Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Controllo LogFile: Dialer ?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Controllo LogFile: Dialer ?

Postdi ventodelsud » 31/03/07 10:03

buongiorno a tutti, ho la sensazione che in questo logfile ci sia un dialer,

potete aiutarmi x favore ?????


Logfile of HijackThis v1.99.1
Scan saved at 10.56.22, on 31/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ANTONE~1\IMPOST~1\Temp\Rar$EX00.497\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .bmp: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/act ... ontrol.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://alidicartacolorata.spaces.live.c ... nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-it.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.20.19/ttinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescan ... roinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C27F8DE7-8589-45B3-A70C-88875BF62691}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: bw+0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Sponsor
 

Postdi Dylan666 » 31/03/07 10:09

incolla il log qui:
http://www.hijackthis.de/it

Appaiono tre voci gialle: le conosci?
Avatar utente
Dylan666
Moderatore
 
Post: 38040
Iscritto il: 18/11/03 16:46

Postdi ventodelsud » 31/03/07 10:16

ciao dylan buongiorno

il fatto è che sul desktop del pc c'è un'icona chiamata InstatAccess ed io ho pensato subito che potesse essere un dialer.
Ho effettuato una scansione on line con panda active pro , ma non e' stato rilevato alcun dialer.

Ho l'antivirus nod 32. Cosa mi consigli di fare ?
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 31/03/07 10:41

Ciao, scarica Findawf da qui:
http://noahdfear.geekstogo.com/FindAWF.exe

Esegui il file, si aprirà una finestra dos, premi invio per continuare, finito tutto si aprirà il block notes, copia e incolla il contenuto in un post.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 31/03/07 14:11

ciao LUKE e grazie x avermi rispoto
ho impiegato un pò a postare perchè il programma che mi hai indicato ci ha messo un pochino di tempo per fare tutto il controllo.
Questo è il risultato:




Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\PICASA2\BAK

05/02/2005 01.32 135.168 PicasaMediaDetector.exe
1 File 135.168 byte
2 Directory 508.993.536 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 15.39 15.360 ctfmon.exe
19/07/2005 17.32 221.184 LVCOMSX.EXE
23/01/2001 13.02 817.664 LXSUPMON.EXE
09/07/2001 12.50 155.648 NeroCheck.exe
4 File 1.209.856 byte
2 Directory 508.989.440 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\AHEAD\INCD\BAK

29/03/2007 19.01 131.057 Error.log
05/12/2003 12.25 1.237.042 InCD.exe
2 File 1.368.099 byte
2 Directory 508.989.440 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\ELABOR~1\CLONECD\BAK

02/12/2002 16.17 73.728 CloneCDTray.exe
02/11/2002 08.33 45.056 ElbyCheck.exe
2 File 118.784 byte
2 Directory 508.989.440 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\LOGITECH\IMAGES~1\BAK

10/12/2002 19.32 155.648 ISStart.exe
10/12/2002 19.31 61.440 LogiTray.exe
2 File 217.088 byte
2 Directory 508.989.440 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\LOGITECH\VIDEO\BAK

08/06/2005 15.24 458.752 ISStart.exe
08/06/2005 15.14 217.088 LogiTray.exe
08/06/2005 14.44 196.608 ManifestEngine.exe
3 File 872.448 byte
2 Directory 508.989.440 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\ULEADS~1\ULEADP~1\BAK

22/08/2005 09.10 69.632 CalCheck.exe
1 File 69.632 byte
2 Directory 508.989.440 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

31/08/2005 13.54 3.084.288 ypager.exe
1 File 3.084.288 byte
2 Directory 508.989.440 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK

11/08/2005 16.30 81.920 issch.exe
11/08/2005 16.30 249.856 isuspm.exe
2 File 331.776 byte
2 Directory 508.989.440 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

15/06/2005 17.47 180.269 realsched.exe
1 File 180.269 byte
2 Directory 508.989.440 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\FILECO~1\ULEADS~1\AUTODE~1\BAK

28/07/2005 08.32 94.208 Monitor.exe
1 File 94.208 byte
2 Directory 508.985.344 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\JAVA\JRE15~2.0_1\BIN\BAK

15/12/2006 04.23 75.520 jusched.exe
1 File 75.520 byte
2 Directory 508.985.344 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

12/11/2005 11.58 36.864 LogitechDesktopMessenger.exe
1 File 36.864 byte
2 Directory 508.985.344 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK

23/01/2001 12.29 36.864 printray.exe
1 File 36.864 byte
2 Directory 508.985.344 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

