Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

controllo log hijackthis please! Opzioni
bio.org
Inviato: Tuesday, June 30, 2009 8:43:18 PM
Rank: AiutAmico

Iscritto dal : 6/29/2006
Posts: 42
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.41.24, on 30/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
C:\Programmi\File comuni\Protexis\License Service\PSIService.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\ASUS\Wireless Console\wcourier.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console] C:\Programmi\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241703302796
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6AB2A2F-7913-4FC0-8E92-6C6D589634FA}: NameServer = 193.70.152.15
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Programmi\File comuni\Protexis\License Service\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymSnapService - Symantec - C:\Programmi\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 8541 bytes
Sponsor
Inviato: Tuesday, June 30, 2009 8:43:18 PM

 
shapiro
Inviato: Tuesday, June 30, 2009 9:07:08 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

hai un'infezione

scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio

Avvia il file avenger.exe

Copi e incolli nella finestra: "Imput script here" il SEGUENTE testo COSI' come l'ho scritto CON la dicitura files to delete:

files to delete:
C:\WINDOWS\system32\olhrwef.exe


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.


Esegui una scansione con malwarebytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.

per ora non rimuovere nulla
bio.org
Inviato: Wednesday, July 01, 2009 9:53:17 AM
Rank: AiutAmico

Iscritto dal : 6/29/2006
Posts: 42
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Jun 18 12:21:36 2009

12:21:36: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Jun 18 12:21:56 2009

12:21:56: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Jun 18 12:22:26 2009

12:22:26: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Jun 18 12:23:10 2009

12:23:10: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Jun 18 12:33:04 2009

12:33:04: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\olhrwef.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
shapiro
Inviato: Wednesday, July 01, 2009 10:01:00 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
quando hai il log di malwarebytes posta anche quello
bio.org
Inviato: Wednesday, July 01, 2009 12:26:03 PM
Rank: AiutAmico

Iscritto dal : 6/29/2006
Posts: 42
questo è il log di malwarebytes

Malwarebytes' Anti-Malware 1.38
Versione del database: 2297
Windows 5.1.2600 Service Pack 2

01/07/2009 12.24.03
mbam-log-2009-07-01 (12-23-59).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 192691
Tempo trascorso: 25 minute(s), 5 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 1
Chiavi di registro infette: 41
Valori di registro infetti: 2
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 80

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\WINDOWS\system32\e8main0.dll (Spyware.OnlineGames) -> No action taken.

