Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto per il log

2 pages: [1] 2
aiuto per il log Opzioni
Topic Precedente · Topic Sucessivo
michele.mar
Inviato: Wednesday, January 07, 2009 4:26:11 PM
Rank: Member

Iscritto dal : 12/2/2006
Posts: 11
Think Cari amici mi potreste aiutare ad essere come analizzato il log è come si posta?
Torna in alto
 
Sponsor
Inviato: Wednesday, January 07, 2009 4:26:11 PM

 
Torna in alto
 
simo95
Inviato: Wednesday, January 07, 2009 4:34:58 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
sei italiano??

comunque scarichi HijackThis da qui http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

fai ctrl+c nel blocco note di windows che apparirà dopo l' analisi e fai ctrl+v in questo forum.
Torna in alto
 
michele.mar
Inviato: Wednesday, January 07, 2009 5:26:29 PM
Rank: Member

Iscritto dal : 12/2/2006
Posts: 11
Sick Ok grazie provvedo subito
Torna in alto
 
michele.mar
Inviato: Wednesday, January 07, 2009 5:35:22 PM
Rank: Member

Iscritto dal : 12/2/2006
Posts: 11
Logfile of Trend Micro HijackThis v2.0.2c
Scan saved at 17.28.30, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\COMODO\Firewall\cfp.exe
C:\documents and settings\mc\impostazioni locali\dati applicazioni\fcnmcell.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [fcnmcell] "c:\documents and settings\mc\impostazioni locali\dati applicazioni\fcnmcell.exe" fcnmcell
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7895 bytes
Torna in alto
 
r16
Inviato: Wednesday, January 07, 2009 5:46:25 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Esegui attentamente queste istruzioni:
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)


Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O4 - HKCU\..\Run: [fcnmcell] "c:\documents and settings\mc\impostazioni locali\dati applicazioni\fcnmcell.exe" fcnmcell
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
Con la funzione "Cerca" Trova e cancella i file in rosso:
c:\documents and settings\mc\impostazioni locali\dati applicazioni\fcnmcell.exe" fcnmcell
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riavvia il computer.
Fai una scansione on-line con questo http://housecall.trendmicro.com/it/
*********************************************************************************************************
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.malwarebytes.org/
Prima di fare la scansione AGGIORNALO.
Esegui una scansione completa del sistema e, una volta terminata la scansione,posta il log che verrà rilasciato in questa discussione.
Assicurati che tutti i files evidenziati siano selezionati e clicca Rimuovi Selezionati
Poi posta un nuovo log di HijackThis
Torna in alto
 
michele.mar
Inviato: Thursday, January 08, 2009 12:17:30 PM
Rank: Member

Iscritto dal : 12/2/2006
Posts: 11
d'oh! Caro r16 penso di aver fatto tutto quanto mi hai chiesto di fare e ti posto di nuovo l'analisi fatto ciao.
cLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.15.44, on 08/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\ESET\ESET Smart Security\ekrn.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231370207563&h=8c1faaceb91c3affc94171454699eb4a/&filename=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 8656 bytes
cLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.15.44, on 08/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\ESET\ESET Smart Security\ekrn.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231370207563&h=8c1faaceb91c3affc94171454699eb4a/&filename=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 8656 bytes
cLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.15.44, on 08/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\ESET\ESET Smart Security\ekrn.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231370207563&h=8c1faaceb91c3affc94171454699eb4a/&filename=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 8656 bytes
Torna in alto
 
r16
Inviato: Thursday, January 08, 2009 12:42:34 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao
Non ho visto il log di Malwarebytes che ti avevo richiesto.
E' migliorato il pc?.
Torna in alto
 
michele.mar
Inviato: Thursday, January 08, 2009 1:09:05 PM
Rank: Member

Iscritto dal : 12/2/2006
Posts: 11
Shame on you no probabilmente il problema deve essere un'altro.
Torna in alto
 
michele.mar
Inviato: Thursday, January 08, 2009 3:46:46 PM
Rank: Member

Iscritto dal : 12/2/2006
Posts: 11
Think Ciao r16 ti ho postato la scansione che mi hai chiesto e spero proprio che mi puoi aiutare grazie.
cMalwarebytes' Anti-Malware 1.31
Versione del database: 1610
Windows 5.1.2600 Service Pack 3

08/01/2009 15.43.06
mbam-log-2009-01-08 (15-43-06).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 81529
Tempo trascorso: 42 minute(s), 18 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
r16
Inviato: Thursday, January 08, 2009 6:21:52 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
michele.mar ha scritto:
Shame on you no probabilmente il problema deve essere un'altro.