200704 5 Feb 2005 "C:\Programmi\Picasa2\PicasaUpdate.exe"
135168 5 Feb 2005 "C:\Programmi\Picasa2\bak\PicasaMediaDetector.exe"
196608 5 Feb 2005 "C:\Programmi\Picasa2\cdautorun\PicasaRestore.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
221184 19 Jul 2005 "C:\WINDOWS\system32\bak\LVCOMSX.EXE"
817664 23 Jan 2001 "C:\WINDOWS\system32\bak\LXSUPMON.EXE"
817664 23 Jan 2001 "C:\WINDOWS\system32\spool\drivers\w32x86\LXSUPMON.EXE"
817664 23 Jan 2001 "C:\WINDOWS\system32\spool\drivers\w32x86\2\LXSUPMON.EXE"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
155648 9 Jul 2001 "C:\Documents and Settings\Antonella\Impostazioni locali\Temp\RarSFX2\System\NeroCheck.exe"
155648 9 Jul 2001 "C:\Documents and Settings\Antonella\Impostazioni locali\Temp\RarSFX3\System\NeroCheck.exe"
155648 9 Jul 2001 "C:\Documents and Settings\Antonella\Impostazioni locali\Temp\RarSFX4\System\NeroCheck.exe"
127746 22 Mar 2007 "C:\Programmi\Ahead\InCD\Error.log"
131057 29 Mar 2007 "C:\Programmi\Ahead\InCD\bak\Error.log"
8869 11 Feb 2007 "C:\Programmi\Tzar Excalibur e il Re Art—\Logs\45CEB6BF\error.log"
8869 11 Feb 2007 "C:\Programmi\Tzar Excalibur e il Re Art—\Logs\45CEC01A\error.log"
8869 15 Feb 2007 "C:\Programmi\Tzar Excalibur e il Re Art—\Logs\45D43917\error.log"
6142 9 Mar 2007 "C:\Programmi\Tzar Excalibur e il Re Art—\Logs\45F1580F\error.log"
8867 9 Mar 2007 "C:\Programmi\Tzar Excalibur e il Re Art—\Logs\45F1B3DD\error.log"
8869 10 Mar 2007 "C:\Programmi\Tzar Excalibur e il Re Art—\Logs\45F24A88\error.log"
8869 10 Mar 2007 "C:\Programmi\Tzar Excalibur e il Re Art—\Logs\45F2D796\error.log"
7327 11 Mar 2007 "C:\Programmi\Tzar Excalibur e il Re Art—\Logs\45F3D758\error.log"
8782 11 Mar 2007 "C:\Programmi\Tzar Excalibur e il Re Art—\Logs\45F42C15\error.log"
9002 11 Mar 2007 "C:\Programmi\Tzar Excalibur e il Re Art—\Logs\45F433B6\error.log"
6054 11 Mar 2007 "C:\Programmi\Tzar Excalibur e il Re Art—\Logs\45F4515B\error.log"
6242 12 Mar 2007 "C:\Programmi\Tzar Excalibur e il Re Art—\Logs\45F58DE3\error.log"
8781 24 Mar 2007 "C:\Programmi\Tzar Excalibur e il Re Art—\Logs\4605864C\error.log"
1237042 5 Dec 2003 "C:\Programmi\Ahead\InCD\bak\InCD.exe"
73728 2 Dec 2002 "C:\Programmi\Elaborate Bytes\CloneCD\bak\CloneCDTray.exe"
45056 2 Nov 2002 "C:\Programmi\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe"
155648 10 Dec 2002 "C:\Programmi\Logitech\ImageStudio\bak\ISStart.exe"
458752 8 Jun 2005 "C:\Programmi\Logitech\Video\bak\ISStart.exe"
61440 10 Dec 2002 "C:\Programmi\Logitech\ImageStudio\bak\LogiTray.exe"
217088 8 Jun 2005 "C:\Programmi\Logitech\Video\bak\LogiTray.exe"
155648 10 Dec 2002 "C:\Programmi\Logitech\ImageStudio\bak\ISStart.exe"
458752 8 Jun 2005 "C:\Programmi\Logitech\Video\bak\ISStart.exe"
61440 10 Dec 2002 "C:\Programmi\Logitech\ImageStudio\bak\LogiTray.exe"
217088 8 Jun 2005 "C:\Programmi\Logitech\Video\bak\LogiTray.exe"
196608 8 Jun 2005 "C:\Programmi\Logitech\Video\bak\ManifestEngine.exe"
69632 22 Aug 2005 "C:\Programmi\Ulead Systems\Ulead Photo Express 6\bak\CalCheck.exe"
3084288 31 Aug 2005 "C:\Programmi\Yahoo!\Messenger\bak\ypager.exe"
81920 11 Aug 2005 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
249856 11 Aug 2005 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\isuspm.exe"
180269 15 Jun 2005 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
94208 28 Jul 2005 "C:\Programmi\File comuni\Ulead Systems\AutoDetector\bak\Monitor.exe"
32881 4 Mar 2005 "C:\Programmi\Java\j2re1.4.2_08\bin\jusched.exe"
49263 9 Nov 2006 "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe"
36864 12 Nov 2005 "C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"
36864 23 Jan 2001 "C:\WINDOWS\system32\spool\drivers\w32x86\PrinTray.exe"
36864 23 Jan 2001 "C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe"


end of report
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 31/03/07 14:45

Ciao
scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto

Files to delete:
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Ahead\InCD\Error.log
C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe
C:\Programmi\Logitech\ImageStudio\ISStart.exe
C:\Programmi\Logitech\Video\ISStart.exe
C:\Programmi\Logitech\Video\ManifestEngine.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\Programmi\Yahoo!\Messenger\ypager.exe
C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe



Files to move:
C:\Programmi\Picasa2\bak\PicasaMediaDetector.exe | C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\bak\LXSUPMON.EXE| C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\bak\LVCOMSX.EXE| C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Ahead\InCD\bak\Error.log| C:\Programmi\Ahead\InCD\Error.log
C:\Programmi\Elaborate Bytes\CloneCD\bak\CloneCDTray.exe | C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programmi\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe| C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe
C:\Programmi\Logitech\ImageStudio\bak\ISStart.exe | C:\Programmi\Logitech\ImageStudio\ISStart.exe
C:\Programmi\Logitech\Video\bak\ISStart.exe | C:\Programmi\Logitech\Video\ISStart.exe
C:\Programmi\Logitech\Video\bak\ManifestEngine.exe | C:\Programmi\Logitech\Video\ManifestEngine.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 6\bak\CalCheck.exe | C:\Programmi\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\Programmi\Yahoo!\Messenger\bak\ypager.exe | C:\Programmi\Yahoo!\Messenger\ypager.exe
C:\Programmi\File comuni\InstallShield\UpdateService\bak\isuspm.exe | C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe
C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe
:\Programmi\File comuni\Ulead Systems\AutoDetector\bak\Monitor.exe | :\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe | C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe | C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe | C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente.
Posta il report che sarà rilasciato in C:\avenger.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 31/03/07 17:52

questo è il log di Avenger



Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mdrdgevj

*******************

Script file located at: \??\C:\Documents and Settings\rkxlyccs.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Programmi\Picasa2\PicasaMediaDetector.exe not found!
Deletion of file C:\Programmi\Picasa2\PicasaMediaDetector.exe failed!

Could not process line:
C:\Programmi\Picasa2\PicasaMediaDetector.exe
Status: 0xc0000034



File C:\WINDOWS\system32\LXSUPMON.EXE not found!
Deletion of file C:\WINDOWS\system32\LXSUPMON.EXE failed!

Could not process line:
C:\WINDOWS\system32\LXSUPMON.EXE
Status: 0xc0000034

File C:\WINDOWS\system32\ctfmon.exe deleted successfully.


File C:\WINDOWS\system32\NeroCheck.exe not found!
Deletion of file C:\WINDOWS\system32\NeroCheck.exe failed!

Could not process line:
C:\WINDOWS\system32\NeroCheck.exe
Status: 0xc0000034



File C:\WINDOWS\system32\LVCOMSX.EXE not found!
Deletion of file C:\WINDOWS\system32\LVCOMSX.EXE failed!

Could not process line:
C:\WINDOWS\system32\LVCOMSX.EXE
Status: 0xc0000034

File C:\Programmi\Ahead\InCD\Error.log deleted successfully.


File C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe not found!
Deletion of file C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe failed!

Could not process line:
C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe
Status: 0xc0000034



File C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe not found!
Deletion of file C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe failed!

Could not process line:
C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe
Status: 0xc0000034



File C:\Programmi\Logitech\ImageStudio\ISStart.exe not found!
Deletion of file C:\Programmi\Logitech\ImageStudio\ISStart.exe failed!

Could not process line:
C:\Programmi\Logitech\ImageStudio\ISStart.exe
Status: 0xc0000034



File C:\Programmi\Logitech\Video\ISStart.exe not found!
Deletion of file C:\Programmi\Logitech\Video\ISStart.exe failed!

Could not process line:
C:\Programmi\Logitech\Video\ISStart.exe
Status: 0xc0000034



File C:\Programmi\Logitech\Video\ManifestEngine.exe not found!
Deletion of file C:\Programmi\Logitech\Video\ManifestEngine.exe failed!

Could not process line:
C:\Programmi\Logitech\Video\ManifestEngine.exe
Status: 0xc0000034



File C:\Programmi\Ulead Systems\Ulead Photo Express 6\CalCheck.exe not found!
Deletion of file C:\Programmi\Ulead Systems\Ulead Photo Express 6\CalCheck.exe failed!

Could not process line:
C:\Programmi\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
Status: 0xc0000034



File C:\Programmi\Yahoo!\Messenger\ypager.exe not found!
Deletion of file C:\Programmi\Yahoo!\Messenger\ypager.exe failed!

Could not process line:
C:\Programmi\Yahoo!\Messenger\ypager.exe
Status: 0xc0000034



File C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe not found!
Deletion of file C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe failed!

Could not process line:
C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe
Status: 0xc0000034



File C:\Programmi\File comuni\Real\Update_OB\realsched.exe not found!
Deletion of file C:\Programmi\File comuni\Real\Update_OB\realsched.exe failed!

Could not process line:
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
Status: 0xc0000034



File C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe not found!
Deletion of file C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe failed!

Could not process line:
C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
Status: 0xc0000034



File C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe not found!
Deletion of file C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe failed!

Could not process line:
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
Status: 0xc0000034



File C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe not found!
Deletion of file C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe failed!

Could not process line:
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Status: 0xc0000034



File C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe not found!
Deletion of file C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe failed!

