Condividi:        

processore altalenante, RAM satura

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

processore altalenante, RAM satura

Postdi xsecure » 27/08/06 01:29

Buona sera,

gradirei avere un vosro cortese aiuto perun problema che vado a descrivere :

Da quanlche giorno il pc all'accensione ha il processore che si posiziona al 25% e poi sale e scende di continuo sino al 100% saturando ogni tre cicli una parte della RAM sino ad arrivare alla sua dimensione totale 1,5Gb per poi passare ad aumentare la memeoria Virtuale. il problema si presenta subito dopo il logon fatto con qualsiasi user, non si verifica in modalità provvisoria. Il pc è stato controllato con norton antivirus, ad aware, spyboot, ccliner, ewido ecc. tutti aggiornati all'ultima versione.

Allego come da voi suggerito logdel pc, in attesa di vostro cortese riscontro ringrazio anticipatamente.

Logfile of HijackThis v1.99.1
Scan saved at 2:01:07, on 27/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\lotus\notes\nslsvice.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmi\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\acs.exe
C:\Programmi\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmi\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmi\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\tppaldr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\palmOne\Hotsync.exe
C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\SEDRAN~1.SAV\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\SEDRAN~1.SAV\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
c:\programmi\lenovo\system update\suservice.exe
C:\Z_SS\SS_WIN\Programmi\CCleaner\ccleaner.exe
C:\Programmi\Lenovo\PkgMgr\PkgMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\DRIVERS\77UJ08US\biosuptp.exe
C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\DOCUME~1\SEDRAN~1.SAV\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {A11736EF-6FF2-5C86-F256-DE39BD0876A7} - C:\WINDOWS\kfnue1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauth] "C:\Programmi\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmi\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmi\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmi\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Programmi\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ACTray] C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Programmi\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AwaySch] C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [!ewido] "C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Z_SS\SS_WIN\Programmi\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Z_SS\SS_WIN\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Manager HotSync.lnk = C:\Programmi\palmOne\Hotsync.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Aggiornamento del software del ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmi\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://extranet1.lotus.com/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... ase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9471518168
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam02.lugano.ch/activex/AxisCamControl.cab
O16 - DPF: {EC52F7A4-27A7-4319-9BA1-E7FE5C90D3AC} - http://td8eau9td.com/a33ed837/50310/1/xp/FreeAccess.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = savio.bia
O17 - HKLM\Software\..\Telephony: DomainName = savio.bia
O17 - HKLM\System\CCS\Services\Tcpip\..\{72792AC7-15CE-41BA-B849-718E528C68BD}: NameServer = 10.2.2.1,10.2.2.200,151.99.0.100,151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = savio.bia
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Programmi\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: TpiFlash - C:\PROGRA~1\Lenovo\PkgMgr\Flash32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Servizio host di pcAnywhere (awhost32) - Symantec Corporation - C:\Programmi\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Accesso singolo Lotus Notes (Lotus Notes Single Logon) - IBM Corp - C:\Programmi\lotus\notes\nslsvice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: IBM DS4000/FAStT Storage Manager 9 Event Monitor (SMmonitor) - Unknown owner - C:\Programmi\IBM_DS4000\client\monitor\SMmonitor.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SrvPhb - Unknown owner - C:\WINDOWS\TEMP\7A.tmp (file missing)
O23 - Service: System Update (SUService) - - c:\programmi\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmi\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmi\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Zetera - Zetera Corporation - C:\Z_SS\SS_WIN\Programmi\sc101\ZeteraService.exe
xsecure
Utente Junior
 
Post: 15
Iscritto il: 27/08/06 00:33

Sponsor
 

Postdi BilloKenobi » 27/08/06 10:34

scarica GMER http://www.gmer.net/files.php

e posta i due log della sezione rootkit e autostart
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi xsecure » 27/08/06 11:52

Ecco qui :

Autostart
GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-27 12:40:18
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@GinaDLLvrlogon.dll = vrlogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
ACNotify@DLLName = ACNotify.dll
AwayNotify@DLLName = C:\Programmi\Lenovo\AwayTask\AwayNotify.dll
igfxcui@DLLName = igfxdev.dll
NavLogon@DLLName = C:\WINDOWS\system32\NavLogon.dll
PCANotify@DLLName = PCANotify.dll
psfus@DLLName = psqlpwd.dll
tpfnf2@DLLName = notifyf2.dll
tphotkey@DLLName = tphklock.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\system32\clock$.kdo

