Avira segnala Heur-Dblext crypted!

Wildman · 02-07-2007, 11:09

Salve, da circa una settimana Avira mi segnala questo file infetto, per la precisione è un file dat.exe della cartella temp.
Ho cercato informazioni sul sito ma è piuttosto vago, e cmq non riesco ad eliminarlo, mi aiutate?
Il pc è un vaio VGN- con windows XP abbastanza aggiornato, per la cronaca internet explorer non funziona, appeno lo apro si blocca.
Posto il log di Hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:48:12 AM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Sony\VAIO Camera Utility\bak\VCUServe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe
C:\Documents and Settings\David\Desktop\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PC98Monitor] "C:\PROGRA~1\TIMTUR~1.33E\N100EM~1.EXE"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Check Windows Disk Protection.lnk = C:\Program Files\Microsoft Shared Computer Toolkit\CheckWDP.hta
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174564934055
O17 - HKLM\System\CCS\Services\Tcpip\..\{729A6DE9-77C6-41A1-A111-1796FEAB3E5B}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6A01A3F-80A3-4240-94A8-D997E99A2FAF}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SCTThresholdMonitor (SCTThresholdMon) - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: WDPOperations - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE

--
End of file - 7918 bytes

Ciao e grazie

c.m.g · 02-07-2007, 11:13

fixa questi:

O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com

fai una passata con ccleaner e cambia browser a favore di più sicuri come opera o firefox con relativi plungin di sicurezza.

Bugs Bunny · 02-07-2007, 12:07

posta anche un log di findawf, per sicurezza

Wildman · 02-07-2007, 15:01

Eccomi di nuovo, posto il log di awf, con ccleaner non mi sembra di aver trovato qualcosa di strano.

Find AWF report by noahdfear ©2006

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\ANTIVI~1\BAK

04/02/2007 10:35 AM 327,720 avgnt.exe
1 File(s) 327,720 bytes

Directory of C:\PROGRA~1\APOINT\BAK

11/17/2004 11:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/16/2007 10:54 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\TIMTUR~1.33E\BAK

04/05/2005 10:38 AM 368,640 N100EM~1.EXE
1 File(s) 368,640 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 01:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 02:00 PM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/19/2006 02:41 AM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\SLYSOFT\ANYDVD\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\SONY\ISBUTI~1\BAK

02/20/2004 03:12 PM 32,768 ISBMgr.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\SONY\VAIOCA~1\BAK

12/27/2005 02:58 PM 69,632 VCUServe.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\SONY\VAIOPO~1\BAK

06/27/2006 07:24 PM 217,088 SPMgr.exe
1 File(s) 217,088 bytes

Directory of C:\PROGRA~1\SONY\VAIOUP~2\BAK

01/25/2007 09:41 PM 546,936 VAIOUpdt.exe
1 File(s) 546,936 bytes

Directory of C:\PROGRA~1\SONY\WIRELE~1\BAK

02/14/2006 01:11 PM 176,128 Switcher.exe
1 File(s) 176,128 bytes

Directory of C:\PROGRA~1\COMMON~1\AHEAD\LIB\BAK

03/09/2007 06:53 PM 153,136 NeroCheck.exe
03/12/2007 01:49 PM 153,136 NMBgMonitor.exe
2 File(s) 306,272 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK

03/22/2007 02:03 PM 171,448 GoogleToolbarNotifier.exe
1 File(s) 171,448 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

