Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

aiuto virus troyan e worm Opzioni
paose
Inviato: Monday, July 14, 2008 3:36:01 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
Salve,

poci giorni fa mi avete aiutato a pulire il mio pc, oggi vorrei aiutare mia sorella, ha circa 40 files infetti questo è il suo log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.34.25, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Acer\Acer Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\File comuni\AdvancedCleaner\abhlp.exe
C:\Programmi\File comuni\ErrClean\strpmon.exe
C:\PROGRA~1\FILECO~1\ANTISP~1\ugac.exe
C:\Programmi\File comuni\AntiSpywareControl\bm.exe
C:\Programmi\AntiMalwareGuard\amg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Programmi\AntiSpywareControl\pgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Antivirus2008y\antvrs.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Programmi\AntiSpywareControl\Tools\pblock.dll
O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Programmi\AntiSpywareControl\Tools\sbiebho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Disk Knight] C:\WINDOWS\Knight.exe
O4 - HKLM\..\Run: [Store file readme bash] C:\Documents and Settings\All Users\Dati applicazioni\city about store file\wave surf.exe
O4 - HKLM\..\Run: [AbyssmoClient] C:\Programmi\File comuni\AdvancedCleaner\abhlp.exe
O4 - HKLM\..\Run: [strpmon] "C:\Programmi\File comuni\ErrClean\strpmon.exe" dm=http://errclean.com ad=http://errclean.com sd=http://inspaid.errclean.com
O4 - HKLM\..\Run: [Salestart] "C:\Programmi\File comuni\ErrClean\strpmon.exe" dm=http://errclean.com ad=http://errclean.com sd=http://inspaid.errclean.com
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FILECO~1\ANTISP~1\ugac.exe" -start
O4 - HKLM\..\Run: [BMN] "C:\Programmi\File comuni\AntiSpywareControl\bm.exe" dm=http://antispywarecontrol.com ad=http://antispywarecontrol.com sd=http://ykeeper.antispywarecontrol.com
O4 - HKLM\..\Run: [ptask] C:\Programmi\AntiSpywareControl\ptask.exe
O4 - HKLM\..\Run: [mpeg heck log link] C:\Documents and Settings\All Users\Dati applicazioni\Joy coal mpeg heck\CAKE EQ.exe
O4 - HKLM\..\Run: [AntiMalwareGuard] C:\Programmi\AntiMalwareGuard\amg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ScaricaMP3s] C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\ScaricaMP3s.exe t
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\SESTIE~1\DATIAP~1\ELSEPL~1\AXISNEW.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AntiSpywareControl] C:\Programmi\AntiSpywareControl\pgs.exe /min
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Antivirus2008y] C:\Programmi\Antivirus2008y\antvrs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ScaricaMP3s - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\ScaricaMP3s.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O24 - Desktop Component 0: (no name) - http://it.sso.dada.net/splash/it/12/objects/40191.jpg

--
End of file - 10009 bytes

Grazie


Sponsor
Inviato: Monday, July 14, 2008 3:36:01 PM

 
pidue
Inviato: Monday, July 14, 2008 4:12:33 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ciao, il pc di tua sorella è messo male. Adesso che ricordo nemmeno il tuo scherzava. Prima di analizzarti il log, scarica AVG Anti Spyware, è gratuito, anche se dopo 15 gg perde solo la protezione in tempo reale e gli aggiornamenti automatici. ma la sua efficacia rimane. Installalo e aggiornalo. Poi disattiva il Ripristino configurazione di sistema, riavvia in modalità provvisoria, e fai e una scansione. Fai anche una scansione con Avast! che risulta installato e infine pubblica un log aggiornato di HijsckThis.



