Vai al contenuto

  • Connettiti con Facebook Log In with Google      Connettiti   
  • Registrati

Contenuti di salewa2022

Ci sono stati 10 elementi per salewa2022 (Ricerca limitata per 20-ottobre 18)


Ordina per                Ordina  

#10838 Ho Il Computer Conqulache Virus Helpppp!!

Inviato da salewa2022 su 11 gennaio 2009 - 08:36 in SICUREZZA - VIRUS

Appena ho tempo faro' la pulizia che mi ahi consigliato...ad essere sinceri mi compare un pop up fastidiosetto...

TI aggiorno fra aqualche giorno che sono pieno di impegni, grazie mille del supporto :OKOK:



#10834 Ho Il Computer Conqulache Virus Helpppp!!

Inviato da salewa2022 su 09 gennaio 2009 - 03:46 in SICUREZZA - VIRUS

ok ho fatto grazie,
il computer sembra un altro ora, riposto il log per scaramanzia:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.44.46, on 09/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\DNA\btdna.exe
C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
D:\programmi\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [noun remote] C:\DOCUME~1\Ale\DATIAP~1\32BIRD~1\BodyReadmeWin.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDDB472-F935-459B-A7CC-BA79F39375B4}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8300 bytes

grazie ancora dell'aiuto



#10830 Ho Il Computer Conqulache Virus Helpppp!!

Inviato da salewa2022 su 08 gennaio 2009 - 12:02 in SICUREZZA - VIRUS

Ciao, ho eseguito tutto come mi hai detto, ecco qui il log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.00.53, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\Programmi\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
D:\programmi\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029d3336-28c9-4315-8cef-609fe4c44db8} - C:\WINDOWS\system32\safevayi.dll (file missing)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Byte Tool Tons Mail] C:\Documents and Settings\All Users\Dati applicazioni\Ping Sign Byte Tool\Meet hold.exe
O4 - HKLM\..\Run: [hugufuyuju] Rundll32.exe "C:\WINDOWS\system32\zahenese.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDDB472-F935-459B-A7CC-BA79F39375B4}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8264 bytes



#10811 Ho Il Computer Conqulache Virus Helpppp!!

Inviato da salewa2022 su 02 gennaio 2009 - 05:13 in SICUREZZA - VIRUS

Ciao, ho fatto come mi hai detto va molto meglio il pc e non mi da piu problemi di processore o ram, incollo i log:

ComboFix 08-12-29.02 - Ale 2009-01-02 14.57.53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1279.696 [GMT 1:00]
Eseguito da: c:\documents and settings\Ale\Desktop\combofix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
Os seguintes ficheiros foram desabilitados durante a rodagem:
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\bold.log
c:\documents and settings\Ale\Ale.exe
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\nq0cq.cmd
C:\rqb0v2ot.bat
c:\windows\expiorer.exe
c:\windows\system32\~.exe
c:\windows\system32\a.exe
c:\windows\system32\aduyuliz.ini
c:\windows\system32\Bitkv0.dll
c:\windows\system32\Bitkv1.dll
c:\windows\system32\ckvo.exe
c:\windows\system32\ckvo0.dll
c:\windows\system32\ckvo1.dll
c:\windows\system32\ckvo2.dll
c:\windows\system32\ckvo3.dll
c:\windows\system32\edijupal.ini
c:\windows\system32\fool0.dll
c:\windows\system32\ieso0.dll
c:\windows\system32\imagasap.ini
c:\windows\system32\izuregat.ini
c:\windows\system32\kxvo.exe
c:\windows\system32\uguhodek.ini
c:\windows\system32\wGxs472v.exe.a_a
c:\windows\system32\zanilepi.dll
C:\xih9.cmd
D:\Autorun.inf
D:\nq0cq.cmd
D:\rqb0v2ot.bat
D:\xih9.cmd
G:\autorun.inf
G:\rqb0v2ot.bat

----- BITS: Sites possivelmente infetados -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VFILT


((((((((((((((((((((((((( Files Creati Da 2008-12-02 al 2009-01-02 )))))))))))))))))))))))))))))))))))
.

