Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

virus serwab

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

virus serwab

Postdi lake07 » 11/08/06 15:09

ciao...il mio computer è stato inchiappettato dal virus serwab...ho già letto gli altri topic che riguardano questo argomento e da quel che ho capito basta che mandi il log del mio computer con hijackthis e magicamente voi mi risolvete il problema...quindi io vi mando il log...poi se devo fare qualcos'altro...dite...

Process list saved on 16.15.02, on 11/08/2006
Platform: Windows XP (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
592 C:\WINDOWS\System32\smss.exe 5.1.2600.0 Microsoft Corporation
664 C:\WINDOWS\system32\winlogon.exe 5.1.2600.0 Microsoft Corporation
708 C:\WINDOWS\system32\services.exe 5.1.2600.0 Microsoft Corporation
720 C:\WINDOWS\system32\lsass.exe 5.1.2600.0 Microsoft Corporation
900 C:\WINDOWS\system32\svchost.exe 5.1.2600.0 Microsoft Corporation
1028 C:\WINDOWS\System32\svchost.exe 5.1.2600.0 Microsoft Corporation
1064 C:\Programmi\Sygate\SPF\smc.exe 5.5.0.2525 Sygate Technologies, Inc.
1320 C:\WINDOWS\Explorer.EXE 6.0.2600.0 Microsoft Corporation
1440 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.0 Microsoft Corporation
2012 C:\Programmi\The Cleaner\tca.exe 3.0.0.3057 MooSoft Development
2020 C:\Programmi\The Cleaner\tcm.exe 2.0.0.2024 MooSoft Development
2036 C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe 7.0.709.0 Microsoft® Corporation
2044 C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe 5.0.60.5 Sun Microsystems, Inc.
136 C:\Programmi\File comuni\Real\Update_OB\realsched.exe 0.1.0.3427 RealNetworks, Inc.
188 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 5.0.0.0
208 C:\Programmi\SkyPhone\SkyPhone\skyphone.exe 1.0.0.0 Kinforce
220 C:\WINDOWS\System32\ctfmon.exe 5.1.2600.0 Microsoft Corporation
252 C:\Programmi\WinZip\WZQKPICK.EXE 1.0.6224.0 WinZip Computing, Inc.
312 C:\Programmi\OpenOffice.org 2.0\program\soffice.exe 1.9.8964.500 OpenOffice.org
320 C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN 1.9.8964.500 OpenOffice.org
996 C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
1008 C:\Programmi\Alwil Software\Avast4\ashServ.exe 4.7.844.0
1048 C:\WINDOWS\System32\cisvc.exe 5.1.2600.0 Microsoft Corporation
1136 C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe 7.0.9064.9150 Microsoft Corporation
1176 C:\WINDOWS\System32\nvsvc32.exe 6.14.10.6112 NVIDIA Corporation
1232 C:\WINDOWS\System32\svchost.exe 5.1.2600.0 Microsoft Corporation
1896 C:\Programmi\Alwil Software\Avast4\ashWebSv.exe 4.7.844.0 ALWIL Software
1920 C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe 4.7.869.0 ALWIL Software
3112 C:\Programmi\Messenger\msmsgs.exe 4.7.0.2009 Microsoft Corporation
3660 C:\WINDOWS\System32\cidaemon.exe 5.1.2600.0 Microsoft Corporation
2600 C:\Programmi\Mozilla Firefox\firefox.exe 1.8.20060.7278 Mozilla Corporation
2140 C:\Programmi\Real\RealPlayer\RealPlay.exe 6.0.12.1348 RealNetworks, Inc.
3404 C:\Documents and Settings\Davide\Desktop\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.


grazie eh
lake07
Utente Junior
 
Post: 27
Iscritto il: 11/08/06 15:01

Sponsor
 

Postdi BilloKenobi » 11/08/06 15:14

contento di essere d'aiuto, ma quello non è il log di hijackthis. scaricalo dalla mia firma
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi lake07 » 17/08/06 22:00

si scusa ti ho risposto al messaggio...non so bne le regole di questo sito se magari bisogna ripsondere sempre nel topic o via dicendo.....cmq non costa niente rincollare di nuovo il log....