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AcPrfMgrSvc /*Ac Profile Manager Service*/@ = C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
AcSvc /*Access Connections Main Service*/@ = C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
btwdins /*Bluetooth Service*/@ = C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
ccEvtMgr /*Symantec Event Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
ccSetMgr /*Symantec Settings Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
CiSvc /*Servizio di indicizzazione*/@ = %SystemRoot%\system32\cisvc.exe
DefWatch /*Symantec AntiVirus Definition Watcher*/@ = "C:\Programmi\Symantec AntiVirus\DefWatch.exe"
Diskeeper /*Diskeeper*/@ = "C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe"
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\guard.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
IBMPMSVC /*ThinkPad PM Service*/@ = %SystemRoot%\system32\ibmpmsvc.exe
IPSSVC /*IPS Core Service*/@ = %SystemRoot%\system32\IPSSVC.EXE
Lotus Notes Single Logon /*Accesso singolo Lotus Notes*/@ = C:\Programmi\lotus\notes\nslsvice.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
SavRoam /*SAVRoam*/@ = "C:\Programmi\Symantec AntiVirus\SavRoam.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SrvPhb /*SrvPhb*/@ = "C:\WINDOWS\TEMP\7A.tmp" /*file not found*/
SUService /*System Update*/@ = c:\programmi\lenovo\system update\suservice.exe
Symantec AntiVirus /*Symantec AntiVirus*/@ = "C:\Programmi\Symantec AntiVirus\Rtvscan.exe"
TPHDEXLGSVC /*ThinkPad HDD APS Logging Service*/@ = System32\TPHDEXLG.EXE
TpKmpSVC /*IBM KCU Service*/@ = C:\WINDOWS\system32\TpKmpSVC.exe
TSSCoreService /*TSS Core Service*/@ = "C:\Programmi\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe"
TVT Backup Service /*TVT Backup Service*/@ = "C:\Programmi\IBM ThinkVantage\Rescue and Recovery\rrservice.exe"
TVT Scheduler /*TVT Scheduler*/@ = "C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe"
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
Zetera /*Zetera*/@ = C:\Z_SS\SS_WIN\Programmi\sc101\ZeteraService.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@TpShocksTpShocks.exe = TpShocks.exe
@TP4EXtp4ex.exe = tp4ex.exe
@EZEJMNAPC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
@TPHOTKEYC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
@LPManagerC:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe = C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
@AMSGC:\PROGRA~1\THINKV~2\AMSG\amsg.exe = C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
@dlaC:\WINDOWS\system32\dla\tfswctrl.exe = C:\WINDOWS\system32\dla\tfswctrl.exe
@ISUSPM Startupc:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup = c:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
@ISUSScheduler"c:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start = "c:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
@cssauth"C:\Programmi\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent = "C:\Programmi\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
@PDService.exe"C:\Programmi\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" = "C:\Programmi\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
@DiskeeperSystray"C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe" = "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
@PWRMGRTRrundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor = rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
@TPKMAPHELPERC:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper = C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
@TPKBDLEDC:\WINDOWS\system32\TpScrLk.exe = C:\WINDOWS\system32\TpScrLk.exe
@Client Access Service"C:\Programmi\IBM\Client Access\cwbsvstr.exe" = "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
@Client Access Help Update"C:\Programmi\IBM\Client Access\cwbinhlp.exe" = "C:\Programmi\IBM\Client Access\cwbinhlp.exe"
@Client Access Check Version"C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN = "C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN
@Client Access Express Welcome"C:\Programmi\IBM\Client Access\cwbwlwiz.exe" = "C:\Programmi\IBM\Client Access\cwbwlwiz.exe"
@Client Access PC5250 Sound"C:\Programmi\IBM\Client Access\Emulator\pcssnd.exe" = "C:\Programmi\IBM\Client Access\Emulator\pcssnd.exe"
@HP Component Manager"C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" = "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
@Logitech Hardware Abstraction LayerKHALMNPR.EXE = KHALMNPR.EXE
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@ACTrayC:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe = C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
@ACWLIconC:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe = C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
@Acrobat Assistant 7.0"C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" = "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
@HP Software UpdateC:\Programmi\HP\HP Software Update\HPWuSchd2.exe = C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@PSQLLauncher"C:\Programmi\ThinkVantage Fingerprint Software\launcher.exe" /startup = "C:\Programmi\ThinkVantage Fingerprint Software\launcher.exe" /startup
@igfxtrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@igfxhkcmdC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@igfxpersC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@AwaySchC:\Programmi\Lenovo\AwayTask\AwaySch.EXE = C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
@TPP Auto LoaderC:\WINDOWS\tppaldr.exe = C:\WINDOWS\tppaldr.exe
@TVT Scheduler ProxyC:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe = C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
@!ewido"C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized = "C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Skype"C:\Z_SS\SS_WIN\Programmi\Phone\Skype.exe" /nosplash /minimized = "C:\Z_SS\SS_WIN\Programmi\Phone\Skype.exe" /nosplash /minimized
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@ccleaner"C:\Z_SS\SS_WIN\Programmi\CCleaner\ccleaner.exe" /AUTO = "C:\Z_SS\SS_WIN\Programmi\CCleaner\ccleaner.exe" /AUTO