2009-01-02 15:01 . 2009-01-02 15:01 <DIR> d-------- c:\windows\system32\xircom
2009-01-02 15:01 . 2009-01-02 15:01 <DIR> d-------- c:\programmi\microsoft frontpage
2008-12-26 23:27 . 2008-12-30 09:28 31,232 --a------ c:\windows\system32\eQ7fH365.dll
2008-12-26 22:06 . 2008-12-26 22:06 <DIR> d-------- c:\programmi\32 Bird Second
2008-12-23 20:16 . 2008-12-23 20:16 <DIR> d-------- c:\programmi\Security Task Manager
2008-12-23 20:16 . 2008-12-23 20:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan
2008-12-23 19:53 . 2008-12-23 19:57 <DIR> d-------- C:\fixwareout
2008-12-23 11:54 . 2008-12-23 11:54 <DIR> d-------- c:\programmi\TorrentSpeeder
2008-12-23 11:54 . 2008-12-26 22:07 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Ping Sign Byte Tool
2008-12-23 11:54 . 2008-12-26 22:07 <DIR> d-------- c:\documents and settings\Ale\Dati applicazioni\32 Bird Second
2008-12-21 16:50 . 2008-12-21 16:50 <DIR> d-------- c:\programmi\foobar2000
2008-12-21 16:50 . 2008-12-21 17:47 <DIR> d-------- c:\documents and settings\Ale\Dati applicazioni\foobar2000
2008-12-20 16:55 . 2008-12-20 16:54 32,256 --a------ c:\windows\system32\wGxs472v.exe
2008-12-19 19:07 . 2008-12-19 21:01 <DIR> d-------- c:\programmi\Opera
2008-12-19 18:52 . 2009-01-02 15:01 <DIR> d-------- c:\programmi\DNA
2008-12-19 18:52 . 2008-12-19 18:52 <DIR> d-------- c:\programmi\BitTorrent
2008-12-19 18:52 . 2009-01-02 15:01 <DIR> d-------- c:\documents and settings\Ale\Dati applicazioni\DNA
2008-12-19 18:52 . 2008-12-30 12:12 <DIR> d-------- c:\documents and settings\Ale\Dati applicazioni\BitTorrent
2008-12-19 18:51 . 2008-12-19 18:51 <DIR> d-------- c:\programmi\AskBarDis
2008-12-17 20:42 . 2008-12-23 19:50 85,504 -r-hs---- c:\windows\system32\vbsdfe2.dll
2008-12-17 20:41 . 2009-01-02 14:51 85,504 -r-hs---- c:\windows\system32\vbsdfe0.dll
2008-12-13 22:00 . 2008-12-26 20:58 85,504 -r-hs---- c:\windows\system32\vbsdfe1.dll
2008-12-10 20:34 . 2008-12-26 20:58 115,869 -r-hs---- c:\windows\system32\vamsoft.exe
2008-12-04 09:27 . 2008-12-04 09:26 106,664 -r-hs---- C:\rcukd.cmd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 13:51 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\AVG7
2008-12-29 11:29 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\Skype
2008-12-26 19:29 87,323 ------w c:\windows\system32\ziluyuda.dll
2008-12-04 08:32 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\U3
2008-11-25 16:07 --------- d-----w c:\programmi\Lexmark 1200 Series
2008-11-25 14:45 --------- d-----w c:\programmi\Virtual Earth 3D
2008-11-25 14:34 104,480 --sh--r C:\ij.bat
2008-11-07 18:41 109,879 --sh--r C:\sq.com
2008-11-02 15:58 139,664 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-02 15:56 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-22 15:49 104,123 --sh--r C:\xlk9.com
2008-10-21 08:58 105,553 --sh--r C:\2fiji.com
2008-10-01 14:59 24,192 ----a-w c:\documents and settings\Ale\usbsermptxp.sys
2008-10-01 14:59 22,768 ----a-w c:\documents and settings\Ale\usbsermpt.sys
2008-09-05 14:17 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-09-05 14:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
2008-09-05 14:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008090520080906\index.dat
2008-09-05 14:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\programmi\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools"="c:\programmi\DAEMON Tools\daemon.exe" [2007-11-17 171464]
"Yahoo! Pager"="c:\programmi\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 4670704]
"vamsoft"="c:\windows\system32\vamsoft.exe" [2008-12-26 115869]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2008-12-19 342848]
