\system32\tmpCEAE0.FOT
2009-02-14 19:43 . 2009-02-14 19:43 1,409 --a------ c:\windows\system32\tmpAA8E0.FOT
2009-02-14 19:43 . 2009-02-14 19:43 1,409 --a------ c:\windows\system32\tmpA3BE0.FOT
2009-02-14 19:43 . 2009-02-14 19:43 1,409 --a------ c:\windows\system32\tmp3C9E0.FOT
2009-02-14 19:43 . 2009-02-14 19:43 1,409 --a------ c:\windows\system32\tmp0B7E0.FOT
2009-02-14 19:38 . 2009-02-14 19:38 1,409 --a------ c:\windows\system32\tmpF5EE5.FOT
2009-02-14 19:38 . 2009-02-14 19:38 1,409 --a------ c:\windows\system32\tmp8ECE5.FOT
2009-02-14 19:38 . 2009-02-14 19:38 1,409 --a------ c:\windows\system32\tmp62DE5.FOT
2009-02-14 19:38 . 2009-02-14 19:38 1,409 --a------ c:\windows\system32\tmp3BDE5.FOT
2009-02-14 19:38 . 2009-02-14 19:38 1,409 --a------ c:\windows\system32\tmp2EDE5.FOT
2009-02-14 19:38 . 2009-02-14 19:38 1,409 --a------ c:\windows\system32\tmp02EE5.FOT
2009-02-14 18:28 . 2009-02-14 18:28 <DIR> d-------- c:\programmi\eMule
2009-02-14 18:14 . 2009-03-08 14:14 <DIR> d-------- c:\documents and settings\DAVIDE LINARI\Tracing
2009-02-14 18:13 . 2009-02-14 18:13 <DIR> d-------- c:\programmi\Microsoft
2009-02-14 18:12 . 2009-02-14 18:13 <DIR> d-------- c:\programmi\Windows Live
2009-02-14 18:05 . 2009-02-14 18:05 <DIR> d-------- c:\programmi\File comuni\Windows Live
2009-02-14 17:26 . 2009-02-14 17:26 1,409 --a------ c:\windows\system32\tmp916A2.FOT
2009-02-14 17:26 . 2009-02-14 17:26 1,409 --a------ c:\windows\system32\tmp856A2.FOT
2009-02-14 17:26 . 2009-02-14 17:26 1,409 --a------ c:\windows\system32\tmp4F6A2.FOT
2009-02-14 17:26 . 2009-02-14 17:26 1,409 --a------ c:\windows\system32\tmp327A2.FOT
2009-02-14 17:26 . 2009-02-14 17:26 1,409 --a------ c:\windows\system32\tmp167A2.FOT
2009-02-14 17:26 . 2009-02-14 17:26 1,409 --a------ c:\windows\system32\tmp0A7A2.FOT
2009-02-14 17:19 . 2009-02-14 17:19 <DIR> d-------- c:\programmi\Google
2009-02-14 17:17 . 2009-02-14 17:17 <DIR> d-------- c:\programmi\Windows Media Connect 2
2009-02-14 17:15 . 2009-02-14 17:15 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-14 17:15 . 2009-02-14 17:16 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-14 17:14 . 2009-02-14 17:14 <DIR> d-------- c:\documents and settings\DAVIDE LINARI\Dati applicazioni\vlc
2009-02-14 17:13 . 2009-02-14 17:24 <DIR> d-------- c:\programmi\Yahoo!
2009-02-14 17:13 . 2009-02-14 17:13 <DIR> d-------- c:\programmi\VideoLAN
2009-02-14 17:13 . 2009-02-14 17:13 <DIR> d-------- c:\programmi\CCleaner
2009-02-14 17:13 . 2009-02-14 17:13 <DIR> d-------- c:\documents and settings\DAVIDE LINARI\Dati applicazioni\Yahoo!
2009-02-14 17:12 . 2009-02-14 17:12 <DIR> d-------- c:\programmi\Trend Micro
2009-02-14 17:10 . 2009-02-15 01:49 294 --a------ c:\windows\hpqcopy.INI
2009-02-14 13:06 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll
2009-02-14 13:06 . 2009-02-14 13:06 424 --a------ c:\windows\ODBC.INI
2009-02-14 13:04 . 2009-02-14 13:05 <DIR> d-------- c:\windows\SHELLNEW
2009-02-14 12:56 . 2009-02-14 12:56 <DIR> dr-h----- C:\MSOCache
2009-02-14 12:51 . 2009-02-14 12:51 <DIR> d-------- c:\documents and settings\DAVIDE LINARI\Dati applicazioni\Cartella di caricamento Share-to-Web
2009-02-14 12:51 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-14 12:51 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 14:08 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-07 15:57 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-03-01 11:08 --------- d-----w c:\programmi\File comuni\InstallShield
2009-02-26 22:04 --------- d-----w c:\programmi\PC Tools Firewall Plus
2009-02-22 17:53 --------- d-----w c:\programmi\File comuni\PC Tools
2009-02-15 07:23 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-15 07:23 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-15 07:23 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-14 08:45 --------- d-----w c:\documents and settings\DAVIDE LINARI\Dati applicazioni\PCToolsFirewallPlus
2009-02-14 08:43 --------- d-----w c:\programmi\AVG
2009-02-14 08:39 --------- d-----w c:\programmi\Trust
2009-02-14 08:38 646,400 ----a-w c:\windows\system32\drivers\CnxEtU.sys
2009-02-14 08:38 60,288 ----a-w c:\windows\system32\drivers\CnxEtP.sys
2009-02-14 08:38 163,840 ----a-w c:\windows\system32\CnxHwIo.dll
2009-02-14 08:38 118,784 ----a-w c:\windows\system32\CnxMfdCo.dll
2009-02-14 08:38 118,784 ----a-w c:\windows\system32\CnxClsCo.dll
2009-02-14 08:38 108,771 ----a-w c:\windows\system32\drivers\CnxTgN.sys
2009-02-14 07:45 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-14 07:45 --------- d-----w c:\programmi\C-Media 3D Audio
2009-02-14 07:43 --------- d-----w c:\programmi\Intel
2009-02-14 07:27 --------- d-----w c:\programmi\microsoft frontpage
2009-02-14 07:26 --------- d-----w c:\programmi\Servizi in linea
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-20 22:31 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus D92 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE" [2006-09-27 139264]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-14 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2009-02-14 462848]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-26 2652056]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-15 1601304]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"Share-to-Web Namespace Daemon"="c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImage\TrueImageMonitor.exe" [2007-03-02 1165288]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImage\TimounterMonitor.exe" [2007-03-02 1945904]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2007-03-02 149024]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-01-06 290088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-15 08:23 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-14 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-14 107272]
R1 is-0RLU5drv;is-0RLU5drv;c:\windows\system32\drivers\62306766.sys [2009-03-07 148496]
R1 is-AAUJMdrv;is-AAUJMdrv;c:\windows\system32\drivers\20945743.sys [2009-03-07 148496]
R1 is-M8OGKdrv;is-M8OGKdrv;c:\windows\system32\drivers\66290674.sys [2009-03-07 148496]
R1 is-UEMMNdrv;is-UEMMNdrv;c:\windows\system32\drivers\59269943.sys [2009-03-07 148496]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-02-15 159600]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-14 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-14 298264]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-02-15 73840]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2009-02-14 60288]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;c:\windows\system32\drivers\CnxEtU.sys [2009-02-14 646400]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [2009-02-14 108771]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-02-15 95640]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-03-01 13224]
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {83DFAA43-6D08-42EB-8256-C1E033205823} = 85.37.17.47 85.38.28.82
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 15:08:02
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\relog_ap.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-08 15:11:03 - Il pc è stato riavviato [DAVIDE LINARI]
ComboFix-quarantined-files.txt 2009-03-08 14:10:57

