Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Non riesco ad installare dei programmi chiedo consultazione log HijackThis

3 pages: 1 2 [3]
Non riesco ad installare dei programmi chiedo consultazione log HijackThis Opzioni
Topic Precedente · Topic Sucessivo
giovannino60
Inviato: Monday, January 11, 2010 4:32:41 PM
Rank: AiutAmico

Iscritto dal : 8/20/2009
Posts: 1,691
START/ESEGUI/Combofix /Uninstall. Esce una scritta che non trova combofix
Torna in alto
 
r16
Inviato: Monday, January 11, 2010 4:36:42 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Fai una prova:
Dove hai scaricato Combofix, ci deve essere un'icona, a forma di un leone.
prova a trascinarla sul DESKTOP.
Se riesci, esegui ALLA LETTERA le indicazioni dello script.
Torna in alto
 
giovannino60
Inviato: Monday, January 11, 2010 4:40:00 PM
Rank: AiutAmico

Iscritto dal : 8/20/2009
Posts: 1,691
Non ci sono immagini con il leone.
Torna in alto
 
r16
Inviato: Monday, January 11, 2010 4:44:18 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Con la funzione "Cerca" di Windows, digita Combofix
Elimina tutto quello che trova.
Riavvia il pc.

Poi scarica sul DESKTOP questa versione di Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Fai una scansione.
Posta il log.
Torna in alto
 
giovannino60
Inviato: Monday, January 11, 2010 11:53:15 PM
Rank: AiutAmico

Iscritto dal : 8/20/2009
Posts: 1,691
ComboFix 10-01-11.01 - UTENTE 11/01/2010 23.18.17.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.701 [GMT 1:00]
Eseguito da: c:\documents and settings\UTENTE\Desktop\Aiutamici\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100111-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-12-11 al 2010-01-11 )))))))))))))))))))))))))))))))))))
.

2010-01-09 11:02 . 2010-01-09 11:02 -------- d-----w- c:\programmi\CCleaner
2010-01-08 19:38 . 2010-01-08 19:38 -------- d-----w- c:\programmi\Windows Installer Clean Up
2010-01-08 15:51 . 2010-01-11 05:40 -------- d-----w- C:\Aiutamici
2010-01-07 21:10 . 2010-01-11 15:06 -------- d-----w- C:\Parcelle Tecnobit
2010-01-07 20:50 . 2010-01-07 20:51 -------- d-----w- C:\Windows installer cleanup
2009-12-28 18:39 . 2009-12-28 18:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SSScanAppDataDir
2009-12-28 18:39 . 2009-12-28 18:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MSScanAppDataDir
2009-12-17 09:35 . 2009-12-17 09:35 179 ----a-w- C:\handle.dat
2009-12-17 09:34 . 2009-12-17 09:34 -------- d-----w- c:\programmi\File comuni\Sonic Shared
2009-12-17 09:33 . 2009-12-17 09:34 -------- d-----w- c:\programmi\File comuni\HP
2009-12-17 09:30 . 2006-03-08 02:33 173 ------w- c:\windows\hpgmdl13.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 22:25 . 2009-03-13 20:28 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-11 22:25 . 2009-03-13 20:28 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-11 22:14 . 2009-03-04 18:58 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\Skype
2010-01-11 22:12 . 2009-03-04 19:02 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\skypePM
2010-01-11 13:43 . 2006-10-22 06:23 -------- d-----w- c:\programmi\Java
2010-01-09 15:10 . 2009-11-21 21:24 -------- d-----w- c:\programmi\OFFICE11
2010-01-09 15:04 . 2001-08-31 11:00 82698 ----a-w- c:\windows\system32\perfc010.dat
2010-01-09 15:04 . 2001-08-31 11:00 485418 ----a-w- c:\windows\system32\perfh010.dat
2010-01-08 19:38 . 2010-01-08 19:38 3584 ----a-r- c:\documents and settings\UTENTE\Dati applicazioni\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-01-08 19:37 . 2009-09-02 13:15 -------- d-----w- c:\programmi\MSECACHE
2010-01-07 21:15 . 2006-10-18 20:19 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-07 15:07 . 2009-09-19 06:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-09-19 06:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 20:18 . 2009-11-21 13:24 -------- d-----w- c:\programmi\XoftSpySE
2009-12-30 16:27 . 2006-10-22 08:42 -------- d-----w- c:\programmi\Tecnobit
2009-12-17 09:35 . 2006-11-29 18:31 102637 ----a-w- c:\windows\hpgins13.dat
2009-12-17 09:35 . 2006-10-18 20:04 130568 ----a-w- c:\documents and settings\UTENTE\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-17 09:32 . 2006-10-24 05:30 -------- d-----w- c:\programmi\Hewlett-Packard
2009-12-17 09:32 . 2006-11-29 19:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2009-12-06 20:24 . 2009-10-30 18:19 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\Profis
2009-12-06 19:45 . 2009-11-21 21:23 -------- d-----w- c:\programmi\Hilti
2009-12-05 06:46 . 2009-03-04 18:58 -------- d-----r- c:\programmi\Skype
2009-12-05 06:45 . 2009-12-05 06:45 -------- d-----w- c:\programmi\File comuni\Skype
2009-12-05 06:45 . 2009-03-04 18:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-12-03 05:46 . 2008-08-10 06:59 -------- d-----w- c:\programmi\IZArc
2009-12-01 17:41 . 2006-10-22 06:59 -------- d-----w- c:\programmi\AutoCAD LT 2000
2009-11-26 05:21 . 2006-10-23 13:48 -------- d-----w- c:\programmi\File comuni\Logitech
2009-11-24 23:54 . 2009-11-22 18:10 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-22 18:10 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-11-22 18:10 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-22 18:10 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-22 18:10 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-22 18:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 15:14 . 2009-10-22 14:53 1 ----a-w- c:\documents and settings\UTENTE\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-23 20:01 . 2006-10-19 06:28 -------- d-----w- c:\programmi\File comuni\Adobe
2009-11-22 17:48 . 2007-01-19 07:13 -------- d-----w- c:\programmi\Microsoft ActiveSync
2009-11-22 17:40 . 2006-10-19 06:17 -------- d-----w- c:\programmi\Microsoft Works
2009-11-22 17:40 . 2009-11-21 21:24 -------- d-----w- c:\programmi\MEDIA
2009-11-22 17:40 . 2009-11-21 21:17 -------- d-----w- c:\programmi\CLIPART
2009-11-22 17:39 . 2009-03-12 15:53 -------- d-----w- c:\programmi\MSBuild
2009-11-22 17:39 . 2009-11-22 17:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-11-22 14:22 . 2009-11-22 14:22 -------- d-----w- c:\programmi\Photoshop
2009-11-22 14:11 . 2009-11-22 14:11 -------- d-----w- c:\programmi\Burn masterizzatore
2009-11-22 14:06 . 2006-10-19 05:28 -------- d-----w- c:\programmi\Google
2009-11-22 07:03 . 2006-10-22 06:26 -------- d-----w- c:\programmi\Graphisoft
2009-11-21 21:27 . 2009-11-21 21:27 -------- d-----w- c:\programmi\Templates
2009-11-21 21:26 . 2009-11-21 21:26 -------- d-----w- c:\programmi\Print-server
2009-11-21 18:39 . 2009-11-21 18:39 -------- d-----w- c:\programmi\Alwil Software
2009-11-21 13:05 . 2006-10-19 05:35 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\Lavasoft
2009-11-21 13:03 . 2007-04-07 16:11 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\Acubix PicoBackup Outlook Express Edition
2009-11-18 15:46 . 2008-03-31 14:20 -------- d-----w- c:\programmi\Strutture Tecnobit
2009-11-18 09:50 . 2009-09-19 20:03 17383456 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-07 12:45 . 2009-11-07 12:45 152576 ----a-w- c:\documents and settings\UTENTE\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-05-04 15:23 . 2009-05-04 15:23 270978 ----a-w- c:\programmi\La direzione dei lavori.zip
2009-03-26 11:28 . 2009-11-21 21:27 901120 ----a-w- c:\programmi\DEI_ScuoleEcocompatibili.exe
2008-08-10 06:57 . 2008-08-10 06:57 3723454 ----a-w- c:\programmi\IZArc_Setup.exe
2008-07-17 18:59 . 2008-07-17 19:01 3536683 ----a-w- c:\programmi\PicoBackupOESetup.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-03-30 14:45 . 2006-03-30 14:45 313472 c:\programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