"noun remote"="c:\docume~1\Ale\DATIAP~1\32BIRD~1\BodyReadmeWin.exe" [2008-12-26 540160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\programmi\VIAudioi\SBADeck\ADeck.exe" [2005-04-08 512000]
"itype"="c:\programmi\Microsoft IntelliType Pro\itype.exe" [2005-12-04 437008]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"Ashampoo FireWall PRO"="c:\programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" [2008-09-17 3543552]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-17 413696]
"Lexmark 1200 Series"="c:\programmi\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LogitechCameraAssistant"="c:\programmi\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\programmi\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"Byte Tool Tons Mail"="c:\documents and settings\All Users\Dati applicazioni\Ping Sign Byte Tool\Dupe wave.exe" [2009-01-02 688128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-09-05 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-01-03 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Programmi\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"c:\\Programmi\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\imapi.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Programmi\\File comuni\\Autodesk Shared\\Service\\AdskScSrv.exe"=
"c:\\Programmi\\RocketDock\\RocketDock.exe"=
"c:\\Programmi\\Logitech\\Video\\CameraAssistant.exe"=
"c:\\Programmi\\Microsoft IntelliType Pro\\itype.exe"=
"c:\\Programmi\\Lexmark 1200 Series\\lxczbmgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Port 6881_TCP
"6881:UDP"= 6881:UDP:Port 6881_UDP
"6882:TCP"= 6882:TCP:Port 6882_TCP
"6882:UDP"= 6882:UDP:Port 6882_UDP
"6883:TCP"= 6883:TCP:Port 6883_TCP
"6883:UDP"= 6883:UDP:Port 6883_UDP
"6884:TCP"= 6884:TCP:Port 6884_TCP
"6884:UDP"= 6884:UDP:Port 6884_UDP
"6885:TCP"= 6885:TCP:Port 6885_TCP
"6885:UDP"= 6885:UDP:Port 6885_UDP
"6886:TCP"= 6886:TCP:Port 6886_TCP
"6886:UDP"= 6886:UDP:Port 6886_UDP
"6887:TCP"= 6887:TCP:Port 6887_TCP
"6887:UDP"= 6887:UDP:Port 6887_UDP
"6888:TCP"= 6888:TCP:Port 6888_TCP
"6888:UDP"= 6888:UDP:Port 6888_UDP
"6889:TCP"= 6889:TCP:Port 6889_TCP
"6889:UDP"= 6889:UDP:Port 6889_UDP
"6890:TCP"= 6890:TCP:Port 6890_TCP
"6890:UDP"= 6890:UDP:Port 6890_UDP
"6891:TCP"= 6891:TCP:Port 6891_TCP
"6891:UDP"= 6891:UDP:Port 6891_UDP
"6892:TCP"= 6892:TCP:Port 6892_TCP
"6892:UDP"= 6892:UDP:Port 6892_UDP
"6893:TCP"= 6893:TCP:Port 6893_TCP
"6893:UDP"= 6893:UDP:Port 6893_UDP
"6894:TCP"= 6894:TCP:Port 6894_TCP
"6894:UDP"= 6894:UDP:Port 6894_UDP
"6895:TCP"= 6895:TCP:Port 6895_TCP
"6895:UDP"= 6895:UDP:Port 6895_UDP
"6896:TCP"= 6896:TCP:Port 6896_TCP
"6896:UDP"= 6896:UDP:Port 6896_UDP
"6897:TCP"= 6897:TCP:Port 6897_TCP
"6897:UDP"= 6897:UDP:Port 6897_UDP
"6898:TCP"= 6898:TCP:Port 6898_TCP
"6898:UDP"= 6898:UDP:Port 6898_UDP
"6899:TCP"= 6899:TCP:Port 6899_TCP
"6899:UDP"= 6899:UDP:Port 6899_UDP
"6900:TCP"= 6900:TCP:Port 6900_TCP
"6900:UDP"= 6900:UDP:Port 6900_UDP
"6901:TCP"= 6901:TCP:Port 6901_TCP
"6901:UDP"= 6901:UDP:Port 6901_UDP
"6902:TCP"= 6902:TCP:Port 6902_TCP
"6902:UDP"= 6902:UDP:Port 6902_UDP
"6903:TCP"= 6903:TCP:Port 6903_TCP
"6903:UDP"= 6903:UDP:Port 6903_UDP
"6904:TCP"= 6904:TCP:Port 6904_TCP
"6904:UDP"= 6904:UDP:Port 6904_UDP
"6905:TCP"= 6905:TCP:Port 6905_TCP
"6905:UDP"= 6905:UDP:Port 6905_UDP
"6906:TCP"= 6906:TCP:Port 6906_TCP
"6906:UDP"= 6906:UDP:Port 6906_UDP
"6907:TCP"= 6907:TCP:Port 6907_TCP
"6907:UDP"= 6907:UDP:Port 6907_UDP
"6908:TCP"= 6908:TCP:Port 6908_TCP
"6908:UDP"= 6908:UDP:Port 6908_UDP
"6909:TCP"= 6909:TCP:Port 6909_TCP
"6909:UDP"= 6909:UDP:Port 6909_UDP