Beh, se cominci a spiegarmi che tipo di problema ti dà il pc, posso aiutarti meglio.
Torna in alto
 
michele.mar
Inviato: Thursday, January 08, 2009 8:57:03 PM
Rank: Member

Iscritto dal : 12/2/2006
Posts: 11
d'oh! Ok r16 i miei problemi sono un rallentamento inziale e difficolta a chiudere le finestre specie quelle di internet. Grazie per il tuo interessamento e il tempo che mi stai dedicando, aspetto un altro tuo intervento a presto ciao.
Torna in alto
 
r16
Inviato: Thursday, January 08, 2009 10:19:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao, facciamo una controllatina con Combofix:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Torna in alto
 
michele.mar
Inviato: Thursday, January 08, 2009 10:28:16 PM
Rank: Member

Iscritto dal : 12/2/2006
Posts: 11
Pray Caro r16 eccoti il log di ComboFix sperando che questa sia la volta buona.
ComboFix 09-01-08.01 - mc 2009-01-08 21.59.26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1023.653 [GMT 1:00]
Eseguito da: c:\documents and settings\mc\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mc\Impostazioni locali\Dati applicazioni\fcnmcell.dat
c:\documents and settings\mc\Impostazioni locali\Dati applicazioni\fcnmcell_nav.dat
c:\documents and settings\mc\Impostazioni locali\Dati applicazioni\fcnmcell_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2008-12-08 al 2009-01-08 )))))))))))))))))))))))))))))))))))
.