2006-10-18 20:23 . 2003-05-05 06:57 143360 c:\programmi\Analog Devices\SoundMAX\bak\SMTray.exe

2006-10-19 05:16 . 2004-06-10 19:10 339968 c:\programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2006-10-23 13:43 . 2004-05-10 14:54 49152 c:\programmi\Brother\Brmfl04c\bak\BrStDvPt.exe
2009-08-10 13:39 . 2004-05-10 14:54 49152 c:\programmi\Brother\Brmfl04c\BrStDvPt.exe

2003-09-29 23:14 . 2003-09-29 23:14 155648 c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe

2007-01-27 18:16 . 2007-01-27 18:16 171448 c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

2006-02-19 01:41 . 2006-02-19 01:41 49152 c:\programmi\HP\HP Software Update\bak\HPWuSchd2.exe
2006-02-19 01:41 . 2006-02-19 01:41 49152 c:\programmi\HP\HP Software Update\hpwuSchd2.exe

2006-06-15 07:43 . 2006-06-15 07:43 49152 c:\programmi\HP\ToolboxFX\bin\bak\HPTLBXFX.exe
2009-08-10 13:39 . 2006-06-15 07:43 49152 c:\programmi\HP\ToolboxFX\bin\HPTLBXFX.exe

2006-10-22 06:23 . 2005-11-10 11:03 36975 c:\programmi\Java\jre1.5.0_06\bin\bak\jusched.exe

2007-12-11 15:21 . 2007-09-25 00:11 132496 c:\programmi\Java\jre1.6.0_03\bin\bak\jusched.exe

2006-10-23 13:48 . 2003-12-01 09:38 892928 c:\programmi\Logitech\iTouch\bak\iTouch.exe

2006-10-23 16:30 . 2003-07-29 22:37 332288 c:\programmi\MemoRex\bak\MemoRexStart.exe
2009-08-10 13:39 . 2003-07-29 22:37 332288 c:\programmi\MemoRex\MemoRexStart.exe

2006-06-21 02:52 . 2006-06-21 02:52 1211176 c:\programmi\Microsoft ActiveSync\bak\wcescomm.exe
2006-06-21 02:52 . 2006-06-21 02:52 1211176 c:\programmi\Microsoft ActiveSync\wcescomm.exe

2006-09-01 14:57 . 2006-09-01 14:57 282624 c:\programmi\QuickTime\bak\qttask.exe
2009-08-10 13:39 . 2006-09-01 14:57 282624 c:\programmi\QuickTime\qttask.exe

2005-06-17 13:52 . 2005-06-17 13:52 1129472 c:\programmi\Salvataggio outlook express\PicoBackupOE\bak\PicoBackupAgent.exe

2001-08-31 11:00 . 2004-08-19 13:39 15360 c:\windows\system32\bak\ctfmon.exe
2001-08-31 11:00 . 2008-04-13 17:14 15360 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zzzHPSETUP"="d:\setup.exe \RESET" [X]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"HPUsageTracking"="c:\programmi\HP\HP UT\bin\hppusg.exe" [2006-06-14 36864]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-09-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\programmi\File comuni\logishrd\WUApp32.exe" [2008-12-17 443664]

c:\documents and settings\UTENTE\Menu Avvio\Programmi\Esecuzione automatica\
Printkey.lnk - C:\Printkey.exe [2006-10-22 514560]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2006-10-23 212992]
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2009-11-23 25214]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-3-24 66864]
Status Monitor.lnk - c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe [2006-10-23 819200]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Adobe\\Acrobat 7.0\\Acrobat\\Acrobat.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9633:TCP"= 9633:TCP:gyira
"3389:TCP"= 3389:TCP:Remote Desktop