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@UPnPMonitor = C:\WINDOWS\system32\upnpui.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{5CA3D70E-1895-11CF-8E15-001234567890} /*DriveLetterAccess*/(null) =
@{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} /*SafeGuard® PrivateDisk extension*/C:\Programmi\IBM ThinkVantage\SafeGuard PrivateDisk\pdshell.dll = C:\Programmi\IBM ThinkVantage\SafeGuard PrivateDisk\pdshell.dll
@{BDA77241-42F6-11d0-85E2-00AA001FE28C} /*LDVP Shell Extensions*/C:\Programmi\File comuni\Symantec Shared\SSC\vpshell2.dll = C:\Programmi\File comuni\Symantec Shared\SSC\vpshell2.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{EEB5B6C2-E405-11d0-9318-0004AC946C18} /*AS/400 Shell Extensions - AS/400 IPL*/C:\Programmi\IBM\Client Access\Shared\cwbunas4.dll = C:\Programmi\IBM\Client Access\Shared\cwbunas4.dll
@{38482e00-0ad5-11cf-bc9d-0004ac325a18} /*AS/400 Network*/C:\Programmi\IBM\Client Access\Shared\cwbunshf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunshf.dll
@{DCA251A0-38AC-11d0-82BD-08005AA74F5C} /*AS/400 Shell Extensions - AS/400 Network*/C:\Programmi\IBM\Client Access\Shared\cwbunshf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunshf.dll
@{8CA2EBC1-40C7-4451-AD01-7DEEB4690358} /*AS/400 Related Tasks*/C:\Programmi\IBM\Client Access\Shared\cwbunshf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunshf.dll
@{658B579F-26F7-4f28-83E4-2D1301FBC10B} /*iSeries Navigator Data Server - ANSI plug-ins*/cwbunapi.dll = cwbunapi.dll
@{806756FB-CC6D-42cd-A6AE-F7F4916C5E22} /*iSeries Navigator Shell Extensions - ANSI plug-ins*/cwbunapi.dll = cwbunapi.dll
@{5E44E520-2F69-11d1-9318-0004AC946C18} /*AS/400 Shell Extensions - Auto Refresh*/C:\Programmi\IBM\Client Access\Shared\cwbunarf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunarf.dll
@{C94AFD20-98C1-11d1-9E01-0004AC760C57} /*AS/400 Shell Extensions - Drag Drop Handler*/C:\Programmi\IBM\Client Access\Shared\cwbunddh.dll = C:\Programmi\IBM\Client Access\Shared\cwbunddh.dll
@{870C83E1-FF73-11cf-B7F1-0004AC7609F6} /*AS/400 Shell Extensions - File Systems Properties*/C:\Programmi\IBM\Client Access\Shared\cwbunfsf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunfsf.dll
@{1827A857-9C20-11d1-96C3-00062912C9B2} /*AS/400 Shell Extensions - Java Components*/C:\Programmi\IBM\Client Access\Shared\cwbunjav.dll = C:\Programmi\IBM\Client Access\Shared\cwbunjav.dll
@{DCAF7D81-60C4-11d1-9E01-0004AC760C57} /*AS/400 Shell Extensions - Send Message*/C:\Programmi\IBM\Client Access\Shared\cwbunmgs.dll = C:\Programmi\IBM\Client Access\Shared\cwbunmgs.dll
@{C60EF841-2F98-11d1-A19A-08005A4F659F} /*AS/400 Shell Extensions - NFS Server*/C:\Programmi\IBM\Client Access\Shared\cwbunnfs.dll = C:\Programmi\IBM\Client Access\Shared\cwbunnfs.dll
@{040606B2-1C19-11d2-AA12-08005AD17735} /*AS/400 Shell Extensions - Visual Basic Components*/C:\WINDOWS\system32\cwbunvba.dll = C:\WINDOWS\system32\cwbunvba.dll
@{D63E20C4-3F6D-11d3-BCE6-002035C0A6DA} /*AS/400 Shell Extensions - Journaling*/C:\Programmi\IBM\Client Access\Shared\cwbunjrn.dll = C:\Programmi\IBM\Client Access\Shared\cwbunjrn.dll
@{01FE9570-15A3-11d2-8309-000629AA1859} /*AS/400 Shell Extensions - Management Central*/C:\Programmi\IBM\Client Access\Shared\cwbunypc.dll = C:\Programmi\IBM\Client Access\Shared\cwbunypc.dll
@{7D7E1B60-0EF8-11d2-8307-000629AA1859} /*AS/400 Shell Extensions - Management Central Task Activity/Scheduled Tasks*/C:\Programmi\IBM\Client Access\Shared\cwbunypc.dll = C:\Programmi\IBM\Client Access\Shared\cwbunypc.dll
@{3B453C20-21CD-11d2-8318-000629AA1859} /*AS/400 Shell Extensions - Management Central SW Inventory*/C:\Programmi\IBM\Client Access\Shared\cwbunyiv.dll = C:\Programmi\IBM\Client Access\Shared\cwbunyiv.dll
@{4CE18940-3E8B-11d2-834B-000629AA1859} /*AS/400 Shell Extensions - Management Central HW Inventory*/C:\Programmi\IBM\Client Access\Shared\cwbunyiv.dll = C:\Programmi\IBM\Client Access\Shared\cwbunyiv.dll
@{B08B7EAD-2FD4-11d3-917F-00203531488C} /*AS/400 Shell Extensions - Management Central Inventory Tasks*/C:\Programmi\IBM\Client Access\Shared\cwbunyiv.dll = C:\Programmi\IBM\Client Access\Shared\cwbunyiv.dll
@{90BE6B50-1041-11d2-8307-000629AA1859} /*AS/400 Shell Extensions - Management Central Endpoint Systems*/C:\Programmi\IBM\Client Access\Shared\cwbunypg.dll = C:\Programmi\IBM\Client Access\Shared\cwbunypg.dll
@{E4C59510-1050-11d2-8307-000629AA1859} /*AS/400 Shell Extensions - Management Central System Groups*/C:\Programmi\IBM\Client Access\Shared\cwbunypg.dll = C:\Programmi\IBM\Client Access\Shared\cwbunypg.dll