paose
Inviato: Tuesday, July 15, 2008 9:15:51 AM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
Ciao,
la situazione è ancora grave, questo è il nuovo log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.10.59, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Acer\Acer Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\vsnpstd.exe
C:\Programmi\AntiMalwareGuard\amg.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Antivirus2008y\antvrs.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Programmi\AntiSpywareControl\Tools\pblock.dll (file missing)
O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Programmi\AntiSpywareControl\Tools\sbiebho.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Disk Knight] C:\WINDOWS\Knight.exe
O4 - HKLM\..\Run: [Store file readme bash] C:\Documents and Settings\All Users\Dati applicazioni\city about store file\wave surf.exe
O4 - HKLM\..\Run: [AbyssmoClient] C:\Programmi\File comuni\AdvancedCleaner\abhlp.exe
O4 - HKLM\..\Run: [strpmon] "C:\Programmi\File comuni\ErrClean\strpmon.exe" dm=http://errclean.com ad=http://errclean.com sd=http://inspaid.errclean.com
O4 - HKLM\..\Run: [BMN] "C:\Programmi\File comuni\AntiSpywareControl\bm.exe" dm=http://antispywarecontrol.com ad=http://antispywarecontrol.com sd=http://ykeeper.antispywarecontrol.com
O4 - HKLM\..\Run: [ptask] C:\Programmi\AntiSpywareControl\ptask.exe
O4 - HKLM\..\Run: [mpeg heck log link] C:\Documents and Settings\All Users\Dati applicazioni\Joy coal mpeg heck\CAKE EQ.exe
O4 - HKLM\..\Run: [AntiMalwareGuard] C:\Programmi\AntiMalwareGuard\amg.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Salestart] "C:\Programmi\File comuni\ErrClean\strpmon.exe" dm=http://errclean.com ad=http://errclean.com sd=http://inspaid.errclean.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ScaricaMP3s] C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\ScaricaMP3s.exe t
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\SESTIE~1\DATIAP~1\ELSEPL~1\AXISNEW.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AntiSpywareControl] C:\Programmi\AntiSpywareControl\pgs.exe /min
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Antivirus2008y] C:\Programmi\Antivirus2008y\antvrs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ScaricaMP3s - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\ScaricaMP3s.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O24 - Desktop Component 0: (no name) - http://it.sso.dada.net/splash/it/12/objects/40191.jpg

--
End of file - 10188 bytes

Grazie
pidue
Inviato: Tuesday, July 15, 2008 10:39:27 AM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
La situazione è grave, perchè il computer è infetto da ogni tipo di malware. Riferisci alla sorellina che Avast! è un buon antivirus, ma nessun antivirus, per ottimo che sia, non serve a nulla se la condotta di navigazione è spericolta e incosciente. Se devi installare un antivirus o un antispyware, puoi chiedere su questo forum. Molti antimalware installati sul pc della sorellina risutano essi stessi portatori di virus (è il caso AntiMalwareGuard e Antivirus20089y), insomma ci sono vari sintomi che mi inducono a consigliare a tua sorella una maggior prudenza quando naviga e a non cliccare sul primo eseguibile o activeX che trova.
Finito il pistolotto passiamo alla cura (stampati la risposta):

VirIt
Scarica VirIt , installalo e aggiornalo. Fai due scansioni in modalità provvisoria e pubblica il rapporto. Non serve disattivare il tuo antivirus residente.

HijackThis
Fai bene attenzione a quello che devi fare:
Chiudi HijackThis in una cartella a lui dedicata (possibilmente non sul desktop), altrimenti perdi i backup;

Disattiva il Ripristino configurazione di Sistema come qui descritto:

avvia in modalità provvisoria come qui descritto:

rendi visibili le cartelle nascoste ------ > procedura:
da Risorse del computer:
Strumenti >> Opzioni cartella >> visualizzazione;
metti la spunta su:
Visualizza file e cartelle nascoste;
togli la spunta da:
Nascondi file protetti del sistema(consigliato)


Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Programmi\AntiSpywareControl\Tools\pblock.dll (file missing)
O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Programmi\AntiSpywareControl\Tools\sbiebho.dll (file missing)
O4 - HKLM\..\Run: [Disk Knight] C:\WINDOWS\Knight.exe
O4 - HKLM\..\Run: [Store file readme bash] C:\Documents and Settings\All Users\Dati applicazioni\city about store file\wave surf.exe
O4 - HKLM\..\Run: [AbyssmoClient] C:\Programmi\File comuni\AdvancedCleaner\abhlp.exe
O4 - HKLM\..\Run: [strpmon] "C:\Programmi\File comuni\ErrClean\strpmon.exe" dm=http://errclean.com ad=http://errclean.com sd=http://inspaid.errclean.com
O4 - HKLM\..\Run: [ptask] C:\Programmi\AntiSpywareControl\ptask.exe
O4 - HKLM\..\Run: [mpeg heck log link] C:\Documents and Settings\All Users\Dati applicazioni\Joy coal mpeg heck\CAKE EQ.exe
O4 - HKLM\..\Run: [AntiMalwareGuard] C:\Programmi\AntiMalwareGuard\amg.exe
O4 - HKLM\..\Run: [Salestart] "C:\Programmi\File comuni\ErrClean\strpmon.exe" dm=http://errclean.com ad=http://errclean.com sd=http://inspaid.errclean.com
O4 - HKCU\..\Run: [ScaricaMP3s] C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\ScaricaMP3s.exe t
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\SESTIE~1\DATIAP~1\ELSEPL~1\AXISNEW.exe
O4 - HKCU\..\Run: [AntiSpywareControl] C:\Programmi\AntiSpywareControl\pgs.exe /min
O4 - HKCU\..\Run: [Antivirus2008y] C:\Programmi\Antivirus2008y\antvrs.exe
O9 - Extra button: ScaricaMP3s - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\ScaricaMP3s.exe (file missing)
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O24 - Desktop Component 0: (no name) - http://it.sso.dada.net/splash/it/12/objects/40191.jpg



Trova e cancella le cartelle e/o file in rosso
___________________________________________
C:\Programmi\Antivirus2008y ------ >> cartella. Il programma potrebbe essere installato in Pannello di controllo >> Installazione Applicazioni. Procedi eventualmente alla sua disinstallazione;
C:\Programmi\AntiSpywareControl ---- >> Cartella. come sopra;
C:\Programmi\AntiMalwareGuard ---- >> Cartella. come sopra;
C:\WINDOWS\Knight.exe --- >> Virus della Pen drive. Leggi il precedente topic al riguardo;
C:\Documents and Settings\All Users\Dati applicazioni\city about store file ---- >> cartella;
C:\Programmi\File comuni\AdvancedCleaner ---- >> cartella
C:\Documents and Settings\All Users\Dati applicazioni\Joy coal mpeg heck ---- >> cartella;
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\ScaricaMP3s.exe
C:\DOCUME~1\SESTIE~1\DATIAP~1\ELSEPL~1\AXISNEW.exe

___________________________________________

cancella i file temporanei del tuo profilo in questo modo:
Start >> Esegui. Scrivi (o copia e incolla) la stringa %temp%, clicca su Ok, svuota la ccartella temp;

Vai su Strumenti >> Opzioni Internet, elimina la cronologia, i files temporanei internet, i cookies;
svuota il cestino;

ComboFix
Scarica Combofix , salvalo sul desktop, disabilita l'antivirus e chiudi la connessione a internet.
Lancialo in mod normale e segui scrupolosamente le istruzioni a video.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt.



Pubblica:
il log di VirIt;
il log di HijackThis;
il log di ComboFix.

Ciao e buon lavoro.





paose
Inviato: Tuesday, July 15, 2008 6:21:11 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
Ciao,

ho fatto tutto quello che mi avete detto ma non riesco più a connettermi ad Internet con il compter di mia sorella.
Ho salvato i log su una penna, volevo inviarli dal mio computer, c'è rischio di infezione?

pidue
Inviato: Tuesday, July 15, 2008 6:35:20 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
paose ha scritto:
Ciao,
volevo inviarli dal mio computer, c'è rischio di infezione?


Se la chiavetta della sorella contiene il Knight.exe, c'è il rischio che venga iniettato sul tuo pc. Il log è in formato testo e non può contenere virus. Pubblica pure.



paose
Inviato: Tuesday, July 15, 2008 6:40:03 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
Ecco tutto:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.15.45, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Acer\Acer Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 7615 bytes