Could not process line:
C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe
Status: 0xc0000034

File move operation C:\Programmi\Picasa2\bak\PicasaMediaDetector.exe|C:\Programmi\Picasa2\PicasaMediaDetector.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\LXSUPMON.EXE|C:\WINDOWS\system32\LXSUPMON.EXE completed successfully.
File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\LVCOMSX.EXE|C:\WINDOWS\system32\LVCOMSX.EXE completed successfully.
File move operation C:\Programmi\Ahead\InCD\bak\Error.log|C:\Programmi\Ahead\InCD\Error.log completed successfully.
File move operation C:\Programmi\Elaborate Bytes\CloneCD\bak\CloneCDTray.exe|C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe completed successfully.
File move operation C:\Programmi\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe|C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe completed successfully.
File move operation C:\Programmi\Logitech\ImageStudio\bak\ISStart.exe|C:\Programmi\Logitech\ImageStudio\ISStart.exe completed successfully.
File move operation C:\Programmi\Logitech\Video\bak\ISStart.exe|C:\Programmi\Logitech\Video\ISStart.exe completed successfully.
File move operation C:\Programmi\Logitech\Video\bak\ManifestEngine.exe|C:\Programmi\Logitech\Video\ManifestEngine.exe completed successfully.
File move operation C:\Programmi\Ulead Systems\Ulead Photo Express 6\bak\CalCheck.exe|C:\Programmi\Ulead Systems\Ulead Photo Express 6\CalCheck.exe completed successfully.
File move operation C:\Programmi\Yahoo!\Messenger\bak\ypager.exe|C:\Programmi\Yahoo!\Messenger\ypager.exe completed successfully.
File move operation C:\Programmi\File comuni\InstallShield\UpdateService\bak\isuspm.exe|C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe completed successfully.
File move operation C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe|C:\Programmi\File comuni\Real\Update_OB\realsched.exe completed successfully.


Could not open file :\Programmi\File comuni\Ulead Systems\AutoDetector\bak\Monitor.exe for move operation
File move operation :\Programmi\File comuni\Ulead Systems\AutoDetector\bak\Monitor.exe|:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe failed!

Could not process line:
:\Programmi\File comuni\Ulead Systems\AutoDetector\bak\Monitor.exe|:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
Status: 0xc000003a

File move operation C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe|C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe completed successfully.
File move operation C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe|C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe completed successfully.
File move operation C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe|C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 31/03/07 21:03

Ciao, come va adesso?
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 31/03/07 21:37

Allora...ho rifatto il controllo con Avenger e questo è il risultato, perchè prima tutti i file non erano stati eliminati.... però l'icona di Istant access sul desktop appare sempre


Cosa DEVO FARE ? :(


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\swcnvfbi

*******************

Script file located at: \??\C:\sjjxgoye.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\Picasa2\PicasaMediaDetector.exe deleted successfully.
File C:\Windows\system32\ctfmon.exe deleted successfully.
File C:\Windows\system32\LVCOMSX.EXE deleted successfully.
File C:\Windows\system32\LXSUPMON.EXE deleted successfully.
File C:\Windows\system32\NeroCheck.exe deleted successfully.


File C:\Programmi\Ahead\InCD\InCD.exe not found!
Deletion of file C:\Programmi\Ahead\InCD\InCD.exe failed!

Could not process line:
C:\Programmi\Ahead\InCD\InCD.exe
Status: 0xc0000034

File C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe deleted successfully.
File C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe deleted successfully.
File C:\Programmi\Logitech\ImageStudio\ISStart.exe deleted successfully.


File C:\Programmi\Logitech\ImageStudio\LogiTray.exe not found!
Deletion of file C:\Programmi\Logitech\ImageStudio\LogiTray.exe failed!

Could not process line:
C:\Programmi\Logitech\ImageStudio\LogiTray.exe
Status: 0xc0000034

File C:\Programmi\Logitech\Video\ISStart.exe deleted successfully.


File C:\Programmi\Logitech\Video\LogiTray.exe not found!
Deletion of file C:\Programmi\Logitech\Video\LogiTray.exe failed!

Could not process line:
C:\Programmi\Logitech\Video\LogiTray.exe
Status: 0xc0000034

File C:\Programmi\Logitech\Video\ManifestEngine.exe deleted successfully.
File C:\Programmi\Ulead Systems\Ulead Photo Express 6\CalCheck.exe deleted successfully.
File C:\Programmi\Yahoo!\Messenger\ypager.exe deleted successfully.
File C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe deleted successfully.


File C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe not found!
Deletion of file C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe failed!

Could not process line:
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
Status: 0xc0000034

File C:\Programmi\File comuni\Real\Update_OB\realsched.exe deleted successfully.


File C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe not found!
Deletion of file C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe failed!

Could not process line:
C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
Status: 0xc0000034

File C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe deleted successfully.
File C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe deleted successfully.
File C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe deleted successfully.


File File to move: not found!
Deletion of file File to move: failed!

Could not process line:
File to move:
Status: 0xc0000034



Could not open file C:\Programmi\Picasa2\bak\PicasaMediaDetector.exe | C:\Programmi\Picasa2\PicasaMediaDetector.exe for deletion
Deletion of file C:\Programmi\Picasa2\bak\PicasaMediaDetector.exe | C:\Programmi\Picasa2\PicasaMediaDetector.exe failed!

Could not process line:
C:\Programmi\Picasa2\bak\PicasaMediaDetector.exe | C:\Programmi\Picasa2\PicasaMediaDetector.exe
Status: 0xc0000033



Could not open file C:\Windows\system32\bak\ctfmon.exe | C:\Windows\system32\ctfmon.exe for deletion
Deletion of file C:\Windows\system32\bak\ctfmon.exe | C:\Windows\system32\ctfmon.exe failed!

Could not process line:
C:\Windows\system32\bak\ctfmon.exe | C:\Windows\system32\ctfmon.exe
Status: 0xc0000033



Could not open file C:\Windows\system32\bak\LVCOMSX.EXE | C:\Windows\system32\LVCOMSX.EXE for deletion
Deletion of file C:\Windows\system32\bak\LVCOMSX.EXE | C:\Windows\system32\LVCOMSX.EXE failed!