@{C2661801-FFE8-11cf-B14B-08005AA7218E} /*AS/400 Shell Extensions - Messages*/C:\Programmi\IBM\Client Access\Shared\cwbunmgf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunmgf.dll
@{22982561-EEC8-11cf-B14B-08005AA7218E} /*AS/400 Shell Extensions - Spool Files*/C:\Programmi\IBM\Client Access\Shared\cwbunouf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunouf.dll
@{8514E881-FF45-11cf-B14B-08005AA7218E} /*AS/400 Shell Extensions - Printers*/C:\Programmi\IBM\Client Access\Shared\cwbunprf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunprf.dll
@{FF142762-FAB1-11cf-B14B-08005AA7218E} /*AS/400 Shell Extensions - Jobs*/C:\Programmi\IBM\Client Access\Shared\cwbunjbf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunjbf.dll
@{85142F21-87FA-11cf-B7F1-0004AC7609F6} /*AS/400 Shell Extensions - Hardware Inventory*/C:\Programmi\IBM\Client Access\Shared\cwbunhwf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunhwf.dll
@{D2EF10E6-1DB9-11d2-BA43-0006296A8ED2} /*AS/400 Shell Extensions - Collection Services*/C:\Programmi\IBM\Client Access\Shared\cwbunpmf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunpmf.dll
@{38E423E4-2F35-11d3-917F-00203531488C} /*AS/400 Shell Extensions - Management Central Collection Services Tasks*/C:\Programmi\IBM\Client Access\Shared\cwbunpmf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunpmf.dll
@{07173161-93C3-11cf-B7F1-0004AC7609F6} /*AS/400 Shell Extensions - Software Inventory*/C:\Programmi\IBM\Client Access\Shared\cwbunswf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunswf.dll
@{94D923E0-20E3-11d2-8317-000629AA1859} /*AS/400 Shell Extensions - Management Central Fixes*/C:\Programmi\IBM\Client Access\Shared\cwbunypt.dll = C:\Programmi\IBM\Client Access\Shared\cwbunypt.dll
@{07AF64BD-3000-11d3-917F-00203531488C} /*AS/400 Shell Extensions - Management Central Fixes Tasks*/C:\Programmi\IBM\Client Access\Shared\cwbunypt.dll = C:\Programmi\IBM\Client Access\Shared\cwbunypt.dll
@{2FE31D81-A5C8-11d0-82BD-08005AA74F5C} /*AS/400 Shell Extensions - Internet*/C:\Programmi\IBM\Client Access\Shared\cwbuninf.dll = C:\Programmi\IBM\Client Access\Shared\cwbuninf.dll
@{525FE6D1-D3A2-11d0-8F5A-08005ACF81FE} /*AS/400 Shell Extensions - Socks*/C:\Programmi\IBM\Client Access\Shared\cwbunisf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunisf.dll
@{5D5D8AC1-AC35-11d0-8E51-444553540000} /*AS/400 Shell Extensions - TCPIPServers*/C:\Programmi\IBM\Client Access\Shared\cwbuntca.dll = C:\Programmi\IBM\Client Access\Shared\cwbuntca.dll
@{46184AE1-AAA4-11d0-8E51-444553540000} /*AS/400 Shell Extensions - BaseTCPIP*/C:\Programmi\IBM\Client Access\shared\cwbuntcb.dll = C:\Programmi\IBM\Client Access\shared\cwbuntcb.dll
@{E7CA4E41-AB46-11d0-8E51-444553540000} /*AS/400 Shell Extensions - DHCP*/C:\Programmi\IBM\Client Access\shared\cwbuntcd.dll = C:\Programmi\IBM\Client Access\shared\cwbuntcd.dll
@{A206FAC3-B636-11d0-8E51-444553540000} /*AS/400 Shell Extensions - Remote Access Services*/C:\Programmi\IBM\Client Access\shared\cwbuntcp.dll = C:\Programmi\IBM\Client Access\shared\cwbuntcp.dll
@{847FF4A1-AB61-11d0-8E51-444553540000} /*AS/400 Shell Extensions - DNS*/C:\Programmi\IBM\Client Access\shared\cwbuntcs.dll = C:\Programmi\IBM\Client Access\shared\cwbuntcs.dll
@{F8AB7201-C6FE-11d0-A16D-08005A4F659F} /*AS/400 Shell Extensions - WinNetHood*/C:\Programmi\IBM\Client Access\Shared\cwbunzls.dll = C:\Programmi\IBM\Client Access\Shared\cwbunzls.dll
@{044E2A21-BFBD-11d0-B776-0004AC940D52} /*AS/400 Shell Extensions - RPC Server*/C:\Programmi\IBM\Client Access\Shared\cwbunrpc.dll = C:\Programmi\IBM\Client Access\Shared\cwbunrpc.dll
@{3BA92222-0F54-11d1-BB98-0004AC946B70} /*AS/400 Shell Extensions - Directory Server*/C:\Programmi\IBM\Client Access\Shared\cwbungld.dll = C:\Programmi\IBM\Client Access\Shared\cwbungld.dll
@{AA3B74D8-481F-11d2-BD9F-0006296A7BFD} /*AS/400 Shell Extensions - Server Subsystem Configuration*/C:\Programmi\IBM\Client Access\Shared\cwbunjbs.dll = C:\Programmi\IBM\Client Access\Shared\cwbunjbs.dll
@{5F058520-C229-11d1-A2D8-0004ACEA99C1} /*AS/400 Shell Extensions - SecWiz*/C:\Programmi\IBM\Client Access\Shared\cwbunwzd.dll = C:\Programmi\IBM\Client Access\Shared\cwbunwzd.dll
@{BF5B0321-6793-11CF-8877-444553540000} /*AS/400 Shell Extensions - Users and Groups*/C:\Programmi\IBM\Client Access\Shared\cwbunugf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunugf.dll
@{4360EE25-EB84-11d2-9145-00203531916D} /*AS/400 Shell Extensions - Management Central User Admin (Inventory)*/C:\Programmi\IBM\Client Access\Shared\cwbunyua.dll = C:\Programmi\IBM\Client Access\Shared\cwbunyua.dll