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22/11/2009 19.10.45 114768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [21/09/2009 16.08.32 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [21/09/2009 16.08.32 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [21/09/2009 16.08.32 29776]
R2 ACCAKeyServer;ACCA Key Server v.2.00;c:\acca\ACCAKeyServer\ACCAKeyService.EXE [15/03/2009 18.35.13 528896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/11/2009 19.10.45 20560]
R2 CPUSB;CPUsb.Sys driver;c:\windows\system32\drivers\CPUSB.sys [22/10/2006 9.09.26 17080]
R2 cpwnt;cpwnt;c:\windows\system32\drivers\CPWNT.SYS [21/10/2006 19.08.06 21824]
S1 SASKUTIL;SASKUTIL;\??\f:\programmi\SuperantiSpyware\SASKUTIL.sys --> f:\programmi\SuperantiSpyware\SASKUTIL.sys [?]
S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]
S2 OAcat;Online Armor Helper Service;"f:\programmi\Firewall Armor\Online Armor\OAcat.exe" --> f:\programmi\Firewall Armor\Online Armor\OAcat.exe [?]
S2 SvcOnlineArmor;Online Armor;f:\programmi\Firewall Armor\Online Armor\oasrv.exe --> f:\programmi\Firewall Armor\Online Armor\oasrv.exe [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/03/2009 17.33.32 33808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gzemr
ejivo
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-11 c:\windows\Tasks\XoftSpySE 2.job
- c:\programmi\XoftSpySE\XoftSpy.exe [2009-11-21 16:34]

2010-01-11 c:\windows\Tasks\XoftSpySE.job
- c:\programmi\XoftSpySE\XoftSpy.exe [2009-11-21 16:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.virgilio.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\Office12\EXCEL.EXE/3000
TCP: {667CCFE0-179F-4596-86C5-C5967CC876D0} = 151.99.125.2,151.99.125.3
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\UTENTE\Dati applicazioni\Mozilla\Firefox\Profiles\1awbkkbc.default\
FF - prefs.js: browser.startup.homepage - hxxp://VIRGILIO.IT
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - c:\programmi\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
Toolbar-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - c:\programmi\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - c:\programmi\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - f:\programmi\SuperantiSpyware\SASSEH.DLL
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - f:\progra~1\FIREWA~1\ONLINE~1\oaevent.dll
Notify-!SASWinLogon - f:\programmi\SuperantiSpyware\SASWINLO.dll
Notify-avgrsstarter - avgrsstx.dll
AddRemove-001FFFFFFF10FF00FF1501F08F02F000-R1 - f:\programmi\Graphisoft\ArchiCAD 10\Uninstall.AC\uninstaller.exe
AddRemove-Channel V2.76 - f:\progra~1\Hilti\CHANNE~1\UNWISE.EXE
AddRemove-HijackThis - c:\aiutamici\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 23:36
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3820)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\programmi\Logitech\MouseWare\System\LgWndHk.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\programmi\File comuni\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\brss01a.exe
c:\programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\Brmfrmps.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Logitech\MouseWare\system\em_exec.exe
c:\programmi\Microsoft ActiveSync\wcescomm.exe
c:\programmi\Skype\Phone\Skype.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-11 23:46:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-11 22:46

Pre-Run: 225 087 275 008 byte disponibili
Post-Run: 225 064 079 360 byte disponibili

- - End Of File - - ED71C6951E2EFA7C2BE82B9D0E543947
Torna in alto
 
r16
Inviato: Tuesday, January 12, 2010 12:07:37 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
C:\WINDOWS\system32\drivers\soqwx32.sys
C:\WINDOWS\system32\drivers\aswFsBlk.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9633:TCP"=-

NetSvcs::
gzemr
ejivo

Driver::
soqwx32
aswFsBlk
gzemr
ejivo



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
*********************************************************************************

POI:
Scarica Avenger, e scompattalo in una sua cartella non temporanea e non sul desktop:
http://swandog46.geekstogo.com/avenger.zip

Avvia AVENGER
Clicca Ok
Inserisci queste righe (fai copia-incolla) nel riquadro bianco:
Code:
Folders to delete:
C:\Programmi\Java

Files to move:
C:\Programmi\MemoRex\bak\MemoRexStart.exe|C:\Programmi\MemoRex\MemoRexStart.exe
C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe|C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe|C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Brother\Brmfl04c\bak\BrStDvPt.exe|C:\Programmi\Brother\Brmfl04c\BrStDvPt.exe
C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe|C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Logitech\iTouch\bak\iTouch.exe|C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Salvataggio outlook express\PicoBackupOE\bak\PicoBackupAgent.exe|C:\Programmi\Salvataggio outlook express\PicoBackupOE\PicoBackupAgent.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe|C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe|C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\HP\ToolboxFX\bin\bak\HPTLBXFX.exe|C:\Programmi\HP\ToolboxFX\bin\HPTLBXFX.exe



Togli la spunta da Scan for Rootkit
Clicca su Execute e aspetta...
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger
Rifai una scansione con FINDAWF, e posta il log.
Torna in alto
 
giovannino60
Inviato: Tuesday, January 12, 2010 4:12:08 PM
Rank: AiutAmico

Iscritto dal : 8/20/2009
Posts: 1,691
Dopo avere sovrapposto il file txt sopra l'icona rossa è uscito questo messaggio.
Torna in alto
 
r16
Inviato: Tuesday, January 12, 2010 4:15:27 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Hai guardato bene di salvare lo script con il nome CFScript.txt
Controlla se lo hai scritto giusto.
Torna in alto
 
giovannino60
Inviato: Tuesday, January 12, 2010 4:58:58 PM
Rank: AiutAmico

Iscritto dal : 8/20/2009
Posts: 1,691
ComboFix 10-01-11.01 - UTENTE 12/01/2010 16.38.25.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.863 [GMT 1:00]
Eseguito da: c:\documents and settings\UTENTE\Desktop\Aiutamici\ComboFix.exe
Opzioni usate :: c:\documents and settings\UTENTE\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100111-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

FILE ::
"c:\windows\system32\drivers\aswFsBlk.sys"
"c:\windows\system32\drivers\soqwx32.sys"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\aswFsBlk.sys
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASWFSBLK
-------\Legacy_EJIVO
-------\Legacy_GZEMR
-------\Service_aswFsBlk
-------\Service_soqwx32


((((((((((((((((((((((((( Files Creati Da 2009-12-12 al 2010-01-12 )))))))))))))))))))))))))))))))))))
.