Could not process line:
C:\Windows\system32\bak\LVCOMSX.EXE | C:\Windows\system32\LVCOMSX.EXE
Status: 0xc0000033



Could not open file C:\Windows\system32\bak\LXSUPMON.EXE | C:\Windows\system32\LXSUPMON.EXE for deletion
Deletion of file C:\Windows\system32\bak\LXSUPMON.EXE | C:\Windows\system32\LXSUPMON.EXE failed!

Could not process line:
C:\Windows\system32\bak\LXSUPMON.EXE | C:\Windows\system32\LXSUPMON.EXE
Status: 0xc0000033



Could not open file C:\Windows\system32\bak\NeroCheck.exe | C:\Windows\system32\NeroCheck.exe for deletion
Deletion of file C:\Windows\system32\bak\NeroCheck.exe | C:\Windows\system32\NeroCheck.exe failed!

Could not process line:
C:\Windows\system32\bak\NeroCheck.exe | C:\Windows\system32\NeroCheck.exe
Status: 0xc0000033



Could not open file C:\Programmi\Ahead\InCD\bak\InCD.exe | C:\Programmi\Ahead\InCD\InCD.exe for deletion
Deletion of file C:\Programmi\Ahead\InCD\bak\InCD.exe | C:\Programmi\Ahead\InCD\InCD.exe failed!

Could not process line:
C:\Programmi\Ahead\InCD\bak\InCD.exe | C:\Programmi\Ahead\InCD\InCD.exe
Status: 0xc0000033



Could not open file C:\Programmi\Elaborate Bytes\CloneCD\bak\CloneCDTray.exe | C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe for deletion
Deletion of file C:\Programmi\Elaborate Bytes\CloneCD\bak\CloneCDTray.exe | C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe failed!

Could not process line:
C:\Programmi\Elaborate Bytes\CloneCD\bak\CloneCDTray.exe | C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe
Status: 0xc0000033



Could not open file C:\Programmi\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe | C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe for deletion
Deletion of file C:\Programmi\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe | C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe failed!

Could not process line:
C:\Programmi\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe | C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe
Status: 0xc0000033



Could not open file C:\Programmi\Logitech\ImageStudio\bak\ISStart.exe | C:\Programmi\Logitech\ImageStudio\ISStart.exe for deletion
Deletion of file C:\Programmi\Logitech\ImageStudio\bak\ISStart.exe | C:\Programmi\Logitech\ImageStudio\ISStart.exe failed!

Could not process line:
C:\Programmi\Logitech\ImageStudio\bak\ISStart.exe | C:\Programmi\Logitech\ImageStudio\ISStart.exe
Status: 0xc0000033



Could not open file C:\Programmi\Logitech\ImageStudio\bak\LogiTray.exe | C:\Programmi\Logitech\ImageStudio\LogiTray.exe for deletion
Deletion of file C:\Programmi\Logitech\ImageStudio\bak\LogiTray.exe | C:\Programmi\Logitech\ImageStudio\LogiTray.exe failed!

Could not process line:
C:\Programmi\Logitech\ImageStudio\bak\LogiTray.exe | C:\Programmi\Logitech\ImageStudio\LogiTray.exe
Status: 0xc0000033



Could not open file C:\Programmi\Logitech\Video\bak\ISStart.exe | C:\Programmi\Logitech\Video\ISStart.exe for deletion
Deletion of file C:\Programmi\Logitech\Video\bak\ISStart.exe | C:\Programmi\Logitech\Video\ISStart.exe failed!

Could not process line:
C:\Programmi\Logitech\Video\bak\ISStart.exe | C:\Programmi\Logitech\Video\ISStart.exe
Status: 0xc0000033



Could not open file C:\Programmi\Logitech\Video\bak\LogiTray.exe | C:\Programmi\Logitech\Video\LogiTray.exe for deletion
Deletion of file C:\Programmi\Logitech\Video\bak\LogiTray.exe | C:\Programmi\Logitech\Video\LogiTray.exe failed!

Could not process line:
C:\Programmi\Logitech\Video\bak\LogiTray.exe | C:\Programmi\Logitech\Video\LogiTray.exe
Status: 0xc0000033



Could not open file C:\Programmi\Logitech\Video\bak\ManifestEngine.exe | C:\Programmi\Logitech\Video\ManifestEngine.exe for deletion
Deletion of file C:\Programmi\Logitech\Video\bak\ManifestEngine.exe | C:\Programmi\Logitech\Video\ManifestEngine.exe failed!

Could not process line:
C:\Programmi\Logitech\Video\bak\ManifestEngine.exe | C:\Programmi\Logitech\Video\ManifestEngine.exe
Status: 0xc0000033



Could not open file C:\Programmi\Ulead Systems\Ulead Photo Express 6\bak\CalCheck.exe | C:\Programmi\Ulead Systems\Ulead Photo Express 6\CalCheck.exe for deletion
Deletion of file C:\Programmi\Ulead Systems\Ulead Photo Express 6\bak\CalCheck.exe | C:\Programmi\Ulead Systems\Ulead Photo Express 6\CalCheck.exe failed!