ComboFix 08-07-10.1 - SESTIERI DANIELA 2008-07-15 18.04.02.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.158 [GMT 2:00]
Eseguito da: C:\Documents and Settings\SESTIERI DANIELA\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Starware371
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\494_button_1b_def.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\494_button_1b_over.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\498_button_1b_def.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\498_button_1b_over.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\499_button_1b_def.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\499_button_1b_over.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\Button_60.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\Button_70.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\Button_80.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\findithotxp.png
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\finditxp.png
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\logo.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\contexts\error.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\contexts\Related.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\contexts\Travel.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem26.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem2F.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem3C.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem4E.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem55.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem76.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem7D.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\TemA5.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\TemA9.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\TemE4.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\TemE7.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\TemF9.tmp
C:\Documents and Settings\All Users\Desktop\crazy girls.lnk
C:\Documents and Settings\All Users\Desktop\nocreditcard.lnk
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\macromedia\Flash Player\iforex.com
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\macromedia\Flash Player\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\AntiMalwareGuard.lnk
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Brani\BraniOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Brani\BraniOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Button_6\Button_6Options.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Button_6\Button_6Options.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Button_7\Button_7Options.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Button_7\Button_7Options.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Button_8\Button_8Options.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Button_8\Button_8Options.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Configurator\Configurator.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Configurator\Configurator.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Manager\ManagerOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Ricerca_di_musica\Ricerca_di_musicaOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Ricerca_di_musica\Ricerca_di_musicaOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Scarica\ScaricaOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Scarica\ScaricaOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Tem1A.tmp
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Tem2D.tmp
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Tem4A.tmp
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Tem56.tmp
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Tem73.tmp
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\TemB3.tmp
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Menu Avvio\Programmi\InternetGameBox
C:\Documents and Settings\SESTIERI DANIELA\Menu Avvio\Programmi\InternetGameBox\Conditions générales.lnk
C:\Documents and Settings\SESTIERI DANIELA\Menu Avvio\Programmi\InternetGameBox\Confidentialité.lnk
C:\Documents and Settings\SESTIERI DANIELA\Menu Avvio\Programmi\InternetGameBox\Privacy Policy.lnk
C:\Documents and Settings\SESTIERI DANIELA\Menu Avvio\Programmi\InternetGameBox\Terms and conditions.lnk
C:\Documents and Settings\SESTIERI DANIELA\Menu Avvio\Programmi\InternetGameBox\Website.lnk
C:\Documents and Settings\SESTIERI DANIELA\ResErrors.log
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Brani\BraniOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Brani\BraniOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Button_6\Button_6Options.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Button_6\Button_6Options.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Button_7\Button_7Options.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Button_7\Button_7Options.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Button_8\Button_8Options.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Button_8\Button_8Options.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Configurator\Configurator.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Configurator\Configurator.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Manager\ManagerOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Ricerca_di_musica\Ricerca_di_musicaOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Ricerca_di_musica\Ricerca_di_musicaOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Scarica\ScaricaOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Scarica\ScaricaOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\TravelSearch\TravelSearchOptions.xml.backup
C:\Programmi\3
C:\Programmi\3\FastMobileModem\configMMM.ini
C:\Programmi\3\FastMobileModem\DefaultMMM.ini
C:\Programmi\3\FastMobileModem\Driver.ini
C:\Programmi\3\FastMobileModem\eventMMM.log
C:\Programmi\3\FastMobileModem\MMMODEM.CNT
C:\Programmi\3\FastMobileModem\MMModem.exe
C:\Programmi\3\FastMobileModem\MMModem.GID
C:\Programmi\3\FastMobileModem\MMMODEM.HLP
C:\Programmi\3\FastMobileModem\MMModemcnt.0
C:\Programmi\3\FastMobileModem\MMModemcnt.1
C:\Programmi\3\FastMobileModem\MMModemhlp.0
C:\Programmi\3\FastMobileModem\MMModemhlp.1
C:\Programmi\Starware371
C:\WINDOWS\pack.epk
C:\WINDOWS\recover.reg
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\iwsgm.dat
C:\WINDOWS\system32\iwsgm.exe
c:\WINDOWS\system32\iwsgm_nav.dat
C:\WINDOWS\system32\iwsgm_navps.dat
c:\WINDOWS\system32\iwsgm_navup.dat
C:\WINDOWS\system32\oeminfo.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP


((((((((((((((((((((((((( Files Creati Da 2008-06-15 al 2008-07-15 )))))))))))))))))))))))))))))))))))
.