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i386si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\i386si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ksi32sk (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ksi32sk (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netsik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netsik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acpi32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acpi32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fips32cup (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fips32cup (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amd64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\amd64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\securentm (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\securentm (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\port135sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\port135sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\systemntmi (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\systemntmi (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MYS Mutex Algorithm Service (Backdoor.IRCBot) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sysdrv32 (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Minimal\MYS Mutex Algorithm Service (Backdoor.IRCBot) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Network\MYS Mutex Algorithm Service (Backdoor.IRCBot) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\e8main0.dll (Spyware.OnlineGames) -> No action taken.
c:\hkn6k.bat (Spyware.OnlineGames) -> No action taken.
c:\ysep1.exe (Spyware.OnlineGames) -> No action taken.
c:\w.com (Spyware.OnlineGames) -> No action taken.
c:\j.cmd (Spyware.OnlineGames) -> No action taken.
c:\n68mqcra.exe (Trojan.Agent) -> No action taken.
c:\icxpa.cmd (Spyware.OnlineGames) -> No action taken.
c:\ukvr.bat (Spyware.OnlineGames) -> No action taken.
c:\3.cmd (Spyware.OnlineGames) -> No action taken.
c:\2a.exe (Spyware.OnlineGames) -> No action taken.
c:\9dlvtiil.exe (Spyware.OnlineGames) -> No action taken.
c:\xdglur.bat (Spyware.OnlineGames) -> No action taken.
c:\WINDOWS\system32\nmdfgds3.dll (Spyware.OnlineGames) -> No action taken.
c:\WINDOWS\system32\37.scr (Backdoor.SdBot) -> No action taken.
c:\WINDOWS\system32\logon.exe (Backdoor.SdBot) -> No action taken.
c:\WINDOWS\system32\mjkifcf.exe (Worm.Iksmas) -> No action taken.
c:\WINDOWS\system32\cnuq.exe (Worm.Iksmas) -> No action taken.
c:\WINDOWS\system32\pzzbd.exe (Worm.Iksmas) -> No action taken.
c:\WINDOWS\system32\60.scr (Backdoor.SdBot) -> No action taken.
c:\WINDOWS\system32\znfyzi.exe (Worm.Iksmas) -> No action taken.
c:\WINDOWS\system32\twzy.exe (Worm.Iksmas) -> No action taken.
c:\WINDOWS\system32\eojivguq.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\sqgwfkkm.exe (Worm.Iksmas) -> No action taken.
c:\WINDOWS\system32\yedal.exe (Worm.Iksmas) -> No action taken.
c:\WINDOWS\system32\16.scr (Backdoor.SdBot) -> No action taken.
c:\WINDOWS\system32\gkqgles.exe (Worm.Iksmas) -> No action taken.
c:\WINDOWS\system32\jatwfpto.exe (Worm.Iksmas) -> No action taken.
c:\WINDOWS\system32\drivers\i386si.sys (Rootkit.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\ksi32sk.sys (Rootkit.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\nicsk32.sys (Rootkit.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\ati64si.sys (Rootkit.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\netsik.sys (Rootkit.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\acpi32.sys (Rootkit.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\ws2_32sik.sys (Rootkit.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\fips32cup.sys (Rootkit.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\amd64si.sys (Rootkit.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\securentm.sys (Rootkit.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\port135sik.sys (Rootkit.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\systemntmi.sys (Rootkit.Agent) -> No action taken.
c:\documents and settings\networkservice\impostazioni locali\temporary internet files\Content.IE5\JSJE2R7M\fqps[1].png (Trojan.Conficker) -> No action taken.
c:\documents and settings\networkservice\impostazioni locali\temporary internet files\Content.IE5\39Q3FT70\lao[1].exe (Backdoor.SdBot) -> No action taken.
c:\documents and settings\networkservice\impostazioni locali\temporary internet files\Content.IE5\39Q3FT70\lao[2].exe (Backdoor.SdBot) -> No action taken.
c:\documents and settings\networkservice\impostazioni locali\temporary internet files\Content.IE5\39Q3FT70\lao[3].exe (Backdoor.SdBot) -> No action taken.
c:\documents and settings\networkservice\impostazioni locali\temporary internet files\Content.IE5\W1X9BJXT\600[1].exe (Backdoor.SdBot) -> No action taken.
c:\documents and settings\localservice\impostazioni locali\temporary internet files\Content.IE5\ZEOS5RAH\600[1].exe (Backdoor.SdBot) -> No action taken.
c:\documents and settings\localservice\impostazioni locali\temporary internet files\Content.IE5\ZEOS5RAH\600[2].exe (Backdoor.SdBot) -> No action taken.
c:\documents and settings\localservice\impostazioni locali\temporary internet files\Content.IE5\ZEOS5RAH\600[3].exe (Backdoor.SdBot) -> No action taken.
c:\documents and settings\Bio.org\Bio.org.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\nu faciti dannu!\Nu faciti dannu!.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0003996.exe (Trojan.Banker) -> No action taken.
c:\FOUND.010\FILE0004.CHK (Rootkit.Agent) -> No action taken.
c:\FOUND.012\FILE0000.CHK (Trojan.Rabbit) -> No action taken.
c:\FOUND.013\FILE0000.CHK (Trojan.Rabbit) -> No action taken.
c:\FOUND.014\FILE0001.CHK (Trojan.Rabbit) -> No action taken.
d:\2a.exe (Spyware.OnlineGames) -> No action taken.
d:\3.cmd (Spyware.OnlineGames) -> No action taken.
d:\9dlvtiil.exe (Spyware.OnlineGames) -> No action taken.
d:\hkn6k.bat (Spyware.OnlineGames) -> No action taken.
d:\icxpa.cmd (Spyware.OnlineGames) -> No action taken.
d:\j.cmd (Spyware.OnlineGames) -> No action taken.
d:\n68mqcra.exe (Trojan.Agent) -> No action taken.
d:\ukvr.bat (Spyware.OnlineGames) -> No action taken.
d:\w.com (Spyware.OnlineGames) -> No action taken.
d:\xdglur.bat (Spyware.OnlineGames) -> No action taken.
d:\ymxf2.exe (Spyware.OnlineGames) -> No action taken.
d:\ysep1.exe (Spyware.OnlineGames) -> No action taken.
d:\system volume information\_restore{6a78b804-0846-4fc3-b3cf-4d6d25f97cf1}\RP37\A0009036.exe (Spyware.OnlineGames) -> No action taken.
d:\system volume information\_restore{6a78b804-0846-4fc3-b3cf-4d6d25f97cf1}\RP37\A0009039.cmd (Spyware.OnlineGames) -> No action taken.
d:\system volume information\_restore{6a78b804-0846-4fc3-b3cf-4d6d25f97cf1}\RP37\A0009040.exe (Spyware.OnlineGames) -> No action taken.
d:\system volume information\_restore{6a78b804-0846-4fc3-b3cf-4d6d25f97cf1}\RP37\A0009156.exe (Spyware.OnlineGames) -> No action taken.
d:\system volume information\_restore{6a78b804-0846-4fc3-b3cf-4d6d25f97cf1}\RP37\A0009159.cmd (Spyware.OnlineGames) -> No action taken.
c:\s.exe (Trojan.Agent) -> No action taken.
c:\gpcdt.cmd (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> No action taken.
c:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnlineGames) -> No action taken.
c:\WINDOWS\system32\nmdfgds2.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> No action taken.
C:\q9.cmd (Spyware.OnlineGames) -> No action taken.
C:\sm.exe (Worm.Autorun) -> No action taken.
shapiro
Inviato: Wednesday, July 01, 2009 12:34:28 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai il pc infestato di virus ....come hai fatto a prenderli?