Could not process line:
C:\Programmi\Ulead Systems\Ulead Photo Express 6\bak\CalCheck.exe | C:\Programmi\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
Status: 0xc0000033



Could not open file C:\Programmi\Yahoo!\Messenger\bak\ypager.exe | C:\Programmi\Yahoo!\Messenger\ypager.exe for deletion
Deletion of file C:\Programmi\Yahoo!\Messenger\bak\ypager.exe | C:\Programmi\Yahoo!\Messenger\ypager.exe failed!

Could not process line:
C:\Programmi\Yahoo!\Messenger\bak\ypager.exe | C:\Programmi\Yahoo!\Messenger\ypager.exe
Status: 0xc0000033



Could not open file C:\Programmi\File comuni\InstallShield\UpdateService\bak\isuspm.exe | C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe for deletion
Deletion of file C:\Programmi\File comuni\InstallShield\UpdateService\bak\isuspm.exe | C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe failed!

Could not process line:
C:\Programmi\File comuni\InstallShield\UpdateService\bak\isuspm.exe | C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe
Status: 0xc0000033



Could not open file C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe | C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe for deletion
Deletion of file C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe | C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe failed!

Could not process line:
C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe | C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
Status: 0xc0000033



Could not open file C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe for deletion
Deletion of file C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe failed!

Could not process line:
C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe
Status: 0xc0000033



Could not open file C:\Programmi\File comuni\Ulead Systems\AutoDetector\bak\Monitor.exe | C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe for deletion
Deletion of file C:\Programmi\File comuni\Ulead Systems\AutoDetector\bak\Monitor.exe | C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe failed!

Could not process line:
C:\Programmi\File comuni\Ulead Systems\AutoDetector\bak\Monitor.exe | C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
Status: 0xc0000033



Could not open file C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe | C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe for deletion
Deletion of file C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe | C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe failed!

Could not process line:
C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe | C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
Status: 0xc0000033



Could not open file C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe | C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe for deletion
Deletion of file C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe | C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe failed!

Could not process line:
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe | C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Status: 0xc0000033



Could not open file C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe | C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe for deletion
Deletion of file C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe | C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe failed!

Could not process line:
C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe | C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe
Status: 0xc0000033


Completed script processing.

*******************

Finished! Terminate.
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 31/03/07 21:47

Cioa, l'icona eliminala, così come la connessione remota da pannello di controllo>connessioni di rete. Poi fau un altro scan con FinadAWF
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 31/03/07 22:25

ciao luke
ho cancelato l'icona dal desktop, ho eliminato la connessione remota e ho rifatto il log con Find AWF
e te lo posto....


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\PICASA2\BAK

0 File 0 byte
2 Directory 634.171.392 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\WINDOWS\SYSTEM32\BAK

0 File 0 byte
2 Directory 634.171.392 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\AHEAD\INCD\BAK

05/12/2003 12.25 1.237.042 InCD.exe
1 File 1.237.042 byte
2 Directory 634.167.296 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\ELABOR~1\CLONECD\BAK

0 File 0 byte
2 Directory 634.167.296 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\LOGITECH\IMAGES~1\BAK

10/12/2002 19.31 61.440 LogiTray.exe
1 File 61.440 byte
2 Directory 634.167.296 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\LOGITECH\VIDEO\BAK

08/06/2005 15.14 217.088 LogiTray.exe
1 File 217.088 byte
2 Directory 634.167.296 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\ULEADS~1\ULEADP~1\BAK

0 File 0 byte
2 Directory 634.167.296 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File 0 byte
2 Directory 634.167.296 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK

11/08/2005 16.30 81.920 issch.exe
1 File 81.920 byte
2 Directory 634.167.296 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

0 File 0 byte
2 Directory 634.167.296 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\FILECO~1\ULEADS~1\AUTODE~1\BAK

28/07/2005 08.32 94.208 Monitor.exe
1 File 94.208 byte
2 Directory 634.167.296 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\JAVA\JRE15~2.0_1\BIN\BAK

0 File 0 byte
2 Directory 634.167.296 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

0 File 0 byte
2 Directory 634.163.200 byte disponibili
Il volume nell'unit… C Š system
Numero di serie del volume: 64D0-012C

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK

0 File 0 byte
2 Directory 634.163.200 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

1237042 5 Dec 2003 "C:\Programmi\Ahead\InCD\bak\InCD.exe"
61440 10 Dec 2002 "C:\Programmi\Logitech\ImageStudio\bak\LogiTray.exe"
217088 8 Jun 2005 "C:\Programmi\Logitech\Video\bak\LogiTray.exe"
61440 10 Dec 2002 "C:\Programmi\Logitech\ImageStudio\bak\LogiTray.exe"
217088 8 Jun 2005 "C:\Programmi\Logitech\Video\bak\LogiTray.exe"
81920 11 Aug 2005 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
94208 28 Jul 2005 "C:\Programmi\File comuni\Ulead Systems\AutoDetector\bak\Monitor.exe"


end of report
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

ciao luke, scusa ma ci sarebbe da controllare un mio log

Postdi follettina77 » 31/03/07 23:37

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 05.00 15.360 ctfmon.exe
01/11/2004 17.22 262.144 ElkCtrl.exe
03/11/2005 00.22 77.824 hkcmd.exe
03/11/2005 00.26 118.784 igfxpers.exe
03/11/2005 00.25 98.304 igfxtray.exe
31/03/2006 10.47 225.280 LVCOMSX.EXE
6 File 797.696 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\LAUNCH~1\BAK