Pre-Run: 14,647,029,760 byte disponibili
Post-Run: 14,898,802,688 byte disponibili

276 --- E O F --- 2009-02-24 20:23:14
Torna in alto
 
r16
Inviato: Sunday, March 08, 2009 5:27:23 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao Rio.
Allora....
Il log di Combofix, è pulito.
MBAM non ha trovato niente.
Il log di HJT è a posto.
Hai fatto tutte le pulizie del caso.
Disistalla Combofix nelle modalità suggerite nel post precedente.
Devi solo disattivare il Ripristino Configurazione Sistema.
Riavviare il pc .
E creare un nuovo punto di ripristino.
A mio avviso (se non hai notato qualcos'altro di strano) puoi fare il Buckup.
Ciao.
Torna in alto
 
RIOLOTERME
Inviato: Sunday, March 08, 2009 5:48:44 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
r16 ha scritto:
Ciao Rio.
Allora....
Il log di Combofix, è pulito.
MBAM non ha trovato niente.
Il log di HJT è a posto.
Hai fatto tutte le pulizie del caso.
Disistalla Combofix nelle modalità suggerite nel post precedente.
Devi solo disattivare il Ripristino Configurazione Sistema.
Riavviare il pc .
E creare un nuovo punto di ripristino.
A mio avviso (se non hai notato qualcos'altro di strano) puoi fare il Buckup.
Ciao.