riavvia malwarebytes, elimina tutto quello che ha trovato e postami un log di hjt aggiornato
bio.org
Inviato: Wednesday, July 01, 2009 9:18:22 PM
Rank: AiutAmico

Iscritto dal : 6/29/2006
Posts: 42
questo è il log dopo aver eliminato le voci trovate!




Malwarebytes' Anti-Malware 1.38
Versione del database: 2297
Windows 5.1.2600 Service Pack 2

01/07/2009 21.16.50
mbam-log-2009-07-01 (21-16-46).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|G:\|H:\|)
Elementi scansionati: 192031
Tempo trascorso: 27 minute(s), 47 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 38

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004006.bat (Spyware.OnlineGames) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004007.exe (Spyware.OnlineGames) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004008.com (Spyware.OnlineGames) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004009.cmd (Spyware.OnlineGames) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004010.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004011.cmd (Spyware.OnlineGames) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004012.bat (Spyware.OnlineGames) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004013.cmd (Spyware.OnlineGames) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004014.exe (Spyware.OnlineGames) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004015.exe (Spyware.OnlineGames) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004016.bat (Spyware.OnlineGames) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004017.dll (Spyware.OnlineGames) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004018.scr (Backdoor.SdBot) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004019.exe (Backdoor.SdBot) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004020.exe (Worm.Iksmas) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004021.exe (Worm.Iksmas) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004022.exe (Worm.Iksmas) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004023.scr (Backdoor.SdBot) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004024.exe (Worm.Iksmas) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004025.exe (Worm.Iksmas) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004026.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004027.exe (Worm.Iksmas) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004028.exe (Worm.Iksmas) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004029.scr (Backdoor.SdBot) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004030.exe (Worm.Iksmas) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004031.exe (Worm.Iksmas) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004032.sys (Rootkit.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004033.sys (Rootkit.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004034.sys (Rootkit.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004035.sys (Rootkit.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004036.sys (Rootkit.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004037.sys (Rootkit.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004038.sys (Rootkit.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004039.sys (Rootkit.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004040.sys (Rootkit.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004041.sys (Rootkit.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004042.sys (Rootkit.Agent) -> No action taken.
c:\system volume information\_restore{5477fe34-e591-4b22-b217-ed805dbf3249}\RP17\A0004043.sys (Rootkit.Agent) -> No action taken.
shapiro
Inviato: Wednesday, July 01, 2009 9:24:29 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
disattiva il ripristino

Per disattivare il ripristino di sistema vai su :
Start/tasto destro del mouse su risorse del computer/proprietà/Ripristino configurazione del sistema/e metti la spunta su "disattiva ripristino configurazione del sistema"


avvia nuovamente malwarebytes ed elimina tutto quello che ha trovato

Riattiva il ripristino e crea un nuovo punto

Postami un log di hjt e procediamo con le altre pulizie

Il pc adesso come va'?

ricorda di installare il sp3 per la sicurezza del tuo pc

http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&DisplayLang=it

bio.org
Inviato: Wednesday, July 01, 2009 9:38:45 PM
Rank: AiutAmico

Iscritto dal : 6/29/2006
Posts: 42
log hijackthis dopo aver effettuato la pulizia con malwarebytes con ripristino disattivato.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.36.58, on 01/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
C:\Programmi\File comuni\Protexis\License Service\PSIService.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\ASUS\Wireless Console\wcourier.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console] C:\Programmi\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241703302796
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6AB2A2F-7913-4FC0-8E92-6C6D589634FA}: NameServer = 193.70.152.15
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Programmi\File comuni\Protexis\License Service\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymSnapService - Symantec - C:\Programmi\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 8414 bytes
shapiro
Inviato: Wednesday, July 01, 2009 9:44:05 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
il log e' a posto

fai pulizia con ccleaner


http://www.ccleaner.com

Importante:

In fase d’installazione levare la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.