2008-07-15 14:32 . 2008-07-15 14:32 <DIR> d-------- C:\VEXPLITE
2008-07-15 14:32 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-07-14 17:37 . 2008-07-14 17:37 <DIR> d-------- C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Grisoft
2008-07-14 17:37 . 2008-07-14 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-07-14 17:37 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-14 14:35 . 2008-07-14 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-07-14 14:34 . 2008-07-14 14:34 <DIR> d-------- C:\Programmi\Trend Micro
2008-07-14 14:31 . 2008-07-14 14:31 <DIR> d-------- C:\antivirus
2008-07-07 20:05 . 2008-07-07 20:05 <DIR> d-------- C:\Programmi\Alwil Software
2008-06-26 21:50 . 2008-06-26 21:50 <DIR> d-------- C:\Programmi\Google
2008-06-26 21:49 . 2008-06-26 21:49 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-24 14:49 . 2008-06-24 14:49 <DIR> d-------- C:\Programmi\Else plus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-21 14:43 --------- d-----w C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\InstallShield
2008-05-21 14:28 --------- d-----w C:\Programmi\Hewlett-Packard
2008-05-21 14:24 --------- d-----w C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\EPSON
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-26 15:40 718,616 ----a-w C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\installer_en[1].exe
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:42 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-21 18:21 140 ----a-w C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 05:00 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 07:01 180736]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-26 21:50 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 20:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 19:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 20:03 114688]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 05:00 455168]
"PCMService"="C:\Programmi\Acer\Acer Arcade\PCMService.exe" [2005-08-11 11:48 143360]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-19 01:28 462848]
"eRecoveryService"="C:\Programmi\Acer\eRecovery\Monitor.exe" [2005-08-18 19:38 352256]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2006-08-23 14:36 339968]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-06-19 19:41 245760]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 05:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\System32\\FXSCLNT.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Programmi\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2007-10-10 12:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39d44780-4931-11db-9778-4d6564696130}]
\Shell\auto\command - F:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - F:\Knight.exe open
\Shell\find\command - F:\Knight.exe open
\Shell\install\command - F:\Knight.exe open
\Shell\open\command - F:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8afc84f4-49f1-11db-977a-4d6564696130}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc1362f2-8b04-11dc-9b3e-00036f1fcd43}]
\Shell\auto\command - G:\
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
\Shell\explore\command - G:\
\Shell\find\command - G:\
\Shell\install\command - G:\
\Shell\open\command - G:\

.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-15 16:00:06 C:\WINDOWS\Tasks\AFB467F491881A04.job"
- c:\docume~1\sestie~1\datiap~1\elsepl~1\Thunkdeafgreat.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-OM_Monitor - C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe
HKLM-Run-BMN - C:\Programmi\File comuni\AntiSpywareControl\bm.exe dm=http://antispywarecontrol.com ad=http://antispywarecontrol.com
Notify-NavLogon - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 18:08:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAMMI\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\PROGRAMMI\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAMMI\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAMMI\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\PROGRAMMI\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\WINDOWS\SYSTEM32\FXSSVC.EXE
C:\PROGRAMMI\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAMMI\LAUNCH MANAGER\QTZGACER.EXE
.
**************************************************************************
.
Ora fine scansione: 2008-07-15 18:11:09 - machine was rebooted [SESTIERI DANIELA]
ComboFix-quarantined-files.txt 2008-07-15 16:11:00

16 Directory 15,902,900,224 byte disponibili
35 Directory 15,807,856,640 byte disponibili

327 --- E O F --- 2008-07-09 22:01:28



VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK

15/07/2008 - 14:36:24

[SCANSIONE DEL REGISTRO]
{DF1C8E21-4045-4D67-B528-335F1A4F0DE9} Infetto da Trojan.Win32.InstantAcce.Gen
* * * RIMOSSO * * *
{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} Infetto da FraudTool.AVSystemCare.A
* * * RIMOSSO * * *
{6F87F145-DC2D-4766-AF03-3A3B96FFAD98} Infetto da FraudTool.AVSystemCare.A
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\SESTIERI DANIELA\Impostazioni locali\Temp\temp.frB14F\ian_monitor.exe Infetto da FraudTool.AdvancedCleaner.A
* * * RIMOSSO * * *
C:\ejhyvpfc.exe Infetto da Trojan.Win32.Small.PY
* * * RIMOSSO * * *

[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[E:]


Chiavi Registro infette: 3.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 53712.
Files Totali: 53712.
Chiavi Registro rimosse: 3.
Virus Rimossi: 2.