Logfile of HijackThis v1.99.1
Scan saved at 22.58.32, on 17/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programmi\The Cleaner\tca.exe
C:\Programmi\The Cleaner\tcm.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\SkyPhone\SkyPhone\skyphone.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Davide\Impostazioni locali\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sygate Personal Firewall] winn.exe
O4 - HKLM\..\Run: [Windows Compliant] mtgwcj.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] memstat.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [tcactive] C:\Programmi\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Programmi\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyPhone] C:\Programmi\SkyPhone\SkyPhone\skyphone.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] winn.exe
O4 - HKLM\..\RunServices: [Windows Compliant] mtgwcj.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] memstat.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] memstat.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] winn.exe
O4 - HKCU\..\Run: [Windows Compliant] mtgwcj.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: Alice - {6524DD9F-E207-49FE-811A-A69BB887E09E} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85912CE4-B6DD-46B2-BB81-8D095FCDF94A}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: starter (Protector) - Unknown owner - C:\WINDOWS\System32\scvhosting.exe" -netsvcs (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
lake07
Utente Junior
 
Post: 27
Iscritto il: 11/08/06 15:01

Postdi andorra24 » 17/08/06 22:24

Ciao, metti la spunta nella casellina accanto alle seguenti voci e dopo aver chiuso il browser e ogni altro programma aperto premi fix checked:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [Sygate Personal Firewall] winn.exe
O4 - HKLM\..\Run: [Windows Compliant] mtgwcj.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] memstat.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] winn.exe
O4 - HKLM\..\RunServices: [Windows Compliant] mtgwcj.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] memstat.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] memstat.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] winn.exe
O4 - HKCU\..\Run: [Windows Compliant] mtgwcj.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O23 - Service: starter (Protector) - Unknown owner - C:\WINDOWS\System32\scvhosting.exe" -netsvcs (file missing)

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su ''visualizza cartelle e file nascosti'' e togli la spunta da ''nascondi i file protetti di sistema (consigliato)''.

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php
con killbox cerca ed elimina (se presenti) i seguenti files:
C:\WINDOWS\System32\scvhosting.exe
C:\Windows\Winn.exe oppure C:\WINDOWS\System32\Winn.exe
C:\WINDOWS\System32\mtgwcj.exe
C:\WINDOWS\System32\memstat.exe
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Luke57 » 18/08/06 08:35

Ciao, fai dopo l'uso di hijackthis una scansione on line qui:
prima l'una e poi l'altra
http://it.trendmicro-europe.com/consume ... launch.php

http://www.trendmicro.com/spyware-scan/
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

SerWab pure io

Postdi Andy33 » 19/08/06 15:21

Scusate, visto che siete così gentili.
Pure io, stessa cosa.

Il mio log:

Logfile of HijackThis v1.99.1

Scan saved at 16.14.17, on 19/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE

C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\QuickTime\qttask.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\Skype\Phone\Skype.exe

C:\Programmi\eMule\emule.exe

C:\Programmi\Logitech\SetPoint\KEM.exe

C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE

C:\Programmi\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\GSpot\GSpot.exe

C:\Programmi\outlook\outlook.exe

C:\Programmi\File comuni\{F0DC5614-0711-1040-0121-050418050027}\Update.exe

c:\dfndrff_11a.exe

c:\kybrdff_11a.exe

C:\DOCUME~1\ANDREA~1\IMPOST~1\Temp\i435.tmp

C:\Programmi\Network Monitor\netmon.exe

C:\WINDOWS\QW5kcmVhIEF0aGxvbg\command.exe

c:\ac3_0010.exe

C:\DOCUME~1\ANDREA~1\IMPOST~1\Temp\SskUpdater3.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\DOCUME~1\ANDREA~1\IMPOST~1\Temp\da449.tmp

c:\nwnmff_11.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

c:\SS1001newer.exe

c:\SS1001newer.exe

C:\PROGRA~1\FILECO~1\wmiu\wmium.exe

C:\PROGRA~1\FILECO~1\wmiu\wmiua.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Documents and Settings\AndreaPcAthlon\Desktop\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programmi\SurfSideKick 3\SskBho.dll