@{26CA5BB1-0318-11d3-914C-00203531916D} /*AS/400 Shell Extensions - Management Central User Admin (Definition)*/C:\Programmi\IBM\Client Access\Shared\cwbunyua.dll = C:\Programmi\IBM\Client Access\Shared\cwbunyua.dll
@{A7CE1A9B-5991-11d3-9195-002035AE9862} /*AS/400 Shell Extensions - Management Central User Admin (Tasks)*/C:\Programmi\IBM\Client Access\Shared\cwbunyua.dll = C:\Programmi\IBM\Client Access\Shared\cwbunyua.dll
@{333195D9-CE4E-11d1-B33D-0004AC760C57} /*AS/400 Shell Extensions - File Shares Properties*/C:\Programmi\IBM\Client Access\Shared\cwbunfss.dll = C:\Programmi\IBM\Client Access\Shared\cwbunfss.dll
@{DF99C160-B894-11cf-BB91-08005ACECA20} /*AS/400 Shell Extensions - Backup*/C:\Programmi\IBM\Client Access\Shared\cwbunbkf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunbkf.dll
@{DAB1B0F0-0F7A-11d2-8307-000629AA1859} /*AS/400 Shell Extensions - Management Central Command*/C:\Programmi\IBM\Client Access\Shared\cwbunyrs.dll = C:\Programmi\IBM\Client Access\Shared\cwbunyrs.dll
@{2AC4CC1B-2A53-11d3-917A-00203531488C} /*AS/400 Shell Extensions - Management Central Command Tasks*/C:\Programmi\IBM\Client Access\Shared\cwbunyrs.dll = C:\Programmi\IBM\Client Access\Shared\cwbunyrs.dll
@{1BE914D0-217E-11d2-8318-000629AA1859} /*AS/400 Shell Extensions - Management Central Packages*/C:\Programmi\IBM\Client Access\Shared\cwbunyds.dll = C:\Programmi\IBM\Client Access\Shared\cwbunyds.dll
@{3C6D4FB0-1F53-11d3-9169-00203531917D} /*AS/400 Shell Extensions - Management Central Products*/C:\Programmi\IBM\Client Access\Shared\cwbunyds.dll = C:\Programmi\IBM\Client Access\Shared\cwbunyds.dll
@{4B8388FD-2FF9-11d3-917F-00203531488C} /*AS/400 Shell Extensions - Management Central Packages Tasks*/C:\Programmi\IBM\Client Access\Shared\cwbunyds.dll = C:\Programmi\IBM\Client Access\Shared\cwbunyds.dll
@{64B95947-1759-11d2-ABC8-000629AB3FA1} /*AS/400 Shell Extensions - System Monitors*/C:\Programmi\IBM\Client Access\Shared\cwbunyme.dll = C:\Programmi\IBM\Client Access\Shared\cwbunyme.dll
@{0637AEF4-4998-11d1-B4BF-0004ACEA60A2} /*AS/400 Shell Extensions - Application Administration*/C:\Programmi\IBM\Client Access\Shared\cwbunplf.dll = C:\Programmi\IBM\Client Access\Shared\cwbunplf.dll
@{8C190250-D9F1-11d1-9EBB-00062912CA23} /*AS/400 User Page Extension - Application Wiz*/C:\Programmi\IBM\Client Access\Shared\cwbunugw.dll = C:\Programmi\IBM\Client Access\Shared\cwbunugw.dll
@{BC3247B1-C17D-11d0-99FB-0004ACFCA52A} /*AS/400 Shell Extensions - IPC*/C:\Programmi\IBM\Client Access\Shared\cwbunp0z.dll = C:\Programmi\IBM\Client Access\Shared\cwbunp0z.dll
@{506F4668-F13E-4AA1-BB04-B43203AB3CC0} /*{506F4668-F13E-4AA1-BB04-B43203AB3CC0}*/C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL = C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL
@{D66DC78C-4F61-447F-942B-3FB6980118CF} /*{D66DC78C-4F61-447F-942B-3FB6980118CF}*/C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL = C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.61 Context Menu Shell Extension*/(null) =
@{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.61 DragDrop Shell Extension*/(null) =
@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.61 Context Menu Shell Extension*/(null) =
@{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.61 Property Sheet Shell Extension*/(null) =
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\btneighborhood.dll = C:\WINDOWS\system32\btneighborhood.dll
@{23170F69-40C1-278A-1000-000100020000} /*7-Zip Shell Extension*/C:\Programmi\ThinkVantage\SMA\7z\7-zip.dll = C:\Programmi\ThinkVantage\SMA\7z\7-zip.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\context.dll
LDVPMenu@{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Programmi\File comuni\Symantec Shared\SSC\vpshell2.dll
Resurrector@{3B177BCE-B599-4ABD-BECE-B57EE18187FA} =
SGPDMenu@{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Programmi\IBM ThinkVantage\SafeGuard PrivateDisk\pdshell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\context.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
LDVPMenu@{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Programmi\File comuni\Symantec Shared\SSC\vpshell2.dll
SGPDMenu@{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Programmi\IBM ThinkVantage\SafeGuard PrivateDisk\pdshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar1.dll = c:\programmi\google\googletoolbar1.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll = C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cetihpz@CLSID = C:\Programmi\HP\hpcoretech\comp\hpuiprot.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = savio.bia