2010-01-09 11:02 . 2010-01-09 11:02 -------- d-----w- c:\programmi\CCleaner
2010-01-08 19:38 . 2010-01-08 19:38 -------- d-----w- c:\programmi\Windows Installer Clean Up
2010-01-08 15:51 . 2010-01-12 14:59 -------- d-----w- C:\Aiutamici
2010-01-07 21:10 . 2010-01-11 15:06 -------- d-----w- C:\Parcelle Tecnobit
2010-01-07 20:50 . 2010-01-07 20:51 -------- d-----w- C:\Windows installer cleanup
2009-12-28 18:39 . 2009-12-28 18:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SSScanAppDataDir
2009-12-28 18:39 . 2009-12-28 18:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MSScanAppDataDir
2009-12-17 09:35 . 2009-12-17 09:35 179 ----a-w- C:\handle.dat
2009-12-17 09:34 . 2009-12-17 09:34 -------- d-----w- c:\programmi\File comuni\Sonic Shared
2009-12-17 09:33 . 2009-12-17 09:34 -------- d-----w- c:\programmi\File comuni\HP
2009-12-17 09:30 . 2006-03-08 02:33 173 ------w- c:\windows\hpgmdl13.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 15:45 . 2009-03-13 20:28 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-12 15:45 . 2009-03-13 20:28 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-12 15:33 . 2009-03-04 18:58 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\Skype
2010-01-12 15:03 . 2009-03-04 19:02 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\skypePM
2010-01-11 13:43 . 2006-10-22 06:23 -------- d-----w- c:\programmi\Java
2010-01-09 15:10 . 2009-11-21 21:24 -------- d-----w- c:\programmi\OFFICE11
2010-01-09 15:04 . 2001-08-31 11:00 82698 ----a-w- c:\windows\system32\perfc010.dat
2010-01-09 15:04 . 2001-08-31 11:00 485418 ----a-w- c:\windows\system32\perfh010.dat
2010-01-08 19:38 . 2010-01-08 19:38 3584 ----a-r- c:\documents and settings\UTENTE\Dati applicazioni\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-01-08 19:37 . 2009-09-02 13:15 -------- d-----w- c:\programmi\MSECACHE
2010-01-07 21:15 . 2006-10-18 20:19 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-07 15:07 . 2009-09-19 06:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-09-19 06:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 20:18 . 2009-11-21 13:24 -------- d-----w- c:\programmi\XoftSpySE
2009-12-30 16:27 . 2006-10-22 08:42 -------- d-----w- c:\programmi\Tecnobit
2009-12-17 09:35 . 2006-11-29 18:31 102637 ----a-w- c:\windows\hpgins13.dat
2009-12-17 09:35 . 2006-10-18 20:04 130568 ----a-w- c:\documents and settings\UTENTE\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-17 09:32 . 2006-10-24 05:30 -------- d-----w- c:\programmi\Hewlett-Packard
2009-12-17 09:32 . 2006-11-29 19:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2009-12-06 20:24 . 2009-10-30 18:19 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\Profis
2009-12-06 19:45 . 2009-11-21 21:23 -------- d-----w- c:\programmi\Hilti
2009-12-05 06:46 . 2009-03-04 18:58 -------- d-----r- c:\programmi\Skype
2009-12-05 06:45 . 2009-12-05 06:45 -------- d-----w- c:\programmi\File comuni\Skype
2009-12-05 06:45 . 2009-03-04 18:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-12-03 05:46 . 2008-08-10 06:59 -------- d-----w- c:\programmi\IZArc
2009-12-01 17:41 . 2006-10-22 06:59 -------- d-----w- c:\programmi\AutoCAD LT 2000
2009-11-26 05:21 . 2006-10-23 13:48 -------- d-----w- c:\programmi\File comuni\Logitech
2009-11-24 23:54 . 2009-11-22 18:10 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-22 18:10 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-11-22 18:10 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-22 18:10 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-22 18:10 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-22 18:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 15:14 . 2009-10-22 14:53 1 ----a-w- c:\documents and settings\UTENTE\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-23 20:01 . 2006-10-19 06:28 -------- d-----w- c:\programmi\File comuni\Adobe
2009-11-22 17:48 . 2007-01-19 07:13 -------- d-----w- c:\programmi\Microsoft ActiveSync
2009-11-22 17:40 . 2006-10-19 06:17 -------- d-----w- c:\programmi\Microsoft Works
2009-11-22 17:40 . 2009-11-21 21:24 -------- d-----w- c:\programmi\MEDIA
2009-11-22 17:40 . 2009-11-21 21:17 -------- d-----w- c:\programmi\CLIPART
2009-11-22 17:39 . 2009-03-12 15:53 -------- d-----w- c:\programmi\MSBuild
2009-11-22 17:39 . 2009-11-22 17:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-11-22 14:22 . 2009-11-22 14:22 -------- d-----w- c:\programmi\Photoshop
2009-11-22 14:11 . 2009-11-22 14:11 -------- d-----w- c:\programmi\Burn masterizzatore
2009-11-22 14:06 . 2006-10-19 05:28 -------- d-----w- c:\programmi\Google
2009-11-22 07:03 . 2006-10-22 06:26 -------- d-----w- c:\programmi\Graphisoft
2009-11-21 21:27 . 2009-11-21 21:27 -------- d-----w- c:\programmi\Templates
2009-11-21 21:26 . 2009-11-21 21:26 -------- d-----w- c:\programmi\Print-server
2009-11-21 18:39 . 2009-11-21 18:39 -------- d-----w- c:\programmi\Alwil Software
2009-11-21 13:05 . 2006-10-19 05:35 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\Lavasoft
2009-11-21 13:03 . 2007-04-07 16:11 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\Acubix PicoBackup Outlook Express Edition
2009-11-18 15:46 . 2008-03-31 14:20 -------- d-----w- c:\programmi\Strutture Tecnobit
2009-11-18 09:50 . 2009-09-19 20:03 17383456 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-07 12:45 . 2009-11-07 12:45 152576 ----a-w- c:\documents and settings\UTENTE\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-05-04 15:23 . 2009-05-04 15:23 270978 ----a-w- c:\programmi\La direzione dei lavori.zip
2009-03-26 11:28 . 2009-11-21 21:27 901120 ----a-w- c:\programmi\DEI_ScuoleEcocompatibili.exe
2008-08-10 06:57 . 2008-08-10 06:57 3723454 ----a-w- c:\programmi\IZArc_Setup.exe
2008-07-17 18:59 . 2008-07-17 19:01 3536683 ----a-w- c:\programmi\PicoBackupOESetup.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-01-11_22.37.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-12 15:45 . 2010-01-12 15:45 16384 c:\windows\Temp\Perflib_Perfdata_3f4.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-03-30 14:45 . 2006-03-30 14:45 313472 c:\programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

