|
|||||||
|
|
|
 |
|
|
Strumenti |
23-02-2010, 16:39
|
#1 |
|
Junior Member
Iscritto dal: Sep 2009
Messaggi: 2
|
Aiuto... propstor.bk1 e bk2
Nella cartella C:\System Volume Information\ del mio PC
c'è una cartella che si chiama "catalog.wci". Premesso che per stare lontano dai virus ho sempre tenuto disattivato il Ripristino Configurazione di Sistema e che ultimamente il mio Antivir mi ha dato parecchi virus ALLEGANDO (sotto) il report di HijackThis spero che qualcuno mi possa aiutare. Saluti. Luca ----------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16.36.55, on 23/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\Programmi\Avira\AntiVir Desktop\avmailc.exe C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Programmi\ComfyHotelReservationServer\SERVER\bin\fbguard.exe C:\Programmi\FolderSize\FolderSizeSvc.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\VEXPLite\viritsvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\VEXPLite\MONLITE.EXE C:\Documents and Settings\All Users\Menu Avvio\Programmi\WFlip050\WinFlip.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\VEXPLite\VIRITEXP.EXE C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: D - {6949488D-B7AE-3952-AF22-64F439B0CB24} - C:\WINDOWS\system32\xwr95655.dll (file missing) O2 - BHO: DepositFiles.com BHO - {9DFE2FE9-CF99-4ADF-A28E-9B5ADB8DC74F} - C:\PROGRA~1\DEPOSI~1\DEPOSI~1.DLL O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O3 - Toolbar: Deposit IE Toolbar - {6AA40521-14E7-4B1D-B1B4-98528C1388C9} - C:\PROGRA~1\DEPOSI~1\DEPOSI~1.DLL O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE" O4 - HKLM\..\Run: [Alcmtr] "ALCMTR.EXE" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SkyE] C:\Programmi\SkyE2A\SkyE2A.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [OSSelectorReinstall] "C:\Programmi\File comuni\Acronis\Acronis Disk Director\oss_reinstall.exe" O4 - HKLM\..\Run: [OODefragTray] "C:\WINDOWS\system32\oodtray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QT Lite\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Programmi\Taskbar Shuffle\taskbarshuffle.exe O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Administrator\Dati applicazioni\drivers\winupgro.exe O4 - HKCU\..\Run: [PhoneDaemon] C:\Documents and Settings\Administrator\Desktop\iPhone\iPhone_Pc_Suite_by_iSpazio\iPhone PC Suite\PhoneDaemon.exe O4 - HKCU\..\Run: [iPhone PC Suite] C:\Programmi\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Zq1.exe O4 - HKCU\..\Run: [msdtctr.exe] C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\msdtctr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - S-1-5-18 Startup: WinFlip.exe.lnk = C:\Documents and Settings\All Users\Menu Avvio\Programmi\WFlip050\WinFlip.exe (User 'SYSTEM') O4 - .DEFAULT Startup: WinFlip.exe.lnk = C:\Documents and Settings\All Users\Menu Avvio\Programmi\WFlip050\WinFlip.exe (User 'Default user') O4 - .DEFAULT User Startup: WinFlip.exe.lnk = C:\Documents and Settings\All Users\Menu Avvio\Programmi\WFlip050\WinFlip.exe (User 'Default user') O4 - Startup: WinFlip.exe.lnk = C:\Documents and Settings\All Users\Menu Avvio\Programmi\WFlip050\WinFlip.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Download all with DF Manager - {D5AD327A-A089-4F04-89FD-4EA9812B3913} - C:\PROGRA~1\DEPOSI~1\DEPOSI~1.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{E3B8AF18-F711-44F6-9C89-2205C379A226}: NameServer = 62.211.69.150,212.48.4.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{F2E4B432-42DF-4C34-AC7E-E1F7D8300E1B}: NameServer = 62.211.69.150,212.48.4.15 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: prio.dll O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Documenti\Settings\cbss.dll (file missing) O21 - SSODL: OAVIEClockClass - {576e1d8a-f984-4fbb-8567-05b3d01894cf} - C:\Programmi\File comuni\OAVIEClock\OAVIEClockClass.dll O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Programmi\ComfyHotelReservationServer\SERVER\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Programmi\ComfyHotelReservationServer\SERVER\bin\fbserver.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Programmi\FolderSize\FolderSizeSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe O23 - Service: Servizio di condivisione in rete Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Programmi\Windows Media Player\WMPNetwk.exe (file missing) O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Programmi\Webroot\WebrootSecurity\WRConsumerService.exe -- End of file - 11396 bytes |
|
|
23-02-2010, 16:52
|
#2 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Ciao, per il controllo del log di HJT esiste un 3D dedicato http://www.hwupgrade.it/forum/showthread.php?t=937676 allegalo nel rispetto delle Regole indicate in prima pagina.
Chiudo
__________________
Try again and you will be luckier.
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 06:45.