R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;"c:\programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-09 65536]
R3 DrvFltIp;DrvFltIp;\??\c:\documents and settings\Ale\Impostazioni locali\TEMP\DrvFltIp [2009-01-02 29184]
S3 S3chipid;S3chipid;\??\c:\docume~1\Ale\IMPOST~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a4df61e-7bf9-11dd-a18d-00508d67bcfa}]
\Shell\AutoRun\command - G:\rqb0v2ot.bat
\Shell\explore\Command - G:\rqb0v2ot.bat
\Shell\open\Command - G:\rqb0v2ot.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d04e19d-cead-11dd-a20a-00508d67bcfa}]
\Shell\AutoRun\command - G:\rqb0v2ot.bat
\Shell\explore\Command - G:\rqb0v2ot.bat
\Shell\open\Command - G:\rqb0v2ot.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e573e6b2-9606-11dd-a1d4-00508d67bcfa}]
\Shell\AutoRun\command - G:\xlk9.com
\Shell\explore\Command - G:\xlk9.com
\Shell\open\Command - G:\xlk9.com
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-30 c:\windows\Tasks\AF89CCCA91DE7FF6.job
- c:\docume~1\ale\datiap~1\32bird~1\Burn Five Cool.exe [2008-12-26 22:07]

2008-12-29 c:\windows\Tasks\At1.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At10.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At11.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At12.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At13.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At14.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At15.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At16.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At17.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At18.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At19.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At2.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At20.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At21.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At22.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At23.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-29 c:\windows\Tasks\At24.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At3.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At4.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At5.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At6.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At7.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At8.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]

2008-12-30 c:\windows\Tasks\At9.job
- c:\windows\system32\wGxs472v.exe [2008-12-20 16:54]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{029d3336-28c9-4315-8cef-609fe4c44db8} - c:\windows\system32\herifolu.dll
HKLM-Run-hugufuyuju - c:\windows\system32\kabifoti.dll
HKLM-Run-c0667872 - c:\windows\system32\pasagami.dll


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www2.iesearch.com/
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
TCP: {CDDDB472-F935-459B-A7CC-BA79F39375B4} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 15:01:48
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\Ale\IMPOST~1\Temp\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\c:\documents and settings\Ale\Impostazioni locali\TEMP\DrvFltIp"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\CLBCATQ.DLL
c:\programmi\Ashampoo\Ashampoo FireWall PRO\MD5.dll

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\WLDAP32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\ipsecsvc.dll
c:\programmi\Ashampoo\Ashampoo FireWall PRO\MD5.dll

- - - - - - - > 'csrss.exe'(736)
c:\programmi\Ashampoo\Ashampoo FireWall PRO\MD5.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcSrv.exe
c:\programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\Lexmark 1200 Series\lxczbmon.exe
c:\programmi\Internet Explorer\IEXPLORE.EXE
c:\programmi\Internet Explorer\IEXPLORE.EXE
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-02 15:04:06 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2009-01-02 14:03:56

Pre-Run: 16.422.363.136 byte disponibili
Post-Run: 16,528,433,152 byte disponibili

360



ed ecco l'altro:


Malwarebytes' Anti-Malware 1.31
Versione del database: 1596
Windows 5.1.2600 Service Pack 2

02/01/2009 17.03.30
mbam-log-2009-01-02 (17-03-21).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 89250
Tempo trascorso: 32 minute(s), 12 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 1
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 24