2006-10-18 20:23 . 2003-05-05 06:57 143360 c:\programmi\Analog Devices\SoundMAX\bak\SMTray.exe

2006-10-19 05:16 . 2004-06-10 19:10 339968 c:\programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2006-10-23 13:43 . 2004-05-10 14:54 49152 c:\programmi\Brother\Brmfl04c\bak\BrStDvPt.exe
2009-08-10 13:39 . 2004-05-10 14:54 49152 c:\programmi\Brother\Brmfl04c\BrStDvPt.exe

2003-09-29 23:14 . 2003-09-29 23:14 155648 c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe

2007-01-27 18:16 . 2007-01-27 18:16 171448 c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

2006-02-19 01:41 . 2006-02-19 01:41 49152 c:\programmi\HP\HP Software Update\bak\HPWuSchd2.exe
2006-02-19 01:41 . 2006-02-19 01:41 49152 c:\programmi\HP\HP Software Update\hpwuSchd2.exe

2006-06-15 07:43 . 2006-06-15 07:43 49152 c:\programmi\HP\ToolboxFX\bin\bak\HPTLBXFX.exe
2009-08-10 13:39 . 2006-06-15 07:43 49152 c:\programmi\HP\ToolboxFX\bin\HPTLBXFX.exe

2006-10-22 06:23 . 2005-11-10 11:03 36975 c:\programmi\Java\jre1.5.0_06\bin\bak\jusched.exe

2007-12-11 15:21 . 2007-09-25 00:11 132496 c:\programmi\Java\jre1.6.0_03\bin\bak\jusched.exe

2006-10-23 13:48 . 2003-12-01 09:38 892928 c:\programmi\Logitech\iTouch\bak\iTouch.exe

2006-10-23 16:30 . 2003-07-29 22:37 332288 c:\programmi\MemoRex\bak\MemoRexStart.exe
2009-08-10 13:39 . 2003-07-29 22:37 332288 c:\programmi\MemoRex\MemoRexStart.exe

2006-06-21 02:52 . 2006-06-21 02:52 1211176 c:\programmi\Microsoft ActiveSync\bak\wcescomm.exe
2006-06-21 02:52 . 2006-06-21 02:52 1211176 c:\programmi\Microsoft ActiveSync\wcescomm.exe

2006-09-01 14:57 . 2006-09-01 14:57 282624 c:\programmi\QuickTime\bak\qttask.exe
2009-08-10 13:39 . 2006-09-01 14:57 282624 c:\programmi\QuickTime\qttask.exe

2005-06-17 13:52 . 2005-06-17 13:52 1129472 c:\programmi\Salvataggio outlook express\PicoBackupOE\bak\PicoBackupAgent.exe

2001-08-31 11:00 . 2004-08-19 13:39 15360 c:\windows\system32\bak\ctfmon.exe
2001-08-31 11:00 . 2008-04-13 17:14 15360 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zzzHPSETUP"="d:\setup.exe \RESET" [X]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"HPUsageTracking"="c:\programmi\HP\HP UT\bin\hppusg.exe" [2006-06-14 36864]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-09-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\programmi\File comuni\logishrd\WUApp32.exe" [2008-12-17 443664]

c:\documents and settings\UTENTE\Menu Avvio\Programmi\Esecuzione automatica\
Printkey.lnk - C:\Printkey.exe [2006-10-22 514560]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2006-10-23 212992]
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2009-11-23 25214]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-3-24 66864]
Status Monitor.lnk - c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe [2006-10-23 819200]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Adobe\\Acrobat 7.0\\Acrobat\\Acrobat.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22/11/2009 19.10.45 114768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [21/09/2009 16.08.32 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [21/09/2009 16.08.32 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [21/09/2009 16.08.32 29776]
R2 ACCAKeyServer;ACCA Key Server v.2.00;c:\acca\ACCAKeyServer\ACCAKeyService.EXE [15/03/2009 18.35.13 528896]
R2 CPUSB;CPUsb.Sys driver;c:\windows\system32\drivers\CPUSB.sys [22/10/2006 9.09.26 17080]
R2 cpwnt;cpwnt;c:\windows\system32\drivers\CPWNT.SYS [21/10/2006 19.08.06 21824]
S1 SASKUTIL;SASKUTIL;\??\f:\programmi\SuperantiSpyware\SASKUTIL.sys --> f:\programmi\SuperantiSpyware\SASKUTIL.sys [?]
S2 OAcat;Online Armor Helper Service;"f:\programmi\Firewall Armor\Online Armor\OAcat.exe" --> f:\programmi\Firewall Armor\Online Armor\OAcat.exe [?]
S2 SvcOnlineArmor;Online Armor;f:\programmi\Firewall Armor\Online Armor\oasrv.exe --> f:\programmi\Firewall Armor\Online Armor\oasrv.exe [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/03/2009 17.33.32 33808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-12 c:\windows\Tasks\XoftSpySE 2.job
- c:\programmi\XoftSpySE\XoftSpy.exe [2009-11-21 16:34]

2010-01-12 c:\windows\Tasks\XoftSpySE.job
- c:\programmi\XoftSpySE\XoftSpy.exe [2009-11-21 16:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.virgilio.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\Office12\EXCEL.EXE/3000
TCP: {667CCFE0-179F-4596-86C5-C5967CC876D0} = 151.99.125.2,151.99.125.3
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\UTENTE\Dati applicazioni\Mozilla\Firefox\Profiles\1awbkkbc.default\
FF - prefs.js: browser.startup.homepage - hxxp://VIRGILIO.IT
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 16:46
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(8000)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\programmi\Logitech\MouseWare\System\LgWndHk.dll
c:\programmi\File comuni\Logitech\Scrolling\LgMsgHk.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\brss01a.exe
c:\programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\Brmfrmps.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\Logitech\MouseWare\system\em_exec.exe
c:\programmi\Microsoft ActiveSync\wcescomm.exe
c:\programmi\Skype\Phone\Skype.exe
c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-12 16:56:07 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-12 15:56
ComboFix2.txt 2010-01-11 22:46