327720 May 22 2007 "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe"
327720 Apr 2 2007 "C:\Program Files\AntiVir PersonalEdition Classic\bak\avgnt.exe"
118784 Nov 17 2004 "C:\Program Files\Apoint\Apoint.exe"
118784 Nov 17 2004 "C:\Program Files\Apoint\bak\Apoint.exe"
23564 May 21 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
23564 May 21 2007 "C:\Program Files\TIM Turbo Manager2.33E\N100E Monitor.exe"
368640 Apr 5 2005 "C:\Program Files\TIM Turbo Manager2.33E\bak\N100EM~1.EXE"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
23564 May 21 2007 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 19 2006 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
23564 May 21 2007 "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
32768 Feb 20 2004 "C:\Program Files\Sony\ISB Utility\bak\ISBMgr.exe"
23564 May 21 2007 "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
69632 Dec 27 2005 "C:\Program Files\Sony\VAIO Camera Utility\bak\VCUServe.exe"
23564 May 21 2007 "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
217088 Jun 27 2006 "C:\Program Files\Sony\VAIO Power Management\bak\SPMgr.exe"
546936 Jan 25 2007 "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe"
546936 Jan 25 2007 "C:\Program Files\Sony\VAIO Update 3\bak\VAIOUpdt.exe"
23564 May 21 2007 "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
176128 Feb 14 2006 "C:\Program Files\Sony\Wireless Switch Setting Utility\bak\Switcher.exe"
23564 May 21 2007 "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
153136 Mar 9 2007 "C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe"
23564 May 21 2007 "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
153136 Mar 12 2007 "C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe"
52272 Mar 22 2007 "C:\Program Files\Google\googletoolbar2user.exe"
138168 Mar 22 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
23564 May 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
171448 Mar 22 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"

end of report

Fatemi sapere grazie

juninho85 · 02-07-2007, 16:49

esiste l'altra sezione dove si trattano le discussioni sulle infezioni

02-07-2007, 11:09	#1
Wildman Member Iscritto dal: May 2003 Messaggi: 82	Avira segnala Heur-Dblext crypted! Salve, da circa una settimana Avira mi segnala questo file infetto, per la precisione è un file dat.exe della cartella temp. Ho cercato informazioni sul sito ma è piuttosto vago, e cmq non riesco ad eliminarlo, mi aiutate? Il pc è un vaio VGN- con windows XP abbastanza aggiornato, per la cronaca internet explorer non funziona, appeno lo apro si blocca. Posto il log di Hijackthis: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 10:48:12 AM, on 7/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Sony\VAIO Camera Utility\bak\VCUServe.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe C:\Documents and Settings\David\Desktop\HiJackThis_v2.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PC98Monitor] "C:\PROGRA~1\TIMTUR~1.33E\N100EM~1.EXE" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - Startup: Check Windows Disk Protection.lnk = C:\Program Files\Microsoft Shared Computer Toolkit\CheckWDP.hta O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: .whataboutadog.com O15 - Trusted Zone: .whataboutarabit.com O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174564934055 O17 - HKLM\System\CCS\Services\Tcpip\..\{729A6DE9-77C6-41A1-A111-1796FEAB3E5B}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{D6A01A3F-80A3-4240-94A8-D997E99A2FAF}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SCTThresholdMonitor (SCTThresholdMon) - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: WDPOperations - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE -- End of file - 7918 bytes Ciao e grazie

02-07-2007, 12:07	#3
Bugs Bunny Senior Member Iscritto dal: Aug 2005 Città: Genova Messaggi: 3397	posta anche un log di findawf, per sicurezza __________________ Rimozione Worm/Rootkit Bagle - Rimozione Trojan Vundo - Rimozione virus MSN Messenger -Rimozione virus su chiavetta o errori di file mancante all'apertura del disco fisso - NT AUTHORITY SYSTEM spegne il pc ad ogni avvio. Cosa fare?(worm sasser/blaster/rustock) - Thread Ufficiale firewall software

02-07-2007, 11:13	#2
c.m.g Senior Member Iscritto dal: Mar 2006 Messaggi: 22114	fixa questi: O15 - Trusted Zone: .whataboutadog.com O15 - Trusted Zone: .whataboutarabit.com fai una passata con ccleaner e cambia browser a favore di più sicuri come opera o firefox con relativi plungin di sicurezza.

02-07-2007, 16:49	#5
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 28983	esiste l'altra sezione dove si trattano le discussioni sulle infezioni

Strumenti
Mostra una versione stampabile Invia questa pagina per email