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{72792AC7-15CE-41BA-B849-718E528C68BD} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress10.2.39.10 = 10.2.39.10
@NameServer10.2.2.1,10.2.2.200,151.99.0.100,151.99.125.1 = 10.2.2.1,10.2.2.200,151.99.0.100,151.99.125.1
@DefaultGateway10.2.1.10 = 10.2.1.10
@Domain =

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Acrobat.lnk = Avvio veloce di Adobe Acrobat.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
BTTray.lnk = BTTray.lnk
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
Logitech SetPoint.lnk = Logitech SetPoint.lnk
Manager HotSync.lnk = Manager HotSync.lnk

---- EOF - GMER 1.0.10 ----


GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-27 12:52:21
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT 897BC6E8 ZwConnectPort
SSDT \??\C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE A72E3C8A
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_DEVICE_CONTROL [A8ED1912] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_DEVICE_CONTROL [A8ED1912] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_DEVICE_CONTROL [A8ED1912] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_DEVICE_CONTROL [A8ED1912] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_DEVICE_CONTROL [A8ED1912] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL [A8ED1AAE] tfsnifs.sys

---- Files - GMER 1.0.10 ----

File C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan\kfnue1.dll.q_2CF0_q.ini
File C:\WINDOWS\kfnue1.dll
File C:\WINDOWS\system32\clock$.kdo

---- EOF - GMER 1.0.10 ----
xsecure
Utente Junior
 
Post: 15
Iscritto il: 27/08/06 00:33

Postdi BilloKenobi » 27/08/06 14:29

allora


il tuo log di hijackthis è alquanto pienotto di schifezze

ma un passo alla volta, occupiamoci intanto del LO

comincia con lo scaricare questi programmi

Myuninstaller --- http://www.puntocr.it/index/downloads_r ... d/214.html
The avenger --- http://swandog46.geekstogo.com/avenger.zip
Ccleaner --- http://www.filehippo.com/download_ccleaner/