Pre-Run: 225 019 666 432 byte disponibili
Post-Run: 224 865 800 192 byte disponibili

- - End Of File - - 655EB9494C4FE26761FFD11647E506B4
Torna in alto
 
giovannino60
Inviato: Tuesday, January 12, 2010 5:05:58 PM
Rank: AiutAmico

Iscritto dal : 8/20/2009
Posts: 1,691
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder "C:\Programmi\Java" deleted successfully.
File move operation "C:\Programmi\MemoRex\bak\MemoRexStart.exe|C:\Programmi\MemoRex\MemoRexStart.exe" completed successfully.
File move operation "C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe|C:\Programmi\Microsoft ActiveSync\wcescomm.exe" completed successfully.
File move operation "C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe" completed successfully.
File move operation "C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe|C:\Programmi\Analog Devices\SoundMAX\SMTray.exe" completed successfully.
File move operation "C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" completed successfully.
File move operation "C:\Programmi\Brother\Brmfl04c\bak\BrStDvPt.exe|C:\Programmi\Brother\Brmfl04c\BrStDvPt.exe" completed successfully.
File move operation "C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe|C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" completed successfully.
File move operation "C:\Programmi\Logitech\iTouch\bak\iTouch.exe|C:\Programmi\Logitech\iTouch\iTouch.exe" completed successfully.
File move operation "C:\Programmi\Salvataggio outlook express\PicoBackupOE\bak\PicoBackupAgent.exe|C:\Programmi\Salvataggio outlook express\PicoBackupOE\PicoBackupAgent.exe" completed successfully.
File move operation "C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe|C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" completed successfully.
File move operation "C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe|C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" completed successfully.
File move operation "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" completed successfully.
File move operation "C:\Programmi\HP\ToolboxFX\bin\bak\HPTLBXFX.exe|C:\Programmi\HP\ToolboxFX\bin\HPTLBXFX.exe" completed successfully.

Completed script processing.

*******************

Finished! Terminate.
Torna in alto
 
giovannino60
Inviato: Tuesday, January 12, 2010 5:14:06 PM
Rank: AiutAmico

Iscritto dal : 8/20/2009
Posts: 1,691

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\MEMOREX\BAK

29/07/2003 23.37 332 288 MemoRexStart.exe
1 File 332 288 byte
2 Directory 225 073 917 952 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 225 073 917 952 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\MI3AA1~1\BAK

21/06/2006 03.52 1 211 176 wcescomm.exe
1 File 1 211 176 byte
2 Directory 225 073 913 856 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\QUICKT~1\BAK

01/09/2006 15.57 282 624 qttask.exe
1 File 282 624 byte
2 Directory 225 073 913 856 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\TOMTOM~1\BAK

0 File 0 byte
2 Directory 225 073 913 856 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 14.39 15 360 ctfmon.exe
1 File 15 360 byte
2 Directory 225 073 913 856 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

05/05/2003 07.57 143 360 SMTray.exe
1 File 143 360 byte
2 Directory 225 073 913 856 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

10/06/2004 20.10 339 968 atiptaxx.exe
1 File 339 968 byte
2 Directory 225 073 913 856 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\BROTHER\BRMFL04C\BAK

10/05/2004 15.54 49 152 BrStDvPt.exe
1 File 49 152 byte
2 Directory 225 073 913 856 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\HP\HPSOFT~1\BAK

19/02/2006 02.41 49 152 HPWuSchd2.exe
1 File 49 152 byte
2 Directory 225 073 913 856 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\LOGITECH\ITOUCH\BAK

01/12/2003 10.38 892 928 iTouch.exe
1 File 892 928 byte
2 Directory 225 073 913 856 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\SALVAT~1\PICOBA~1\BAK

17/06/2005 14.52 1 129 472 PicoBackupAgent.exe
1 File 1 129 472 byte
2 Directory 225 073 909 760 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

30/03/2006 15.45 313 472 AdobeUpdateManager.exe
1 File 313 472 byte
2 Directory 225 073 909 760 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\FILECO~1\SCANSO~1\SSBKGD~1\BAK

30/09/2003 00.14 155 648 SSBkgdupdate.exe
1 File 155 648 byte
2 Directory 225 073 909 760 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK

27/01/2007 19.16 171 448 GoogleToolbarNotifier.exe
1 File 171 448 byte
2 Directory 225 073 909 760 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\HP\TOOLBO~1\BIN\BAK

15/06/2006 08.43 49 152 HPTLBXFX.exe
1 File 49 152 byte
2 Directory 225 073 909 760 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

10/11/2005 12.03 36 975 jusched.exe
1 File 36 975 byte
2 Directory 225 073 909 760 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

25/09/2007 01.11 132 496 jusched.exe
1 File 132 496 byte
2 Directory 225 073 909 760 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