03/04/2006 17.03 471.040 QtZgAcer.EXE
1 File 471.040 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\ACER\EMPOWE~1\BAK

24/10/2005 16.45 2.462.208 admtray.exe
1 File 2.462.208 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\IME\IMJP8_1\BAK

19/08/2004 05.00 208.952 IMJPMIG.EXE
1 File 208.952 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\REALTEK\INSTAL~1\BAK

24/08/2005 23.21 53.248 AzMixerSel.exe
1 File 53.248 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

02/11/2005 00.11 692.315 SynTPEnh.exe
02/11/2005 00.11 102.491 SynTPLpr.exe
2 File 794.806 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\NEWTEC~1\NTICD&~1\BAK

11/05/2005 17.15 45.056 ntiMUI.exe
1 File 45.056 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

02/01/2006 17.41 45.056 cli.exe
1 File 45.056 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\ACER\ORBICAM\BAK

31/03/2006 10.24 331.776 CameraAssistant.exe
31/03/2006 10.32 73.728 InstallHelper.exe
2 File 405.504 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

11/04/2002 04.19 69.632 hpgs2wnd.exe
1 File 69.632 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

13/01/2007 19.58 108.160 ashDisp.exe
1 File 108.160 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~2\ACER\ACERAR~1\BAK

13/12/2005 21.31 151.552 PCMService.exe
1 File 151.552 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\ACER\EMPOWE~1\EDATAS~1\BAK

27/12/2005 15.50 69.632 eDSloader.exe
1 File 69.632 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\ACER\EMPOWE~1\EPOWER\BAK

09/05/2006 11.54 352.256 ePower_DMC.exe
1 File 352.256 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\ACER\EMPOWE~1\ERECOV~1\BAK

24/01/2006 18.00 397.312 Monitor.exe
1 File 397.312 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK

19/08/2004 05.00 59.392 ImScInst.exe
1 File 59.392 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

19/08/2004 05.00 455.168 TINTSETP.EXE
1 File 455.168 byte
2 Directory 38.965.411.840 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\ADOBE\ADOBEV~1\CONTRO~1\BAK

04/04/2005 18.58 856.064 VersionCueCS2Tray.exe
1 File 856.064 byte
2 Directory 38.965.411.840 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
24076 23 Mar 2007 "C:\WINDOWS\system32\igfxtray.exe"
98304 3 Nov 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
24076 23 Mar 2007 "C:\WINDOWS\system32\hkcmd.exe"
77824 3 Nov 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
24076 23 Mar 2007 "C:\WINDOWS\system32\igfxpers.exe"
118784 3 Nov 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
24076 23 Mar 2007 "C:\WINDOWS\system32\LVCOMSX.EXE"
225280 31 Mar 2006 "C:\WINDOWS\system32\bak\LVCOMSX.EXE"
24076 23 Mar 2007 "C:\WINDOWS\system32\ElkCtrl.exe"
262144 1 Nov 2004 "C:\WINDOWS\system32\bak\ElkCtrl.exe"
24076 23 Mar 2007 "C:\Programmi\Launch Manager\QtZgAcer.EXE"
471040 3 Apr 2006 "C:\Programmi\Launch Manager\bak\QtZgAcer.EXE"
24076 23 Mar 2007 "C:\Acer\Empowering Technology\admtray.exe"
2462208 24 Oct 2005 "C:\Acer\Empowering Technology\bak\admtray.exe"
208952 19 Aug 2004 "C:\WINDOWS\ime\imjp8_1\imjpmig.exe"
208952 19 Aug 2004 "C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE"
24076 23 Mar 2007 "C:\Programmi\Realtek\InstallShield\AzMixerSel.exe"
53248 24 Aug 2005 "C:\Programmi\Realtek\InstallShield\bak\AzMixerSel.exe"
24076 23 Mar 2007 "C:\Programmi\Synaptics\SynTP\SynTPLpr.exe"
102491 2 Nov 2005 "C:\Programmi\Synaptics\SynTP\Media\SynTPLpr.exe"
102491 2 Nov 2005 "C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe"
24076 23 Mar 2007 "C:\Programmi\Synaptics\SynTP\SynTPEnh.exe"
692315 2 Nov 2005 "C:\Programmi\Synaptics\SynTP\Media\SynTPEnh.exe"
692315 2 Nov 2005 "C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe"
24076 23 Mar 2007 "C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe"
45056 11 May 2005 "C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe"
24076 23 Mar 2007 "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe"
45056 2 Jan 2006 "C:\Programmi\ATI Technologies\ATI.ACE\bak\cli.exe"
24076 23 Mar 2007 "C:\Programmi\Acer\OrbiCam\CameraAssistant.exe"
331776 31 Mar 2006 "C:\Programmi\Acer\OrbiCam\bak\CameraAssistant.exe"
24576 5 Sep 2005 "C:\Acer\Empowering Technology\installnet.exe"
24076 23 Mar 2007 "C:\Programmi\Acer\OrbiCam\InstallHelper.exe"
15872 21 Feb 2003 "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe"
28672 23 Sep 2005 "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"
17938288 25 Feb 2007 "C:\Documents and Settings\(nome cambiato)\Desktop\Nuovi files\Install_Messenger.exe"
73728 31 Mar 2006 "C:\Programmi\Acer\OrbiCam\bak\InstallHelper.exe"
24076 23 Mar 2007 "C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
69632 11 Apr 2002 "C:\Programmi\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
108160 15 Jan 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
108160 13 Jan 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
24076 23 Mar 2007 "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
151552 13 Dec 2005 "C:\Program Files\Acer\Acer Arcade\bak\PCMService.exe"
24076 23 Mar 2007 "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
69632 27 Dec 2005 "C:\Acer\Empowering Technology\eDataSecurity\bak\eDSloader.exe"
24076 23 Mar 2007 "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
352256 9 May 2006 "C:\Acer\Empowering Technology\ePower\bak\ePower_DMC.exe"
24076 23 Mar 2007 "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
397312 24 Jan 2006 "C:\Acer\Empowering Technology\eRecovery\bak\Monitor.exe"
59392 19 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe"
59392 19 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe"
455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
163840 4 Apr 2005 "C:\Programmi\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe"
143360 4 Apr 2005 "C:\Programmi\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Exporter.exe"
856064 4 Apr 2005 "C:\Programmi\Adobe\Adobe Version Cue CS2\ControlPanel\bak\VersionCueCS2Tray.exe"