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll

O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmi\TheSearchAccelerator\UCMTSAIE.dll

O4 - HKLM\..\Run: [nTrayFw] C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"

O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [outlook] C:\Programmi\outlook\outlook.exe /auto

O4 - HKLM\..\Run: [winlog] winlog.exe

O4 - HKLM\..\Run: [defender] c:\\dfndrff_11a.exe

O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_11a.exe

O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programmi\SurfSideKick 3\Ssk.exe

O4 - HKLM\..\Run: [ouw38a5b] RUNDLL32.EXE w1abc41d.dll,n 00338a580000000a1abc41d

O4 - HKLM\..\Run: [newname] c:\\nwnmff_11.exe

O4 - HKLM\..\RunServices: [winlog] winlog.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart

O4 - HKCU\..\Run: [wmiu] C:\PROGRA~1\FILECO~1\wmiu\wmium.exe

O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programmi\SurfSideKick 3\Ssk.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O18 - Protocol: bw+0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - AppInit_DLLs: repairs303169590.dll

O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\wgwfaxui.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5kcmVhIEF0aGxvbg\command.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Esiste una soluzione? :)
Grazie infinite e anticipate
A.
Andy33
Utente Junior
 
Post: 10
Iscritto il: 19/08/06 15:17

Postdi Luke57 » 19/08/06 15:33

Ciao, sei senza antivirus, per prima cosa fai una scnasione on line qui:
http://www.bitdefender.com/scan8/ie.html
oltre a trovarli, rimuove i virus.
Poi scarica stinger 2.6.0 d qui:
http://vil.nai.com/vil/stinger/
scansione completas (non ha bisogno di essere installato)
Infine scarica Superantispyware versione free da qui:
http://www.superantispyware.com/
lo aggiorni e fai una scansione completa.

A quel punto, riposta un log di hijackthis
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Andy33 » 19/08/06 15:56

Innanzitutto grazie infinite per la gentilezza e la celerità.
Hai ragione sono senza antivirus ma da molto tempo a questa parte non avevo mai avuto il minimo problema perchè ho un router con firewall incorporato che ha sempre bloccato tutto. Sto eseguendo la scan da bitdefender, appena fatto eseguo quanto mi hai chiesto. Solo per informazione ti dico che ho avuto problemi con Bitdefender perchè uso Mozzilla (a quanto pare vuole proprio Explorer), ho avviato exlorer, installato i controlli Active X richiesti e ora funziona. Prima ho dovuto disinstallare almeno due-tre barre degli strumenti assurde che mi si erano installate su explorer, pazzesco.

BitDefender ha concluso adesso, nessun virus trovato, faccio il resto e poi posto il log.

Grazie
A.
Andy33
Utente Junior
 
Post: 10
Iscritto il: 19/08/06 15:17

Postdi Andy33 » 19/08/06 16:00

Innanzitutto grazie infinite per la gentilezza e la celerità.
Hai ragione sono senza antivirus ma da molto tempo a questa parte non avevo mai avuto il minimo problema perchè ho un router con firewall incorporato che ha sempre bloccato tutto. Sto eseguendo la scan da bitdefender, appena fatto eseguo quanto mi hai chiesto. Solo per informazione ti dico che ho avuto problemi con Bitdefender perchè uso Mozzilla (a quanto pare vuole proprio Explorer), ho avviato exlorer, installato i controlli Active X richiesti e ora funziona. Prima ho dovuto disinstallare almeno due-tre barre degli strumenti assurde che mi si erano installate su explorer, pazzesco.