3134186 16 May 2005 "C:\Z-agenda\MemoRex1-8-300.exe"
322560 8 Jan 2004 "C:\Programmi\MemoRex\MemoRexOpt.exe"
332288 29 Jul 2003 "C:\Programmi\MemoRex\bak\MemoRexStart.exe"
1211176 21 Jun 2006 "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
1211176 21 Jun 2006 "C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe"
282624 1 Sep 2006 "C:\Programmi\QuickTime\qttask.exe"
282624 1 Sep 2006 "C:\Programmi\QuickTime\bak\qttask.exe"
15360 13 Apr 2008 "C:\WINDOWS\system32\ctfmon.exe"
15360 13 Apr 2008 "C:\WINDOWS\ERDNT\cache\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
143360 5 May 2003 "C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe"
339968 10 Jun 2004 "C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
49152 10 May 2004 "C:\Programmi\Brother\Brmfl04c\BrStDvPt.exe"
49152 10 May 2004 "C:\Programmi\Brother\Brmfl04c\bak\BrStDvPt.exe"
49152 19 Feb 2006 "C:\Programmi\HP\HP Software Update\hpwuSchd2.exe"
49152 19 Feb 2006 "C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe"
892928 1 Dec 2003 "C:\Programmi\Logitech\iTouch\bak\iTouch.exe"
3536683 17 Jul 2008 "C:\Programmi\PicoBackupOESetup.exe"
2125824 20 Jun 2005 "C:\Programmi\PicoBackupOE\PicoBackup.exe"
3536683 30 Mar 2007 "C:\Programmi\Salvataggio outlook express\PicoBackupOESetup.exe"
1129472 17 Jun 2005 "C:\Programmi\Salvataggio outlook express\PicoBackupOE\bak\PicoBackupAgent.exe"
307200 22 Nov 2004 "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe"
307200 22 Nov 2004 "C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\AdobeUpdateManager.exe"
970752 16 Mar 2005 "C:\Programmi\File comuni\Adobe\Updater\AdobeUpdater.exe"
313472 30 Mar 2006 "C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
155648 30 Sep 2003 "C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
13281280 9 Jul 2008 "C:\Programmi\Google\Google Earth\googleearth.exe"
26694 5 Aug 2008 "C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
171448 27 Jan 2007 "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
49152 15 Jun 2006 "C:\Programmi\HP\ToolboxFX\bin\HPTLBXFX.exe"
49152 15 Jun 2006 "C:\Programmi\HP\ToolboxFX\bin\bak\HPTLBXFX.exe"
36975 10 Nov 2005 "C:\Programmi\Java\jre1.5.0_06\bin\bak\jusched.exe"
132496 25 Sep 2007 "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe"
36975 10 Nov 2005 "C:\Programmi\Java\jre1.5.0_06\bin\bak\jusched.exe"
132496 25 Sep 2007 "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe"
Torna in alto
 
r16
Inviato: Tuesday, January 12, 2010 10:57:12 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia nuovamente AVENGER
Clicca Ok
Inserisci queste righe (fai copia-incolla) nel riquadro bianco:(non inserire la parola code)

Code:
Files to delete:
C:\Z-agenda\MemoRex1-8-300.exe
C:\Programmi\MemoRex\MemoRexOpt.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ERDNT\cache\ctfmon.exe
C:\Programmi\Brother\Brmfl04c\BrStDvPt.exe
C:\Programmi\HP\HP Software Update\hpwuSchd2.exe
C:\Programmi\PicoBackupOESetup.exe
C:\Programmi\PicoBackupOE\PicoBackup.exe
C:\Programmi\Salvataggio outlook express\PicoBackupOESetup.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\AdobeUpdateManager.exe
C:\Programmi\File comuni\Adobe\Updater\AdobeUpdater.exe
C:\Programmi\Google\Google Earth\googleearth.exe
C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
C:\Programmi\HP\ToolboxFX\bin\HPTLBXFX.exe

Files to move:
C:\Programmi\MemoRex\bak\MemoRexStart.exe|C:\Programmi\MemoRex\MemoRexStart.exe
C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe|C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe|C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Brother\Brmfl04c\bak\BrStDvPt.exe|C:\Programmi\Brother\Brmfl04c\BrStDvPt.exe
C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe|C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Logitech\iTouch\bak\iTouch.exe|C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Salvataggio outlook express\PicoBackupOE\bak\PicoBackupAgent.exe|C:\Programmi\Salvataggio outlook express\PicoBackupOE\PicoBackupAgent.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe|C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe|C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\HP\ToolboxFX\bin\bak\HPTLBXFX.exe|C:\Programmi\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Programmi\Java\jre1.5.0_06\bin\bak\jusched.exe|C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Java\jre1.5.0_06\bin\bak\jusched.exe|C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe


Togli la spunta da Scan for Rootkit
Clicca su Execute e aspetta...
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger.

Rifai la scansione con FINDAWF e posta il log.
Torna in alto
 
giovannino60
Inviato: Wednesday, January 13, 2010 2:25:08 PM
Rank: AiutAmico

Iscritto dal : 8/20/2009
Posts: 1,691
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\Z-agenda\MemoRex1-8-300.exe" deleted successfully.
File "C:\Programmi\MemoRex\MemoRexOpt.exe" deleted successfully.
File "C:\Programmi\Microsoft ActiveSync\wcescomm.exe" deleted successfully.
File "C:\Programmi\QuickTime\qttask.exe" deleted successfully.
File "C:\WINDOWS\system32\ctfmon.exe" deleted successfully.
File "C:\WINDOWS\ERDNT\cache\ctfmon.exe" deleted successfully.
File "C:\Programmi\Brother\Brmfl04c\BrStDvPt.exe" deleted successfully.
File "C:\Programmi\HP\HP Software Update\hpwuSchd2.exe" deleted successfully.

Error: file "C:\Programmi\PicoBackupOESetup.exe" not found!
Deletion of file "C:\Programmi\PicoBackupOESetup.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Programmi\PicoBackupOE\PicoBackup.exe" deleted successfully.

Error: file "C:\Programmi\Salvataggio outlook express\PicoBackupOESetup.exe" not found!
Deletion of file "C:\Programmi\Salvataggio outlook express\PicoBackupOESetup.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" deleted successfully.
File "C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\AdobeUpdateManager.exe" deleted successfully.
File "C:\Programmi\File comuni\Adobe\Updater\AdobeUpdater.exe" deleted successfully.
File "C:\Programmi\Google\Google Earth\googleearth.exe" deleted successfully.

Error: could not open file "C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe""
Deletion of file "C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name

File "C:\Programmi\HP\ToolboxFX\bin\HPTLBXFX.exe" deleted successfully.