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vamsoft (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www2.iesearch.com/) Good: (http://www.google.com/) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan\herifolu.dll.q_804EE00_q (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan\jubevuto.dll.q_804EE00_q (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP51\A0020024.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP52\A0020138.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP53\A0020196.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP54\A0020197.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP56\A0020222.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP57\A0021350.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022358.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022367.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022390.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022391.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022392.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022393.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022397.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP58\A0022400.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP59\A0022509.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{D8A1326B-4574-4DEC-B50C-AB3D4CC59691}\RP59\A0022427.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\BIT9.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\BITA.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ziluyuda.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vamsoft.exe (Trojan.Agent) -> No action taken.
C:\rcukd.cmd (Trojan.Agent) -> No action taken.


Ti ringrazio dell'aiuto e approffitto anche per farti gli auguri di buon anno!



#10799 Ho Il Computer Conqulache Virus Helpppp!!

Inviato da salewa2022 su 29 dicembre 2008 - 12:30 in SICUREZZA - VIRUS

ecco il log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.27.22, on 29/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\expiorer.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
D:\programmi\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029d3336-28c9-4315-8cef-609fe4c44db8} - C:\WINDOWS\system32\herifolu.dll (file missing)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [hugufuyuju] Rundll32.exe "C:\WINDOWS\system32\kabifoti.dll",s
O4 - HKLM\..\Run: [Byte Tool Tons Mail] C:\Documents and Settings\All Users\Dati applicazioni\Ping Sign Byte Tool\Dupe wave.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [c0667872] rundll32.exe "C:\WINDOWS\system32\lapujide.dll",b
O4 - HKLM\..\Run: [CPMc3554bee] Rundll32.exe "c:\windows\system32\tiwedihu.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [noun remote] C:\DOCUME~1\Ale\DATIAP~1\32BIRD~1\BodyReadmeWin.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [hugufuyuju] Rundll32.exe "C:\WINDOWS\system32\kabifoti.dll",s (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDDB472-F935-459B-A7CC-BA79F39375B4}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\jubevuto.dll c:\windows\system32\tiwedihu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tiwedihu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tiwedihu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10444 bytes



#10798 Ho Il Computer Conqulache Virus Helpppp!!

Inviato da salewa2022 su 29 dicembre 2008 - 12:26 in SICUREZZA - VIRUS

Aiutatemi, quando accedo ad internet il processore va al 100% e tra i processi c'è internetexplore.exe che mi frega tutto il processore e se termino quel processo rispunta un secondo dopo ciucciandomi di nuovo tutto il procesore.
Inoltre sempre in contemporanea il disguido di prima con una pagina di internet explorer aperta aumenta la memoria ram allocata di 10 mb al secondo, se chiudo internet va a livelli normali!
Non capisco...ho fatto vare scansioni (ewido, avast avg e altri...ma non trova niente)

posto il log...kissà ke voi ne veniate fuori:



#10180 Ho Il Computer Super Rallentato....help!

Inviato da salewa2022 su 21 marzo 2008 - 03:33 in SICUREZZA - VIRUS

Ciao ragazzi ho il computer molto rallentato anche se nei processi non traspare niente di anomalo...posto hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.24.38, on 21/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
I:\Programmi\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\Explorer.EXE
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Programmi\File comuni\Real\Update_OB\realsched.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Programmi\Alwil Software\Avast4\setup\avast.setup
I:\Programmi\Skype\Phone\Skype.exe
I:\Programmi\APC PowerChute Personal Edition\mainserv.exe
I:\Programmi\OpenOffice.org1.1.3\program\soffice.exe
I:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
I:\Programmi\APC PowerChute Personal Edition\apcsystray.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Programmi\Agnitum\Outpost Firewall\outpost.exe
I:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
I:\Programmi\Skype\Plugin Manager\SkypePM.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Programmi\Alwil Software\Avast4\ashSimpl.exe
I:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
I:\Programmi\Alwil Software\Avast4\ashWebSv.exe
I:\Documents and Settings\Enzo\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - I:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - I:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - I:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OutpostFeedBack] I:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "I:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "I:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 1.1.3.lnk = I:\Programmi\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = I:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = I:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: Visualizzatore mailbox DocuColor 1632_2240.lnk = I:\Programmi\xerox\Scansione di rete\XrsUtl12.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - I:\Programmi\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - I:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C1AF410-4418-485F-97FB-412FF18EA8D2}: NameServer = 85.255.115.2,85.255.112.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - I:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - I:\Programmi\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - I:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - I:\Programmi\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - I:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7860 bytes