2009-01-08 21:58 . 2009-01-08 21:58 <DIR> drahsc--- C:\cmdcons
2009-01-08 21:55 . 2009-01-08 22:06 <DIR> d----c--- C:\Qoobox
2009-01-08 21:54 . 2009-01-08 22:08 <DIR> d----c--- C:\ComboFix
2009-01-08 20:39 . 1,073,270,784 C:\hiberfil.sys
2009-01-08 00:17 . 2009-01-08 00:21 <DIR> d-------- c:\documents and settings\mc\.housecall6.6
2009-01-08 00:15 . 2009-01-08 00:15 <DIR> d-------- c:\windows\Sun
2009-01-08 00:13 . 2009-01-08 00:08 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-08 00:13 . 2009-01-08 00:09 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-08 00:08 . 2009-01-08 00:08 <DIR> d-------- c:\programmi\Java
2009-01-07 23:16 . 2009-01-07 23:17 <DIR> d-------- c:\documents and settings\mc\Dati applicazioni\.clamwin
2009-01-07 23:15 . 2009-01-08 20:32 <DIR> d-------- c:\programmi\ClamWin
2009-01-07 23:15 . 2009-01-07 23:15 <DIR> d-------- c:\documents and settings\All Users\.clamwin
2009-01-07 17:27 . 2009-01-07 17:27 <DIR> d-------- c:\programmi\Trend Micro
2009-01-07 16:43 . 2009-01-07 16:43 <DIR> d-------- c:\programmi\COMODO
2009-01-07 16:43 . 2009-01-07 16:43 <DIR> d-------- c:\documents and settings\mc\Dati applicazioni\Comodo
2009-01-07 16:43 . 2009-01-07 17:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\comodo
2009-01-07 16:43 . 2009-01-07 17:13 147,192 --a------ c:\windows\system32\guard32.dll
2009-01-07 16:43 . 2009-01-07 17:14 101,776 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-01-07 16:43 . 2009-01-07 17:14 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-01-04 13:55 . 2009-01-04 13:55 <DIR> d--h-c--- C:\$AVG8.VAULT$
2009-01-04 13:55 . 2009-01-04 13:55 <DIR> d--h-c--- C:\$AVG8.VAULT$
2009-01-04 12:42 . 2009-01-04 12:42 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-04 12:42 . 2009-01-04 12:42 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-04 12:42 . 2009-01-04 12:42 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-04 12:41 . 2009-01-08 12:01 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-04 12:41 . 2009-01-04 12:41 <DIR> d-------- c:\programmi\AVG
2009-01-04 12:41 . 2009-01-04 21:40 <DIR> d-------- c:\documents and settings\mc\Dati applicazioni\AVGTOOLBAR
2009-01-04 12:41 . 2009-01-04 12:41 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-01-04 11:18 . 2009-01-08 15:58 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-04 11:18 . 2009-01-04 11:18 <DIR> d-------- c:\documents and settings\mc\Dati applicazioni\Malwarebytes
2009-01-04 11:18 . 2009-01-04 11:18 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-04 11:18 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 11:18 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-02 19:52 . 2009-01-02 20:10 <DIR> d-------- c:\programmi\Free Hide Folder
2008-12-31 16:26 . 2008-12-31 16:26 <DIR> d--h----- c:\windows\system32\CyberInstallerUninstallerSystem
2008-12-31 16:26 . 2009-01-02 20:30 <DIR> d-------- c:\programmi\Gestione File Organizer
2008-12-31 16:26 . 2004-03-08 23:00 275,216 --a------ c:\windows\system32\MSDATGRD.OCX
2008-12-31 16:26 . 2002-08-05 17:33 200,704 --a------ c:\windows\system32\ADONowCombo.ocx
2008-12-31 16:26 . 2004-03-08 23:00 131,856 --a------ c:\windows\system32\MSADODC.OCX
2008-12-31 16:26 . 2004-02-22 23:00 119,808 --a------ c:\windows\system32\MSSTDFMT.DLL
2008-12-31 16:26 . 2004-02-22 23:00 78,848 --a------ c:\windows\system32\MSBIND.DLL
2008-12-31 16:25 . 2008-12-31 16:25 <DIR> d-------- c:\documents and settings\mc\Dati applicazioni\CyberInstaller Studio 2008