BitDefender ha concluso adesso, nessun virus trovato, faccio il resto e poi posto il log.

Grazie
A.
Andy33
Utente Junior
 
Post: 10
Iscritto il: 19/08/06 15:17

Ecco il log

Postdi Andy33 » 19/08/06 17:18

Caro Luke 57 (o chiunque possa aiutarmi)
(A proposito, scusate la doppia spedizione di prima)

Ho eseguito tutto quanto richiesto
Questo il log di hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 18.08.50, on 19/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\outlook\outlook.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\{F0DC5614-0711-1040-0121-050418050027}\Update.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\AndreaPcAthlon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Programmi\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_11a.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_11a.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_11.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O18 - Protocol: bw+0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Grazie a chiunque voglia/possa aiutarmi.
A.
Andy33
Utente Junior
 
Post: 10
Iscritto il: 19/08/06 15:17

Postdi Luke57 » 19/08/06 17:54

Ciao di nuovo, apri hiajckthsi, premi " do a system scan only", cerchi e spunti le suddette voci:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_11a.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_11a.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_11.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O20 - AppInit_DLLs: repairs303169590.dll

premi fix checked

cerca ed elimina, se ci sono:
C:\\dfndrff_11a.exe
C:\\kybrdff_11a.exe
C\\nwnmff_11.exe
winlog.exe (da cercare, probabilmente in system32)

Dai un'altra passato poi con Superantispyware.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi andorra24 » 19/08/06 17:58

Luke oltre alle voci che tu hai indicato mi pare che sia molto sospetta anche questa voce:

C:\Programmi\outlook\outlook.exe

Il percorso corretto dovrebbe essere C:\Programmi\Microsoft Office\Office\Outlook.exe. Credo che sia un worm:

http://www.symantec.com/security_respon ... 99&tabid=2
http://www.castlecops.com/s12637-outlook.html
http://www.bitdefender.com/VIRUS-195364 ... VB.DW.html
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Luke57 » 19/08/06 18:03

Ciao, brava Anna :)
Ho gli occhi velati da log di ogni genere ;)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Andy33 » 19/08/06 18:06

Grazie infinite ad entrambi, vi devo una birra.

Faccio subito, e vi faccio sapere se è tutto ok o se rimane qualcosa di sospetto.

Ancora grazie.
Andy33
Utente Junior
 
Post: 10
Iscritto il: 19/08/06 15:17

Postdi Andy33 » 19/08/06 19:11

Il resoconto:

>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

ok

>R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

Questa non c'era, al suo posto c'era URL SearchHook is missing; devo spuntarla?
(Forse ciò è dovuto al fatto che ho ripassato Superantispyware

>O4 - HKLM\..\Run: [winlog] winlog.exe
>O4 - HKLM\..\Run: [defender] C:\\dfndrff_11a.exe
>O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_11a.exe
>O4 - HKLM\..\Run: [newname] C:\\nwnmff_11.exe
>O4 - HKLM\..\RunServices: [winlog] winlog.exe
>O20 - AppInit_DLLs: repairs303169590.dll

>premi fix checked

Fatto, mi è stato dato un messaggio tipo "errore insolito nella cancellazione" con uno di questi Fix. Ma ho controllato rileggendo e non mi sembra di aver trovato più nulla

>cerca ed elimina, se ci sono:
>C:\\dfndrff_11a.exe
>C:\\kybrdff_11a.exe
>C\\nwnmff_11.exe

Non trovati

>winlog.exe (da cercare, probabilmente in system32)

Non trovato, c'è invece un winlogon in Windows/Servicepackfiles/386 ma credo sia un'altra cosa

Riguardo al C:\Programmi\outlook\outlook.exe, non esiste, non c'è nemmeno la cartella (c'è invece la cartella C:\Programmi\ Outlook Express)

>Dai un'altra passato poi con Superantispyware.