ho provato a digitare il comando di disinstallazione ma mi parte l'esegui del programmad'oh!
Torna in alto
 
r16
Inviato: Sunday, March 08, 2009 5:56:02 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
AZZZ.... me lo stà facendo troppe volte stò scherzetto.......devo indagare. (forse non hai rispettato gli "spazi")
Fai cosi:
Vai in C:\ elimina la cartella Combofix, il log, e la cartella qoobox.
Poi con la funzione "cerca" digita Combofix e elimina tutto quello che trova.
Poi fai una pulizia con CCleaner.
Torna in alto
 
RIOLOTERME
Inviato: Monday, March 09, 2009 9:32:10 AM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
grazie problema risolto r16
Torna in alto
 
RIOLOTERME
Inviato: Wednesday, March 11, 2009 9:43:01 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
tutto ok ?quando ho fatto il backup avg mi ha trovato un viris che non mi sono segnato e magari poi non lo e'...lo messo in quarantena ma e' questo :"Infezione";"Trojan Pakes.CFZ";"C:\Documents and Settings\DAVIDE LINARI\Desktop\Virus Removal Tool\is-0RLU5\is-0RLU5.exe";"";"07/03/2009, 14.30.12"

ti faccio un altro hj:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\vVX1000.exe
C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImage\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\eMule\eMule.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\AVG\AVG8\avgui.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImage\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S8F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-0RLU5.lnk = C:\Documents and Settings\DAVIDE LINARI\Desktop\Virus Removal Tool\is-0RLU5\startup.exe
O4 - Startup: is-AAUJM.lnk = C:\Documents and Settings\DAVIDE LINARI\Desktop\Virus Removal Tool1\is-AAUJM\startup.exe
O4 - Startup: is-M8OGK.lnk = C:\Documents and Settings\DAVIDE LINARI\Desktop\Virus Removal Tool1\is-M8OGK\startup.exe
O4 - Startup: is-UEMMN.lnk = C:\Documents and Settings\DAVIDE LINARI\Desktop\Virus Removal Tool\is-UEMMN\startup.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234604706187
O17 - HKLM\System\CCS\Services\Tcpip\..\{83DFAA43-6D08-42EB-8256-C1E033205823}: NameServer = 85.37.17.47 85.38.28.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{83DFAA43-6D08-42EB-8256-C1E033205823}: NameServer = 85.37.17.47 85.38.28.82
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe

--
End of file - 7845 bytes
Torna in alto
 
r16
Inviato: Wednesday, March 11, 2009 11:24:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao Rio.
Infatti non lo è. (un virus)
Si tratta del Tool di Kaspersky. (non lo hai eliminato,lo hai ancora sul Desktop ?)
Elimina queste voci di HJT:
O4 - Startup: is-0RLU5.lnk = C:\Documents and Settings\DAVIDE LINARI\Desktop\Virus Removal Tool\is-0RLU5\startup.exe
O4 - Startup: is-AAUJM.lnk = C:\Documents and Settings\DAVIDE LINARI\Desktop\Virus Removal Tool1\is-AAUJM\startup.exe
O4 - Startup: is-M8OGK.lnk = C:\Documents and Settings\DAVIDE LINARI\Desktop\Virus Removal Tool1\is-M8OGK\startup.exe
O4 - Startup: is-UEMMN.lnk = C:\Documents and Settings\DAVIDE LINARI\Desktop\Virus Removal Tool\is-UEMMN\startup.exe
Poi fai una pulizia con Ccleaner, e Riavvia il pc.
Torna in alto
 
RIOLOTERME
Inviato: Thursday, March 12, 2009 9:58:18 PM
Rank: AiutAmico

Iscritto dal : 7/26/2007
Posts: 1,016
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.53.13, on 12/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\vVX1000.exe
C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImage\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImage\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S8F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234604706187
O17 - HKLM\System\CCS\Services\Tcpip\..\{83DFAA43-6D08-42EB-8256-C1E033205823}: NameServer = 85.37.17.47 85.38.28.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{83DFAA43-6D08-42EB-8256-C1E033205823}: NameServer = 85.37.17.47 85.38.28.82
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe

--
End of file - 7143 bytes




COME SEMPRE UNO DI NOI R16 DETTO AVG 16
Torna in alto
 
r16
Inviato: Thursday, March 12, 2009 10:39:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao Rio.
Il log è a posto.
Vai tranquillo.
Ciao!
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » r16 uno di noi


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.