2008-12-28 15:01 . 2008-04-13 11:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-28 15:01 . 2008-04-13 11:45 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys
2008-12-27 17:53 . 2009-01-07 16:02 <DIR> d-------- c:\documents and settings\mc\Dati applicazioni\Lavasoft
2008-12-27 17:19 . 2008-12-27 17:19 <DIR> d-------- c:\documents and settings\mc\Dati applicazioni\GlarySoft
2008-12-27 14:39 . 2009-01-07 16:02 <DIR> d-------- c:\programmi\Lavasoft
2008-12-27 14:39 . 2008-12-27 14:39 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-12-27 14:37 . 2008-12-27 14:37 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-12-26 18:48 . 2008-12-26 18:48 <DIR> d-------- c:\programmi\Windows Update Remover
2008-12-26 18:48 . 2007-05-09 01:10 237,552 --a------ c:\windows\system32\tpuninst.exe
2008-12-26 17:55 . 2008-12-26 17:55 0 --a------ c:\windows\scummvm.ini
2008-12-26 17:49 . 2008-12-26 17:54 28 --a------ c:\windows\MIDISOFT.INI
2008-12-26 16:43 . 2008-12-26 16:43 63 --a------ c:\windows\WINHELP.BMK
2008-12-26 15:23 . 2008-04-13 19:12 102,912 --------- c:\windows\system32\dllcache\dpcdll.dll
2008-12-26 14:33 . 2008-12-26 14:33 430 --a------ c:\windows\system32\DRVSTORE.rar
2008-12-26 14:17 . 2009-01-01 11:33 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-26 14:09 . 2008-12-26 14:12 <DIR> d-------- c:\documents and settings\mc\Dati applicazioni\uniblue
2008-12-26 14:08 . 2008-12-26 14:19 <DIR> d-------- c:\programmi\Uniblue
2008-12-26 14:01 . 2008-12-26 14:06 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-26 14:01 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2008-12-26 14:01 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-26 14:01 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-26 14:01 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-26 11:35 . 2008-12-26 11:35 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-26 11:06 . 2001-08-30 23:07 104,832 --a------ c:\windows\system32\dllcache\atiraged.dll
2008-12-26 11:06 . 2001-08-30 19:59 70,784 --a------ c:\windows\system32\dllcache\atiragem.sys
2008-12-26 11:04 . 2001-08-30 23:07 462,848 --a------ c:\windows\system32\dllcache\a3dapi.dll
2008-12-26 11:04 . 2001-08-17 20:20 297,728 --a------ c:\windows\system32\dllcache\ac97sis.sys
2008-12-26 11:04 . 2004-08-03 22:32 231,552 --a------ c:\windows\system32\dllcache\ac97ali.sys
2008-12-26 11:04 . 2001-08-30 23:07 98,304 --a------ c:\windows\system32\dllcache\a3d.dll
2008-12-26 11:04 . 2001-08-17 20:20 96,256 --a------ c:\windows\system32\dllcache\ac97intc.sys
2008-12-26 11:04 . 2004-08-03 22:32 84,480 --a------ c:\windows\system32\dllcache\ac97via.sys
2008-12-26 11:04 . 2008-04-13 19:46 48,128 --a------ c:\windows\system32\dllcache\61883.sys
2008-12-26 11:04 . 2001-08-30 23:07 38,400 --a------ c:\windows\system32\dllcache\8514a.dll
2008-12-26 11:04 . 2001-08-17 21:52 23,552 --a------ c:\windows\system32\dllcache\abp480n5.sys
2008-12-26 11:04 . 2008-04-13 19:40 12,288 --a------ c:\windows\system32\dllcache\4mmdat.sys
2008-12-26 11:03 . 2001-08-31 15:00 171,520 --a------ c:\windows\system32\dllcache\iisui.dll
2008-12-26 11:03 . 2001-08-31 15:00 96,768 --a------ c:\windows\system32\dllcache\certmap.ocx
2008-12-26 11:03 . 2001-08-30 23:07 66,048 --a------ c:\windows\system32\dllcache\s3legacy.dll
2008-12-26 11:03 . 2001-08-31 15:00 19,968 --a------ c:\windows\system32\dllcache\inetsloc.dll
2008-12-26 11:03 . 2001-08-31 15:00 15,360 --a------ c:\windows\system32\dllcache\iisreset.exe
