Accedi per seguire   
Seguaci 0
Goblo

Controllo Log

Iniziato da Goblo,

9 messaggi in questa discussione

Inviato

Ho disattivato per due minuti il firewall e da allora sono iniziati tutti i problemi.

Ecco il log.

Grazie mille a tutti... :)

Logfile of HijackThis v1.99.1

Scan saved at 21.41.16, on 30/05/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Sygate\SPF\smc.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\CTSvcCDA.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe

C:\Programmi\Brother\ControlCenter2\brctrcen.exe

C:\WINDOWS\System32\devldr32.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe

C:\WINDOWS\System32\taskmgr.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\fcccdbb.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll

O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe

O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?

O4 - Global Startup: Controllo dello stato.lnk = C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe

O4 - Global Startup: DSLMON.lnk = ?

O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{0FC90F85-1734-4695-BFBB-18AE2D299B1E}: NameServer = 193.70.152.15 193.70.152.25

O17 - HKLM\System\CS1\Services\Tcpip\..\{0FC90F85-1734-4695-BFBB-18AE2D299B1E}: NameServer = 193.70.152.15 193.70.152.25

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll

O20 - Winlogon Notify: fcccdbb - C:\WINDOWS\SYSTEM32\fcccdbb.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Aggiungo che adesso nelle applicazioni che visualizzo con il sygate personal firewall c'è anche "Esplora Risorse" che prima non c'era.

:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ciao , fai cosi;

scarica Vundofix

lancialo e metti la spunta su "Run VundoFix as a task"

riceverai un avviso che Vundofix si chiuderà/riaprirà in un minuto circa

quando il programma si riaprirà clicca su OK

poi clicca su "Scan for Vundo" e quando ha finito la scansione clicca su "Remove vundo"

conferma la rimozione dei file cliccando su YES e alla fine conferma con OK la richiesta di spegnimento del sistema

Riavvia e allega il log C:\vundofix.txt

* Assicurati di avere accesso a file e cartelle nascosti

(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)

1) metti la spunta su: Visualizza file e cartelle nascoste

2) Disattiva: nascondi file protetti di sistema

* disattiva il ripristino configurazione di sistema

* Avvia in modalità provvisoria

Avvia hijackthis, metti la spunta alle voci che andro ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked (potrebbero non esserci tutte)

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\fcccdbb.dll

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe

O20 - Winlogon Notify: fcccdbb - C:\WINDOWS\SYSTEM32\fcccdbb.dll

Assicurati che non ci sia piu;

C:\WINDOWS\SYSTEM32\fcccdbb.dll

* Dai una ripulita a cookie,cache e prefetch con Ccleaner

(Quando lo installi ricordati che se lasci le spunte di defuat ,verrà installata anche la toolbar yahoo)

(prima di usarlo vai in Opzioni/avanzate e togli la spunta da :Elimina file temp di Windows solo se piu vecchi di 48 ore)

*Ritorna in modalità normale e posta un log aggiornato

* Fai anche uno scan online Kaspersky in questo modo

**PS_Dovresti aggiornare il sistema con il SP2

PS1__C'è anche una voce che sembrerebbe realtiva al trojan IRCBot (infezione molto ostile, quindi speriamo di no)

_____________________________________________

Alla fine delle procedure di pulizia è fondamentale :

1) ri-nascondere i file e le cartelle di sistema

2) Riattivare il ripristino configurazione di sistema (XP / ME)

3) Creare un nuovo punto di ripristino

:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Nella speranza di aver eseguito tutto correttamente ecco i log:

VundoFix V6.4.1

Checking Java version...

Sun Java not detected

Scan started at 23.03.52 30/05/2007

Listing files found while scanning....

C:\WINDOWS\System32\fcccdbb.dll

C:\WINDOWS\System32\looqr.ini

C:\WINDOWS\System32\rqool.dll

Beginning removal...

Attempting to delete C:\WINDOWS\System32\fcccdbb.dll

C:\WINDOWS\System32\fcccdbb.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\looqr.ini

C:\WINDOWS\System32\looqr.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\rqool.dll

C:\WINDOWS\System32\rqool.dll Could not be deleted.

Performing Repairs to the registry.

Done!

Beginning removal...

Attempting to delete C:\WINDOWS\System32\fcccdbb.dll

C:\WINDOWS\System32\fcccdbb.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\rqool.dll

C:\WINDOWS\System32\rqool.dll Has been deleted!

Performing Repairs to the registry.

Done!

__________________________________________

Logfile of HijackThis v1.99.1

Scan saved at 0.02.00, on 31/05/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Sygate\SPF\smc.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\CTSvcCDA.exe

C:\WINDOWS\System32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe

C:\WINDOWS\System32\devldr32.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {200F777C-320C-438A-AE29-3F3DBAD0A29A} - C:\WINDOWS\System32\rqool.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll

O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe

O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?

O4 - Global Startup: Controllo dello stato.lnk = C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe

O4 - Global Startup: DSLMON.lnk = ?

O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{0FC90F85-1734-4695-BFBB-18AE2D299B1E}: NameServer = 193.70.152.15 193.70.152.25

O17 - HKLM\System\CS1\Services\Tcpip\..\{0FC90F85-1734-4695-BFBB-18AE2D299B1E}: NameServer = 193.70.152.15 193.70.152.25

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

:)

Come al soilito siete tempestivi e geniali...ogni volta che visito questo forum rimango a bocca aperta.

:P

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao...

Fissa questa:

O2 - BHO: (no name) - {200F777C-320C-438A-AE29-3F3DBAD0A29A} - C:\WINDOWS\System32\rqool.dll (file missing)

Per il resto Il log è pulito... :up1: ti manca solo il Service Pack 2

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

1000 volte grazie a tutti voi.... :)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

di niente figurati... a disposizione :P

:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Un'ultima cosa se è possibile.

Come faccio ad evitare che ad ogni avvio di sistema ci siano questi processi??

PnkBstrA.exe

Acrotray.exe

Pptd40nt.exe ( cos'é?)

:) Ciauuu

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0
Vai alla lista Discussioni HiJackThis - Posta qui i Log