#10157 Mi Si Apre Un Pop Up In Basso A Destra Giallo Con Una X Dentro Un Bollino Rosso

Inviato da salewa2022 su 14 marzo 2008 - 11:03 in SICUREZZA - VIRUS

Ok perfetto!I processi non si sn ricreati dopo l'avvio.
Grazie del supporto, se non c'eri tu avrei formattato il pc. :OKOK:



#10148 Mi Si Apre Un Pop Up In Basso A Destra Giallo Con Una X Dentro Un Bollino Rosso

Inviato da salewa2022 su 07 marzo 2008 - 04:00 in SICUREZZA - VIRUS

Grazie della risposta ho fatto come mi hai detto e almeno per ora mi pare non appaia più il maledetto pop up.
Ecco il log di hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.59.35, on 07/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Autodesk\3ds Max 9\vrayspawner90.exe
C:\Programmi\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Programmi\Autodesk\3ds Max 9\3dsmax.exe
C:\WINDOWS\TEMP\AdskCleanup.0001
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\programmi\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\services.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [update32] C:\WINDOWS\lwsys32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 3.73\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 3.73\MediaManager\grab.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programmi\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EBFDE13-D122-4E6D-BF61-6B395A1567C6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED9A1F92-26A3-44E6-9BD5-A7EEBB8FA703}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD9B89E3-6C6D-4165-B6D0-DC3815116699}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{2EBFDE13-D122-4E6D-BF61-6B395A1567C6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{2EBFDE13-D122-4E6D-BF61-6B395A1567C6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: bw+0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\kloehk.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VRaySpawner 90 - Unknown owner - C:\Programmi\Autodesk\3ds Max 9\vrayspawner90.exe

--
End of file - 21516 bytes


ecco ora avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Fri Mar 07 15:49:10 2008

15:49:10: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\lwsys32.exe" deleted successfully.
File "C:\WINDOWS\system32\braviax.exe" deleted successfully.

Error: file "C:\Documents and Settings\Administrator\explorer.exe" not found!
Deletion of file "C:\Documents and Settings\Administrator\explorer.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\services.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



#10140 Mi Si Apre Un Pop Up In Basso A Destra Giallo Con Una X Dentro Un Bollino Rosso

Inviato da salewa2022 su 06 marzo 2008 - 06:07 in SICUREZZA - VIRUS

Ciao ragazzi!
Ho questo problema, mi viene fuori questo pop up che mi dice:
your computer is infected! che ha rilevato una infezione spyware e di conseguenza dice che windows installerà un anti spyware ...naturalmente l'ho bloccato quando stava per installarmi:WINREANIMATOR

posto qui il log hijack nella speranza che mi aiutate a pulire un po' il mio pc intasato dai virus... grazie mille eccolo:

Logfile of HijackThis v1.99.1
Scan saved at 18.06.35, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\lwsys32.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Autodesk\3ds Max 9\vrayspawner90.exe
C:\Programmi\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Programmi\Autodesk\3ds Max 9\3dsmax.exe
C:\WINDOWS\TEMP\AdskCleanup.0001
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
D:\ale\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\services.exe
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programmi\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [crtfmon] C:\Documents and Settings\Administrator\explorer.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\services.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 3.73\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 3.73\MediaManager\grab.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programmi\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EBFDE13-D122-4E6D-BF61-6B395A1567C6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED9A1F92-26A3-44E6-9BD5-A7EEBB8FA703}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD9B89E3-6C6D-4165-B6D0-DC3815116699}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{2EBFDE13-D122-4E6D-BF61-6B395A1567C6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{2EBFDE13-D122-4E6D-BF61-6B395A1567C6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: bw+0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {8CF106F1-993C-45A7-92C0-C098317460F5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\kloehk.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VRaySpawner 90 - Unknown owner - C:\Programmi\Autodesk\3ds Max 9\vrayspawner90.exe