2008-12-26 11:03 . 2001-08-17 22:06 11,264 --a------ c:\windows\system32\dllcache\1394vdbg.sys
2008-12-26 11:03 . 2001-08-31 15:00 7,680 --a------ c:\windows\system32\dllcache\inetmgr.exe
2008-12-26 11:03 . 2001-08-31 15:00 7,168 --a------ c:\windows\system32\dllcache\wamregps.dll
2008-12-26 11:03 . 2001-08-31 15:00 5,632 --a------ c:\windows\system32\dllcache\iisrstap.dll
2008-12-25 15:16 . 2008-12-25 15:16 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\RoboForm
2008-12-25 15:06 . 2008-12-25 15:06 <DIR> d-------- c:\documents and settings\mc\Dati applicazioni\Software Informer
2008-12-25 14:53 . 2001-08-31 15:00 180,770 --a------ c:\windows\system32\dllcache\c_20932.nls
2008-12-25 14:51 . 2001-08-30 23:07 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-12-25 14:51 . 2001-08-30 23:07 8,704 --a------ c:\windows\system32\dllcache\kbdjpn.dll
2008-12-25 14:51 . 2001-08-30 23:07 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-12-25 14:51 . 2001-08-30 23:07 8,192 --a------ c:\windows\system32\dllcache\kbdkor.dll
2008-12-25 14:51 . 2008-04-14 03:12 6,144 --a------ c:\windows\system32\kbd106.dll
2008-12-25 14:51 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-12-25 14:51 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-12-25 14:51 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\dllcache\kbd101c.dll
2008-12-25 14:51 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\dllcache\kbd101b.dll
2008-12-25 14:51 . 2001-08-17 22:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-12-25 14:51 . 2001-08-17 22:55 5,632 --a------ c:\windows\system32\dllcache\kbd103.dll
2008-12-25 14:03 . 2009-01-07 12:56 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-25 13:19 . 2009-01-07 14:29 <DIR> d-------- c:\programmi\Registry Easy
2008-12-24 15:48 . 2008-12-24 15:48 <DIR> d-------- c:\programmi\Auslogics
2008-12-24 15:48 . 2008-12-24 15:48 <DIR> d-------- c:\documents and settings\mc\Dati applicazioni\Auslogics
2008-12-24 15:42 . 2008-12-24 15:42 <DIR> d-------- c:\documents and settings\mc\Dati applicazioni\Yahoo!
2008-12-24 15:42 . 2008-12-24 15:42 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2008-12-24 15:41 . 2008-12-24 15:41 <DIR> d-------- c:\programmi\Yahoo!
2008-12-24 15:41 . 2008-12-24 15:41 <DIR> d-------- c:\programmi\IObit
2008-12-24 15:41 . 2008-12-24 15:41 <DIR> d-------- c:\documents and settings\mc\Dati applicazioni\IObit
2008-12-23 19:47 . 2008-12-23 19:47 <DIR> d-------- c:\programmi\Windows Defender
2008-12-23 18:59 . 2008-12-23 19:00 <DIR> d-------- c:\windows\system32\Ecodieta Enel Natale 2008 dir
2008-12-23 18:59 . 2008-12-23 18:59 203,264 --a------ c:\windows\system32\Ecodieta Enel Natale 2008.scr
2008-12-23 12:02 . 2008-12-23 12:02 <DIR> d-------- c:\programmi\Crawler
2008-12-19 19:50 . 2008-12-19 19:50 <DIR> d-------- c:\programmi\Windows Live Favorites
2008-12-19 14:43 . 2008-12-19 14:43 <DIR> d-------- c:\programmi\Conduit
2008-12-19 14:39 . 2008-12-19 14:39 <DIR> d-------- c:\programmi\File comuni\Skype
2008-12-18 15:10 . 2008-12-18 15:10 268 --ah----- C:\sqmdata06.sqm
2008-12-18 15:10 . 2008-12-18 15:10 244 --ah----- C:\sqmnoopt06.sqm
2008-12-17 17:50 . 2008-12-17 17:50 <DIR> d-------- c:\programmi\MSXML 4.0
2008-12-17 17:50 . 2008-12-17 17:50 <DIR> d-------- c:\programmi\File comuni\ArcSoft
2008-12-17 17:50 . 2008-12-17 17:50 <DIR> d-------- c:\documents and settings\mc\WINDOWS
2008-12-17 17:35 . 2008-12-17 17:35 <DIR> d-------- c:\windows\system32\xircom
2008-12-17 17:35 . 2008-12-19 14:32 <DIR> d-------- c:\windows\system32\bits