Error: file "C:\Programmi\MemoRex\bak\MemoRexStart.exe" not found!
File move operation "C:\Programmi\MemoRex\bak\MemoRexStart.exe|C:\Programmi\MemoRex\MemoRexStart.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe" not found!
File move operation "C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe|C:\Programmi\Microsoft ActiveSync\wcescomm.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Programmi\QuickTime\bak\qttask.exe" not found!
File move operation "C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\bak\ctfmon.exe" not found!
File move operation "C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe" not found!
File move operation "C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe|C:\Programmi\Analog Devices\SoundMAX\SMTray.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe" not found!
File move operation "C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Programmi\Brother\Brmfl04c\bak\BrStDvPt.exe" not found!
File move operation "C:\Programmi\Brother\Brmfl04c\bak\BrStDvPt.exe|C:\Programmi\Brother\Brmfl04c\BrStDvPt.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe" not found!
File move operation "C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe|C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Programmi\Logitech\iTouch\bak\iTouch.exe" not found!
File move operation "C:\Programmi\Logitech\iTouch\bak\iTouch.exe|C:\Programmi\Logitech\iTouch\iTouch.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Programmi\Salvataggio outlook express\PicoBackupOE\bak\PicoBackupAgent.exe" not found!
File move operation "C:\Programmi\Salvataggio outlook express\PicoBackupOE\bak\PicoBackupAgent.exe|C:\Programmi\Salvataggio outlook express\PicoBackupOE\PicoBackupAgent.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe" not found!
File move operation "C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe|C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe" not found!
File move operation "C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe|C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe" not found!
File move operation "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Programmi\HP\ToolboxFX\bin\bak\HPTLBXFX.exe" not found!
File move operation "C:\Programmi\HP\ToolboxFX\bin\bak\HPTLBXFX.exe|C:\Programmi\HP\ToolboxFX\bin\HPTLBXFX.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Programmi\Java\jre1.5.0_06\bin\bak\jusched.exe" for move operation
File move operation "C:\Programmi\Java\jre1.5.0_06\bin\bak\jusched.exe|C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe" for move operation
File move operation "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Programmi\Java\jre1.5.0_06\bin\bak\jusched.exe" for move operation
File move operation "C:\Programmi\Java\jre1.5.0_06\bin\bak\jusched.exe|C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe" for move operation
File move operation "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.
Torna in alto
 
giovannino60
Inviato: Wednesday, January 13, 2010 2:55:59 PM
Rank: AiutAmico

Iscritto dal : 8/20/2009
Posts: 1,691

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\MEMOREX\BAK

0 File 0 byte
2 Directory 222 430 121 984 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 222 430 121 984 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\MI3AA1~1\BAK

0 File 0 byte
2 Directory 222 430 117 888 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\QUICKT~1\BAK

0 File 0 byte
2 Directory 222 430 117 888 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\TOMTOM~1\BAK

0 File 0 byte
2 Directory 222 430 117 888 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\WINDOWS\SYSTEM32\BAK

0 File 0 byte
2 Directory 222 430 117 888 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

0 File 0 byte
2 Directory 222 430 117 888 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

0 File 0 byte
2 Directory 222 430 117 888 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\BROTHER\BRMFL04C\BAK

0 File 0 byte
2 Directory 222 430 117 888 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\HP\HPSOFT~1\BAK

0 File 0 byte
2 Directory 222 430 117 888 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\LOGITECH\ITOUCH\BAK

0 File 0 byte
2 Directory 222 430 117 888 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\SALVAT~1\PICOBA~1\BAK

0 File 0 byte
2 Directory 222 430 117 888 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

0 File 0 byte
2 Directory 222 430 117 888 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\FILECO~1\SCANSO~1\SSBKGD~1\BAK

0 File 0 byte
2 Directory 222 430 113 792 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK

0 File 0 byte
2 Directory 222 430 113 792 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 80CD-DD62

Directory di C:\PROGRA~1\HP\TOOLBO~1\BIN\BAK

0 File 0 byte
2 Directory 222 430 113 792 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report
Torna in alto
 
r16
Inviato: Wednesday, January 13, 2010 2:57:46 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok.
Riscontri qualche problema?
Torna in alto
 
giovannino60
Inviato: Wednesday, January 13, 2010 3:07:47 PM
Rank: AiutAmico

Iscritto dal : 8/20/2009
Posts: 1,691
Tipo?
Ma tutte queste procedure perchè le abbiamo fatte, cosa riscontravi nei report che ti inviavo?
Grazie
Torna in alto
 
r16
Inviato: Wednesday, January 13, 2010 3:11:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
giovannino60 ha scritto:
Tipo?
Ma tutte queste procedure perchè le abbiamo fatte, cosa riscontravi nei report che ti inviavo?
Grazie

Cazzate.....eri solo infettato, fino alle orecchie.....Whistle
Dialer, Troyan, e compari vari.
Commenta:
Non riesco ad installare dei programmi

Mi sembra, che adesso, i programmi, riesci a installarli.Anxious
Posta per favore, un log di HijackThis.
Torna in alto
 
giovannino60
Inviato: Wednesday, January 13, 2010 4:23:14 PM
Rank: AiutAmico

Iscritto dal : 8/20/2009
Posts: 1,691
1)Il problema che mi è rimasto e non trovo soluzione è quando apro word o excell, e clicco apri, cerca in: la freccetta vicino alla fascetta bianca sia word che excell si blocca e riparte dopo qualche minuto se insisto esce la schermata da inviare a Microsoft ecc. . Word ed excell sono sempre andati bene e solo da qualche mese che si verificano questi problemi. Ho installato anche office 2007 ma non è cambiato nulla. Sicuramente non dipende da office ma quando mi collego alle cartelle. Questo problema ce l'ho solo con office comunque.
2)Se entro con un altro account invece il problema non c’è;
3)Ho anche un problema con microsoft out look mi da errore sia con office 2003 che con office 2007, lo uso per attivare activesync.
3) Devo reinstallare Java, quale versione che mi avete consigliato:
http://www.aiutamici.com/software?ID=11134
http://java.sun.com/javase/downloads/index.jsp
4)Quale bottone devo cliccare di HijackThis.?
Torna in alto
 
r16
Inviato: Wednesday, January 13, 2010 4:33:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
Sicuramente non dipende da office ma quando mi collego alle cartelle. Questo problema ce l'ho solo con office comunque.
2)Se entro con un altro account invece il problema non c’è;

Sicuro che il tuo account, abbia privilegi di Amministratore?
In ogni caso, se i problemi sono per word o excell, qui c'è una sezione apposita:
http://forum.aiutamici.com/yaf_topics33_Suite-Microsoft-Office.aspx
In cui trovi un mostro di bravura: a10n11

Installa questa Java:
http://www.aiutamici.com/software?ID=11134
Per postare il log di HJT segui queste istruzioni:
http://www.aiutamici.com/software?ID=11175
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: 1 2 [3]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Non riesco ad installare dei programmi chiedo consultazione log HijackThis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.