15/07/2008 - 15:20:07

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[E:]


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 53712.
Files Totali: 53712.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

Grazie
pidue
Inviato: Tuesday, July 15, 2008 6:52:43 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Probabilmente hai fatto la scansione con HijackThis prima delle altre due, il log è uguale al primo. ComboFix ti ha eliminato una marea di malware, altri li ha rimossi VirIt. Fai adesso una scansione in mod normale con HijackThis e ripubblica il log. Solo quello di HijackThis.



paose
Inviato: Tuesday, July 15, 2008 7:07:58 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
questo è l'ultimo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.05.04, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Acer\Acer Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 7738 bytes


pidue
Inviato: Tuesday, July 15, 2008 7:10:55 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ottimo lavoro, il log è pulito.
Dimmi come va il computer e se ci sono problemi.



paose
Inviato: Wednesday, July 16, 2008 10:44:40 AM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
Ottimo lavoro...il vostro!!! Mi piacerebbe tanto risolvere tutto da sola, capire qual'è il problema, quali voci di registro sono da cancellare ecc... mi consigliate qualche corso?

Comunque il computer va benissimo!!! Grazie ancora!!!

Applause
pidue
Inviato: Wednesday, July 16, 2008 12:07:44 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
paose ha scritto:
Ottimo lavoro...il vostro!!! Mi piacerebbe tanto risolvere tutto da sola, capire qual'è il problema, quali voci di registro sono da cancellare ecc... mi consigliate qualche corso?

Comunque il computer va benissimo!!! Grazie ancora!!!

Applause


Ciao, sono contento di averti risolto (per la seconda volta) i problemi.
Non esistono corsi, in rete trovi comunque diversi manuali di HijackThis, però non bisogna fidarsi eccessivamente dell'analizzatore online. Bisogna farsi una solida esperienza "sul campo". Comunque se hai questioni da porci (non intendo da maiali) , chiedi pure.
Buona giornata.
Drool Drool Drool



paose
Inviato: Friday, July 18, 2008 11:26:13 AM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
Ciao, utilizzando il computer di mia sorella mi sono accorta che in basso a destra non c'è la protezione residente di avast 4,
come posso attivarla? Grazie
pidue
Inviato: Friday, July 18, 2008 12:30:40 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ciao, non uso Avast!, magari aspetta qualcuno. Io però consiglierei a tua sorella di togliere Avast! e di installare AVG 8, adesso anche in italiano. Per convincerti, leggi alcuni topic sotto questo. Qui.



paose
Inviato: Saturday, July 19, 2008 12:23:22 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
Ciao, come mi hai consigliato ho sostituito avast con avg 8 sul mio computer, ho fatto la scansione sistema completa ma il risultato è questo sotto:

Scansione della riga di comando di AVG 8.0 Anti-Virus
Copyright (c) 1992 - 2008 AVG Technologies
Versione programma 8.0.134, engine 8.0.0
Database dei virus: versione 270.5.2/1561 2008-07-18

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat File bloccato. Non verificato.
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG File bloccato. Non verificato.
C:\Documents and Settings\NetworkService\NTUSER.DAT File bloccato. Non verificato.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG File bloccato. Non verificato.
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat File bloccato. Non verificato.
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG File bloccato. Non verificato.
C:\Documents and Settings\User\ntuser.dat File bloccato. Non verificato.
C:\Documents and Settings\User\ntuser.dat.LOG File bloccato. Non verificato.
C:\pagefile.sys File bloccato. Non verificato.
C:\System Volume Information\ File bloccato. Non verificato.
C:\WINDOWS\system32\config\default File bloccato. Non verificato.
C:\WINDOWS\system32\config\default.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\SAM File bloccato. Non verificato.
C:\WINDOWS\system32\config\SAM.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\SECURITY File bloccato. Non verificato.
C:\WINDOWS\system32\config\SECURITY.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\software File bloccato. Non verificato.
C:\WINDOWS\system32\config\software.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\system File bloccato. Non verificato.
C:\WINDOWS\system32\config\system.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\drivers\sptd.sys File bloccato. Non verificato.


Oggetti sottoposti a scansione : 561318
Infezioni trovate : 0
PUP trovati : 0
Infezioni corrette : 0
PUP corretti : 0
Avvisi : 0


Cosa devo fare con i files bloccati?

Grazie ancora

Think
pidue
Inviato: Saturday, July 19, 2008 4:32:17 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Tutto normale, sono file di sistema (protetti) ai quali AVG non può accedere. L'importante è questo avviso:

Oggetti sottoposti a scansione : 561318
Infezioni trovate : 0
PUP trovati : 0
Infezioni corrette : 0
PUP corretti : 0
Avvisi : 0


Cioè il pc non contiene virus.
Ciao.



Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.