end of report
follettina77
Newbie
 
Post: 4
Iscritto il: 26/03/07 22:42

Postdi Luke57 » 01/04/07 12:19

@Vento del sud
Ciao, riesegui Avenger con questo script:

files to delete:
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\Logitech\ImageStudio\LogiTray.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe

files to move:
C:\Programmi\Ahead\InCD\bak\InCD.exe | C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\Logitech\ImageStudio\bak\LogiTray.exe | C:\Programmi\Logitech\ImageStudio\LogiTray.exe
C:\Programmi\Logitech\Video\bak\LogiTray.exe | C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe | C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\Ulead Systems\AutoDetector\bak\Monitor.exe C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 01/04/07 13:59

caro Luke ho rifatto avenger ma i files non li trova e l'operazione è fallita....

ecco il log




Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ybjmb^rl

*******************

Script file located at: \??\C:\WINDOWS\cewlvhqt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Programmi\Ahead\InCD\InCD.exe not found!
Deletion of file C:\Programmi\Ahead\InCD\InCD.exe failed!

Could not process line:
C:\Programmi\Ahead\InCD\InCD.exe
Status: 0xc0000034



File C:\Programmi\Logitech\ImageStudio\LogiTray.exe not found!
Deletion of file C:\Programmi\Logitech\ImageStudio\LogiTray.exe failed!

Could not process line:
C:\Programmi\Logitech\ImageStudio\LogiTray.exe
Status: 0xc0000034



File C:\Programmi\Logitech\Video\LogiTray.exe not found!
Deletion of file C:\Programmi\Logitech\Video\LogiTray.exe failed!

Could not process line:
C:\Programmi\Logitech\Video\LogiTray.exe
Status: 0xc0000034



File C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe not found!
Deletion of file C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe failed!

Could not process line:
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
Status: 0xc0000034



File C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe not found!
Deletion of file C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe failed!

Could not process line:
C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe
Status: 0xc0000034

File move operation C:\Programmi\Ahead\InCD\bak\InCD.exe|C:\Programmi\Ahead\InCD\InCD.exe completed successfully.
File move operation C:\Programmi\Logitech\ImageStudio\bak\LogiTray.exe|C:\Programmi\Logitech\ImageStudio\LogiTray.exe completed successfully.
File move operation C:\Programmi\Logitech\Video\bak\LogiTray.exe|C:\Programmi\Logitech\Video\LogiTray.exe completed successfully.
File move operation C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe|C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe completed successfully.
File move operation C:\Programmi\File comuni\Ulead Systems\AutoDetector\bak\Monitor.exe|C:\Programmi\File comuni\Ulead Systems\AutoDetector\Monitor.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 01/04/07 14:02

Ciao, adesso dovrebbe essere a posto, il fatto è che findawf quando gira trova le cartelle bak non eliminate, da cui abbiamo già rimpiazzato il file infetto. Una volta eseguita l'operazione di sostituzione dei files, tutte lwe cartelle bak dovrebbero esere eliminate.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 01/04/07 19:07

Luke prima di tutto voglio ringraziarti per la tua grande professionalità e disponibilità.
Credo di non avere più il problema di istant access.

Ma in compenso ho una marea di cartelle bak.
Che ne faccio ? Devo eliminarle ? e se si, esiste un modo per farlo compplessivamente o devo cancellarle una alla volta ???
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi follettina77 » 01/04/07 21:48

Ciao, io ho già eseguito il consiglio di luke, sì bisogna cancellare le cartelle bak, ma dopo avere spostato i files originali nelle cartelle originali DA quelle cartelle Bak.
Luke spero di non essermi spiegata male....sò novellina...
By follettina :roll:
follettina77
Newbie
 
Post: 4
Iscritto il: 26/03/07 22:42

Postdi Luke57 » 02/04/07 09:13

Ciao, ti sei spiegata benissimo ;)
@vento del sud
Ciao, potrebbero essere eliminate benissimo, aspetta magari qualche giorno per verificare che non ci siano più problemi.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "Controllo LogFile: Dialer ?":


Chi c’è in linea

Visitano il forum: Nessuno e 58 ospiti