Sto facendo ora.
Grazie ancora.

A.
Andy33
Utente Junior
 
Post: 10
Iscritto il: 19/08/06 15:17

Postdi andorra24 » 19/08/06 19:21

Alla fine posta un nuovo log di hijackthis per un ulteriore controllo.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Andy33 » 19/08/06 22:13

Eccoci, spero sia tutto a posto.

(ho trovato i file, erano nascosti, ho dovuto spuntare la ricerca dei file nascosti)

Logfile of HijackThis v1.99.1
Scan saved at 23.10.50, on 19/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\{F0DC5614-0711-1040-0121-050418050027}\Update.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\AndreaPcAthlon\Desktop\HijackThis.exe
C:\Programmi\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O18 - Protocol: bw+0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B3E6E844-8202-4753-9DEE-148CEE85AD48} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Che te ne pare?
Andy33
Utente Junior
 
Post: 10
Iscritto il: 19/08/06 15:17

Postdi andorra24 » 19/08/06 22:24

Fai un controllo sulla seguente voce:

C:\Programmi\File comuni\{F0DC5614-0711-1040-0121-050418050027}\Update.exe

scansiona il file Update.exe su http://www.virustotal.com e se risulta infetto eliminalo.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Andy33 » 19/08/06 23:32

Fatto. Questo è stato il risultato:

This is a report processed by VirusTotal on 08/20/2006 at 00:18:21 (CET) after scanning the file "=?iso-8859-1?Q?Update.exe?=" file.

Antivirus Version Update Result
AntiVir 6.35.1.3 08.18.2006 TR/Dldr.Banloa.AK.1
Authentium 4.93.8 08.19.2006 no virus found
Avast 4.7.844.0 08.18.2006 Win32:Agent-AVV
AVG 386 08.18.2006 Downloader.Generic2.JVR
BitDefender 7.2 08.19.2006 Adware.Mcboo.A
CAT-QuickHeal 8.00 08.18.2006 no virus found
ClamAV devel-20060426 08.19.2006 no virus found
DrWeb 4.33 08.19.2006 Trojan.DownLoader.11989
eTrust-InoculateIT 23.72.101 08.18.2006 no virus found
eTrust-Vet 30.3.3026 08.18.2006 no virus found
Ewido 4.0 08.19. 2006 no virus found
Fortinet 2.77.0.0 08.18.2006 PossibleThreat!09029
F-Prot 3.16f 08.18.2006 no virus found
F-Prot4 4.2.1.29 08.19.2006 no virus found
Ikarus 0.2.65.0 08.18.2006 no virus found
Kaspersky 4.0.2.24 08.20.2006 no virus found
McAfee 4832 08.18.2006 no virus found
Microsoft 1.1560 08.17.2006 no virus found
NOD32v2 1.1715 08.18.2006 no virus found
Norman 5.90.23 08.18.2006 no virus found
Panda 9.0.0.4 08.19.2006 no virus found
Sophos 4.08.0 08.19.2006 no virus found
Symantec 8.0 08.19.2006 Downloader
TheHacker 5. 9.8.195 08.18.2006 no virus found
UNA 1.83 08.18.2006 no virus found
VBA32 3.11.0 08.18.2006 Trojan.DownLoader.11989
VirusBuster 4.3.7:9 08.19.2006 no virus found

Mi fa piacere questa concordanza di opinioni, nel dubbio lo eliminerei :)
Anche perchè non penso sia un file di sistema, o che.
Andy33
Utente Junior
 
Post: 10
Iscritto il: 19/08/06 15:17

Postdi Andy33 » 19/08/06 23:39

Ahia, non mi permette di cancellarlo (è in uso)
Devo utilizzare un disco di boot?
Andy33
Utente Junior
 
Post: 10
Iscritto il: 19/08/06 15:17

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "virus serwab":


Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti