Condividi:        

potete controllare il mio log please?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

potete controllare il mio log please?

Postdi francyfra79 » 26/11/06 15:08

grazie mille :)



Logfile of HijackThis v1.99.1
Scan saved at 15.03.49, on 26/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Control Center] C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipStunt] "C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Hotkey.lnk = C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: NetXng - Unknown owner - \\?\C:\Programmi\File comuni\System\lpt9.exe (file missing)
O23 - Service: NetXps - Unknown owner - \\?\C:\Programmi\File comuni\Microsoft Shared\con.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
francyfra79
Utente Junior
 
Post: 18
Iscritto il: 19/09/06 13:04

Sponsor
 

Postdi BilloKenobi » 26/11/06 17:14

il log è pulito, ma compaiono questi due servizi

O23 - Service: NetXng - Unknown owner - \\?\C:\Programmi\File comuni\System\lpt9.exe (file missing)
O23 - Service: NetXps - Unknown owner - \\?\C:\Programmi\File comuni\Microsoft Shared\con.exe (file missing)

che indicano avvenute infezioni di gromozon... dovresti scaricare questo bel pacchetto

http://www.mytempdir.com/1082740

e usare i vari tool di eliminazione. al suo interno trovi di tutto (difatti pesa abbastanza)... usa prima il tool symantec in provvisoria, poi posta il log (che trovi in C:\FixLinkOpt), poi il tool prevx (che rilascia un log da postare in C:\gromozon_removal.log), poi già che ci siamo installa VirIt e fai uno scan...
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

sono riuscita afare solo questo....

Postdi francyfra79 » 26/11/06 18:23

non ci sto capendo piu nulla!

WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"C:\Documents and Settings\Francesca\Desktop\MXR1462.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"C:\Documents and Settings\Francesca\Impostazioni locali\Temporary Internet Files\Content.IE5\ZXSVUMV7\MXR1461[1].zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\IncrediMail\le_donne_sono_pericolose.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"D:\stronzatine\augurio_per_te.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"C:\Documents and Settings\Francesca\Impostazioni locali\Temporary Internet Files\Content.IE5\PC83T5KH\MXR1493[1].zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBand::OnSize()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\IncrediMail\buonemaniere.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"D:\Documenti\Musica\Renato Zero\Renato Zero intera discografia 1967 2005 41 album BY GALLINELLA.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Action: Add (and replace) files Include subfolders: no Save full path: no
Searching ...
WzToolBar::NotifyHandler()

Interrupted

WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"C:\Documents and Settings\Francesca\Desktop\MXR1513.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"C:\Documents and Settings\Francesca\Impostazioni locali\Temporary Internet Files\Content.IE5\H3VBLPKE\ricamo_diddlmania_09[1].zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"C:\Documents and Settings\Francesca\Desktop\MXR1513.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"D:\Documenti\Musica\Renato Zero\Renato Zero intera discografia 1967 2005 41 album BY GALLINELLA.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\IncrediMail\ombra_in_tenda.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"D:\Documenti\Musica\Renato Zero\Renato Zero intera discografia 1967 2005 41 album BY GALLINELLA.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"C:\Documents and Settings\Francesca\Impostazioni locali\Temporary Internet Files\Content.IE5\O1QZSY68\ilenia_lazzarin[1].zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"C:\Documents and Settings\Francesca\Desktop\MXR1513.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"D:\Documenti\hijackthis_199.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"C:\Programmi\Tools rimozione gromozon.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBand::OnSize()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::ReCalcBarSize()
WzToolBand::OnSize()
cl:
"C:\Programmi\Tools rimozione gromozon.zip"
WzToolBar::NotifyHandler()
WzToolBand::OnSize()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
Extracting to "C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\"
Use Path: no Overlay Files: yes
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::NotifyHandler()
WzToolBar::SaveSettings()


mi sono ritrovata una cartella gromozon_removal vuota!
e sta andando la scansione con VirIt.

che altro devo fare? non sono molto pratica, scusami
francyfra79
Utente Junior
 
Post: 18
Iscritto il: 19/09/06 13:04

Postdi BilloKenobi » 26/11/06 18:29

questo log non ho idea di cosa sia.... comunque fai andare VirIt, tanto sarà lui a togliere il virus... gli altri tool servono per lo più a permetterne l'utilizzo
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

VirIt...

Postdi francyfra79 » 26/11/06 18:50

ha trovato un virus e l'ha rimosso! quindi ora dovrei stare trqnuilla?
ma considerando che ho norton (che però ieri non mi aveva rilevato questo virus) questo VirIT devo disinstallarlo?
francyfra79
Utente Junior
 
Post: 18
Iscritto il: 19/09/06 13:04

Postdi BilloKenobi » 26/11/06 19:03

sì, toglio virit... già chi ci sei, usa gmer (che hai trovato nel .zip), estrailo, avvialo, clicca su >>>> e poi su Autostar, poi su scan... alla fine (ci mette pochi secondi) clicca su Copy e incolli il log qui sul forum
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

...

Postdi francyfra79 » 27/11/06 09:32

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-11-27 09:31:29
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ASWLSVC /*ASWLSVC*/@ = C:\WINDOWS\system32\ASWLSVC.exe
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATKKeyboardService /*ATK Keyboard Service*/@ = C:\WINDOWS\ATKKBService.exe
btwdins /*Bluetooth Service*/@ = C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
ccEvtMgr /*Symantec Event Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
ccSetMgr /*Symantec Settings Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
navapsvc /*Servizio Auto-Protect di Norton AntiVirus*/@ = "C:\Programmi\Norton AntiVirus\navapsvc.exe"
NetXng /*NetXng*/@ = "\\?\C:\Programmi\File comuni\System\lpt9.exe"
NetXps /*NetXps*/@ = "\\?\C:\Programmi\File comuni\Microsoft Shared\con.exe"
NPFMntor /*Norton AntiVirus Firewall Monitor Service*/@ = "C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe"
SBService /*ScriptBlocking Service*/@ = C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
SNDSrvc /*Symantec Network Drivers Service*/@ = "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe"
SPBBCSvc /*Symantec SPBBCSvc*/@ = "C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
Symantec Core LC /*Symantec Core LC*/@ = C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@HControlC:\WINDOWS\ATK0100\HControl.exe = C:\WINDOWS\ATK0100\HControl.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@Power_GearC:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1 /*file not found*/ = C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1 /*file not found*/
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
@Control CenterC:\Progra~1\ASUS\WLAN Card Utilities\Center.exe = C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@ccApp"C:\Programmi\File comuni\Symantec Shared\ccApp.exe" = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@Symantec NetDriver MonitorC:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@Easy-PrintToolBoxC:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon = C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@Skype"C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
@VoipStunt"C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized /*file not found*/ = "C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized /*file not found*/
@IncrediMailC:\Programmi\IncrediMail\bin\IncMail.exe /c = C:\Programmi\IncrediMail\bin\IncMail.exe /c

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\btneighborhood.dll = C:\WINDOWS\system32\btneighborhood.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Symantec.Norton.Antivirus.IEContextMenu@{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton AntiVirus\NavShExt.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Symantec.Norton.Antivirus.IEContextMenu@{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton AntiVirus\NavShExt.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{BDF3E430-B101-42AD-A544-FADC6B084872}C:\Programmi\Norton AntiVirus\NavShExt.dll = C:\Programmi\Norton AntiVirus\NavShExt.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.asus.com = http://www.asus.com
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
BTTray.lnk = BTTray.lnk
Hotkey.lnk = Hotkey.lnk

---- EOF - GMER 1.0.10 ----
francyfra79
Utente Junior
 
Post: 18
Iscritto il: 19/09/06 13:04

Postdi Luke57 » 27/11/06 10:04

Ciao,scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\NetXng
HKLM\SYSTEM\CurrentControlSet\Services\NetXps

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | 1

Files to delete:
C:\Programmi\File comuni\System\lpt9.exe
C:\Programmi\File comuni\Microsoft Shared\con.exe


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.

Posta un nuovo log di hijackthis.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi francyfra79 » 27/11/06 10:30

C:\avenger\1.reg



C:\avenger\2.reg



C:\avenger\3.reg



C:\avenger\4.reg


C:\avenger\backup-19.09.2006-15.52.17,09.zip
C:\avenger\backup-19.09.2006-15.58.21,93.zip
C:\avenger\backup-19.09.2006-16.07.51,53.zip
C:\avenger\backup.zip
1 file copiati.
Impossibile cambiare l'attributo - C:\avenger\con.exe
Impossibile cambiare l'attributo - C:\avenger\lpt9.exe
zip warning: C:/backup.zip not found or empty
adding: avenger/avenger.txt (188 bytes security) (deflated 72%)
adding: avenger/backup.reg (188 bytes security) (deflated 73%)
adding: avenger/con.exe





Logfile of HijackThis v1.99.1
Scan saved at 10.30.39, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Control Center] C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [fqgegiyl] C:\atkgqvhw.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipStunt] "C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Hotkey.lnk = C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
francyfra79
Utente Junior
 
Post: 18
Iscritto il: 19/09/06 13:04

Postdi Luke57 » 27/11/06 10:44

Ciao, scusa ma il primo non è il consueto log di Avenger. Dopo averlo scaricato, metti il file .zip sul desktop, estrai i relativi file sempre sul desktop,avvii il file avenger.exe estratto e poi esegui esattamente la procedura che ti ho descritto nel post precedente.
Al riavvio del computer, il report lo trovi in C:/avenger.txt.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

sarà questo?

Postdi francyfra79 » 27/11/06 11:00

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ooterrcf

*******************

Script file located at: \??\C:\WINDOWS\system32\aealedao.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\NetXng not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\NetXng failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\NetXng
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\NetXps not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\NetXps failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\NetXps
Status: 0xc0000034



File C:\Programmi\File comuni\System\lpt9.exe not found!
Deletion of file C:\Programmi\File comuni\System\lpt9.exe failed!

Could not process line:
C:\Programmi\File comuni\System\lpt9.exe
Status: 0xc0000034



File C:\Programmi\File comuni\Microsoft Shared\con.exe not found!
Deletion of file C:\Programmi\File comuni\Microsoft Shared\con.exe failed!

Could not process line:
C:\Programmi\File comuni\Microsoft Shared\con.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|1
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|1 failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
francyfra79
Utente Junior
 
Post: 18
Iscritto il: 19/09/06 13:04


Torna a Sicurezza e Privacy


Topic correlati a "potete controllare il mio log please?":


Chi c’è in linea

Visitano il forum: Nessuno e 95 ospiti

cron