Ora cominciamo

1) Estrai Myuninstaller. è un programma (che non necessita installazione) simile a "installazione applicazioni" ma molto più efficace. Cerca la voce LinkOptimizer, cliccaci col destro e clicca Delete selected entry

2) Vai su Start>esegui>control userpasswords2 (lo scrivi nello spazio bianco)>OK

Nella finestra Account utente, dovresti avere un'utenza sospetta con nome casuale (oltre le consuete), tipo XYZFG. Segnati il nome dell'utenza ed eliminala (click con il destro e scegli elimina);

3) Rendi visibili file e cartelle nascosti:

da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema (consigliato)
Premi OK
Vai in C:\Documents and Settings, dovresti trovare una cartella con lo stesso nome dell'utenza, elimina anch'essa

4) Ora estra e avvia Avenger.exe

Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\SrvPhb

Files to delete:

C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan\kfnue1.dll.q_2CF0_q.ini
C:\WINDOWS\kfnue1.dll


Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.

5) Controlla se in C:\Programmi o C:\Programmi\file comuni o C:\programmi\file comuni\System o in C:\programmi\file comuni\microsoft shared , sono presenti file con estensione .exe di colore verde; se sì fammelo sapere



6) Ora apri Ccleaner e fallo girare. pulirà tutti i file temporanei del computer


per ora può bastare ;)
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi Luke57 » 27/08/06 14:44

Ciao, modifica lo script da inserire in Avenger così:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\SrvPhb

Files to delete:
C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan\kfnue1.dll.q_2CF0_q.ini
C:\WINDOWS\kfnue1.dll
C:\WINDOWS\system32\clock$.kdo
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi BilloKenobi » 27/08/06 15:45

Luke57 ha scritto:Ciao, modifica lo script da inserire in Avenger così:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\SrvPhb

Files to delete:
C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan\kfnue1.dll.q_2CF0_q.ini
C:\WINDOWS\kfnue1.dll
C:\WINDOWS\system32\clock$.kdo


credevo di averla copiata.... :evil:

e poi ho lasciato anche uno spazio di troppo :evil:

devo stare più attento :aaah
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi xsecure » 27/08/06 18:05

Ahhh che gioia,vi devo ringraziare molto,ora il processore si attesta
sul 8 10 % e la ram occupata sui 422 mb. Grazie mille.

C'è altro che dovrei fare ?

Sapete dirmi da dove è arrivato quel cornuto di sofware che ha fatto
tutto stò casino ?

Qui di seguito il log. Grazie ancora.


/////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


Error: could not initiate system shutdown.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\emxnbvmd

*******************

Script file located at: \??\C:\WINDOWS\system32\sensiiiu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvPhb deleted successfully.
File C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan\kfnue1.dll.q_2CF0_q.ini deleted successfully.
File C:\WINDOWS\kfnue1.dll deleted successfully.
File C:\WINDOWS\system32\clock$.kdo deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oqkdukcc

*******************

Script file located at: \??\C:\Program Files\hbljlcaf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvPhb not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvPhb failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\SrvPhb
Status: 0xc0000034



File C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan\kfnue1.dll.q_2CF0_q.ini not found!
Deletion of file C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan\kfnue1.dll.q_2CF0_q.ini failed!

Could not process line:
C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan\kfnue1.dll.q_2CF0_q.ini
Status: 0xc0000034



File C:\WINDOWS\kfnue1.dll not found!
Deletion of file C:\WINDOWS\kfnue1.dll failed!

Could not process line:
C:\WINDOWS\kfnue1.dll
Status: 0xc0000034



File C:\WINDOWS\system32\clock$.kdo not found!
Deletion of file C:\WINDOWS\system32\clock$.kdo failed!

Could not process line:
C:\WINDOWS\system32\clock$.kdo
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
xsecure
Utente Junior
 
Post: 15
Iscritto il: 27/08/06 00:33

Postdi xsecure » 27/08/06 18:18

Dimenticavo:

ho verificato all'interno di
) Controlla se in C:\Programmi o C:\Programmi\file comuni o C:\programmi\file comuni\System o in C:\programmi\file comuni\microsoft shared , sono presenti file con estensione .exe di colore verde; se sì fammelo sapere

e non ci sono .exein verde, ho controllato solo nelle directory che mi ha specificato non in tutte le sottdirectory presenti al loro interno, va bene lo stesso ?

Grazie ancora.
xsecure
Utente Junior
 
Post: 15
Iscritto il: 27/08/06 00:33

Postdi BilloKenobi » 27/08/06 18:23

strano, ma suppongo che vada tutto bene allora...

:D :D :D :D

complimenti. hai ucciso il LO
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi xsecure » 28/08/06 12:54

Gradirei sapere che cosa sia il LO e come si fà a prendere in modo tale
che evito la prossima volta di fare lo stesso errore......

Arriva da siti visitati o via e-mail ?

Per tutte le altre schifezze che ha rilevato nel log devo fare altro ?
xsecure
Utente Junior
 
Post: 15
Iscritto il: 27/08/06 00:33

Postdi BilloKenobi » 28/08/06 13:25

mi ero dimenticato del log... :!:

comunque il LinkOptimizer si prende di solito sui siti a luci rosse ( :roll: ), ma ho letto di utenti che lo hanno preso anche visitando siti per suonerie, screen savers, etc...

praticamente se sul sito che visiti c'è un banner proveniente da un server infettato (celebre è il gormozon.com) ti becchi il virus (che si chiama astutamente http://www.google.com), che poi scarica tutti gli altri componenti (che abbiamo eliminato) dal web, e ne nasconde alcuni con tecniche di rootkit... (vedi GMER)

per quanto riguarda il tuo log di HJT, estrailo in una sua cartella, vai in modalità provvisoria (con ripristino configurazione di sitema momentaneamente disattivato) e fixa


R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A11736EF-6FF2-5C86-F256-DE39BD0876A7} - C:\WINDOWS\kfnue1.dll (file missing)
O16 - DPF: {EC52F7A4-27A7-4319-9BA1-E7FE5C90D3AC} - http://td8eau9td.com/a33ed837/50310/1/xp/FreeAccess.ocx
O20 - Winlogon Notify: TpiFlash - C:\PROGRA~1\Lenovo\PkgMgr\Flash32.dll (questa voce è molto recente. non so dirti se è un virus oppure no, perchè ancora non si sa)
O23 - Service: SrvPhb - Unknown owner - C:\WINDOWS\TEMP\7A.tmp (file missing)

conosci il dominio "savio.bia"?
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi xsecure » 29/08/06 14:32

Buon giorno,
ho fatto quello che cortesemente mi ha detto, alcune voci erano già sparite.

Il dominio savio.bia è ok.

Allego attuale LOG :
Logfile of HijackThis v1.99.1
Scan saved at 15:31:44, on 29/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\lotus\notes\nslsvice.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
c:\programmi\lenovo\system update\suservice.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmi\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\acs.exe
C:\Programmi\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmi\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Programmi\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Programmi\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\tppaldr.exe
C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\Z_SS\SS_WIN\Programmi\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\palmOne\Hotsync.exe
C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\SEDRAN~1.SAV\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\SEDRAN~1.SAV\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\DOCUME~1\SEDRAN~1.SAV\IMPOST~1\Temp\Directory temporanea 2 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauth] "C:\Programmi\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmi\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmi\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmi\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Programmi\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ACTray] C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Programmi\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AwaySch] C:\Programmi\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [!ewido] "C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Z_SS\SS_WIN\Programmi\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Z_SS\SS_WIN\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Manager HotSync.lnk = C:\Programmi\palmOne\Hotsync.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Aggiornamento del software del ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmi\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://extranet1.lotus.com/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... ase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9471518168
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam02.lugano.ch/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = savio.bia
O17 - HKLM\Software\..\Telephony: DomainName = savio.bia
O17 - HKLM\System\CCS\Services\Tcpip\..\{72792AC7-15CE-41BA-B849-718E528C68BD}: NameServer = 10.2.2.1,10.2.2.200,151.99.0.100,151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = savio.bia
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Programmi\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Servizio host di pcAnywhere (awhost32) - Symantec Corporation - C:\Programmi\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Z_SS\SS_WIN\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Accesso singolo Lotus Notes (Lotus Notes Single Logon) - IBM Corp - C:\Programmi\lotus\notes\nslsvice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: IBM DS4000/FAStT Storage Manager 9 Event Monitor (SMmonitor) - Unknown owner - C:\Programmi\IBM_DS4000\client\monitor\SMmonitor.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - - c:\programmi\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmi\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmi\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Zetera - Zetera Corporation - C:\Z_SS\SS_WIN\Programmi\sc101\ZeteraService.exe

Grazie
xsecure
Utente Junior
 
Post: 15
Iscritto il: 27/08/06 00:33

Postdi BilloKenobi » 29/08/06 19:47

tutto ok
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi xsecure » 30/08/06 19:19

Grazie ancora.
xsecure
Utente Junior
 
Post: 15
Iscritto il: 27/08/06 00:33

Postdi xsecure » 08/09/06 09:58

Buon giorno,

le scrivo in quanto da dopo che abbimo fatto quella serie di operatività
il pc non tiene più la cronologia dei file utilizzati in Office, agni volta che lo riavvio mi cancella la lista dei file aperti la volta precedente,questo vale anche per la cronologia di Explorer,cortesemente potrebbe fornirmi le
indicazioni per sistemare questo piccoloinconveniente ?

Grazie.
xsecure
Utente Junior
 
Post: 15
Iscritto il: 27/08/06 00:33


Torna a Sicurezza e Privacy


Topic correlati a "processore altalenante, RAM satura":

ping altalenante
Autore: ndcapra
Forum: Reti, ADSL e wireless
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 63 ospiti