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="c:\programmi\COMODO\Firewall\cfp.exe" [2009-01-07 1797880]
"COMODO Internet Security"="c:\programmi\COMODO\Firewall\cfp.exe" [2009-01-07 1797880]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2008-11-09 86016]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-08 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-10-16 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2008-10-20 16640]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-04 97928]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-01-07 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-01-07 31504]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [2007-05-14 508288]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-04 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-04 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-04 76040]
R4 ekrn;Eset Service;c:\programmi\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R4 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-19 14336]
R4 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys --> c:\windows\system32\DRIVERS\wg111v3.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-01-08 c:\windows\Tasks\Schedule Task Weekly.job
- c:\programmi\Registry Easy\RE.exe []
.
- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - (no file)


.
------- Supplementare di scansione -------
.
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\Toolbar\ctbr.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 22:06:04
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\windows\TEMP\TMP00000028C67DB0B42D3A0619 524288 bytes

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows\SP1\NLSDownlevelMapping\Filelist]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP0\KB941569\Filelist]
@DACL=(02 0000)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\programmi\COMODO\Firewall\cmdagent.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\programmi\Windows Live\Messenger\usnsvc.exe
c:\progra~1\AVG\AVG8\avgupd.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-08 22:15:27 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2009-01-08 21:15:01

Pre-Run: 70.040.993.792 byte disponibili
Post-Run: 70,078,734,336 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

256 --- E O F --- 2009-01-06 16:55:33
Torna in alto
 
r16
Inviato: Thursday, January 08, 2009 10:45:29 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Combofix ti ha levato alcuni "rimasugli" delle eliminazioni fatte precedentemente (fcnmcell.exe).
Per il resto non c'è niente di anomalo.
Puoi disistallare Combofix nelle modalità descritte nel post precedente.
*********************************************************************************************************
Fai quest'ultima scansione:
carica Norman Malware Cleaner http://download.norman.no/public/Norman_Malware_Cleaner.exe e salvalo sul desktop
Avvia in MODALITA PROVVISORIA

Si avvia
si accetta la licenza
si clicca Start Scan
si attende la fine della scansione
Viene generato un log sul desktop, postalo qui.
In alcuni casi Norman Malware Cleaner potrebbe richiedere il riavvio del computer per rimuovere completamente l'infezione, in
questo caso è raccomandata una seconda esecuzione del programma dopo aver riavviato il PC per garantire la completa rimozione di tutti i files infetti.
Torna in alto
 
michele.mar
Inviato: Friday, January 09, 2009 12:05:20 AM
Rank: Member

Iscritto dal : 12/2/2006
Posts: 11
Anxious Caro r16 eccoti quì il log che mi hai chiesto.
Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2009/01/08 15:25:42

Norman Scanner Engine Version: 5.93.01
Nvcbin.def Version: 5.93.00, Date: 2009/01/08 15:25:42, Variants: 2455541

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: ICE\mc


Scan started: 08/01/2009 23:30:50


Scanning running processes and process memory...

Number of processes/threads found: 1744
Number of processes/threads scanned: 1744
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 40s


Scanning file system...

Scanning: C:\*.*


Running post-scan cleanup routine:

Number of files found: 52390
Number of archives unpacked: 400
Number of files scanned: 52325
Number of files not scanned: 65
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 23m 40s
Torna in alto
 
r16
Inviato: Friday, January 09, 2009 12:12:22 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao
Lo puoi disistallare.
Il log dice che hai il pc pulito.
Fai queste operazioni di pulizia:

lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Poi:
Fai: Start\Esegui\ copia-incolla questo comando: %temp% e svuota la cartella TEMP. ( non eliminare la cartella)


Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Vedi se migliora.
Torna in alto
 
michele.mar
Inviato: Friday, January 09, 2009 3:08:58 PM
Rank: Member

Iscritto dal : 12/2/2006
Posts: 11
Whistle Grazie r16 ho eseguito tutto quello che mi hai suggerito, ed il miglioramento e proprio minimo forse devo provvedere a far caricare meno programmi all'avvio che nè pensi?
Torna in alto
 
r16
Inviato: Friday, January 09, 2009 5:57:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok, postami un log di HijackThis, e vedo cosa puoi levare.
Torna in alto
 
michele.mar
Inviato: Friday, January 09, 2009 7:43:08 PM
Rank: Member

Iscritto dal : 12/2/2006
Posts: 11
Not talking Ok r16 grazie per la pazienza che mi stai mostrando eccoti l'ennesimo log che mi hai chiesto.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.40.54, on 09/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\ESET\ESET Smart Security\ekrn.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows Live Toolbar\msn_sl.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231370207563&h=8c1faaceb91c3affc94171454699eb4a/&filename=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 7756 bytes
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto per il log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.