Webisland.net Forum - Visualizza un messaggio singolo

enzofisico · 25-11-2007, 04:01

Trovato...Ecco il log di avenger....

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\jgxunnmi

*******************

Script file located at: \??\C:\Documents and Settings\hpwchemu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\hidr.exe deleted successfully.
File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.

File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034

File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\WINDOWS\emMON.exe deleted successfully.

Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034

Folder C:\WINDOWS\exefld deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.

Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRO SA not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRO SA failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRO SA
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI 32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI 32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI 32
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Sn riuscito ad installare nod32...e quest'ulitmo mi da molti file infetti...ti rimando il log con hjt fatto dopo l'installazione di nod32, eccolo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4.00.56, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
C:\Programmi\Rainlendar2\Rainlendar2.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\qpkpawaa.exe
C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Documents and Settings\AcerEnzo\Documenti\Roba di Enzo acer\power menu\PowerMenu.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\DOCUME~1\AcerEnzo\IMPOST~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Eset\nod32.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.d ll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programmi\Stardock\WinCustomize\BootSkin\BootSk in.exe" /StartupJobs
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Diagnostica SpeedTouch USB] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [emMON] emMON.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Programmi\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\qmvkthqy.dll",b
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\ghpshkkb.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] c:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Rainlendar2] C:\Programmi\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Collegamento a PowerMenu.exe.lnk = C:\Documents and Settings\AcerEnzo\Documenti\Roba di Enzo acer\power menu\PowerMenu.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe (User 'Default user')
O4 - .DEFAULT Startup: Collegamento a PowerMenu.exe.lnk = C:\Documents and Settings\AcerEnzo\Documenti\Roba di Enzo acer\power menu\PowerMenu.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Startup: Collegamento a PowerMenu.exe.lnk = C:\Documents and Settings\AcerEnzo\Documenti\Roba di Enzo acer\power menu\PowerMenu.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CFB1D23-479F-48F9-BC78-2333C734EEE6}: NameServer = 193.70.152.15,193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CFB1D23-479F-48F9-BC78-2333C734EEE6}: NameServer = 193.70.152.15,193.70.152.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CFB1D23-479F-48F9-BC78-2333C734EEE6}: NameServer = 193.70.152.15,193.70.152.25
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qpkpawaa.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

--
End of file - 12291 bytes

Aspetto risposta coolness...grazie mille!Ciao, Enzo.

25-11-2007, 04:01	#30 (permalink)
enzofisico Utente Membro Junior Data di registrazione: Nov 2007 Messaggi: 4	log avenger... Trovato...Ecco il log di avenger.... Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Service s\jgxunnmi ***************** Script file located at: \??\C:\Documents and Settings\hpwchemu.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: File C:\WINDOWS\system32\drivers\hidr.exe deleted successfully. File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully. File C:\WINDOWS\system32\wintems.exe not found! Deletion of file C:\WINDOWS\system32\wintems.exe failed! Could not process line: C:\WINDOWS\system32\wintems.exe Status: 0xc0000034 File C:\WINDOWS\system32\hldrrr.exe not found! Deletion of file C:\WINDOWS\system32\hldrrr.exe failed! Could not process line: C:\WINDOWS\system32\hldrrr.exe Status: 0xc0000034 File C:\WINDOWS\system32\trusted.exe not found! Deletion of file C:\WINDOWS\system32\trusted.exe failed! Could not process line: C:\WINDOWS\system32\trusted.exe Status: 0xc0000034 File C:\WINDOWS\system32\drivers\pci32.sys not found! Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed! Could not process line: C:\WINDOWS\system32\drivers\pci32.sys Status: 0xc0000034 File C:\WINDOWS\emMON.exe deleted successfully. Folder C:\WINDOWS\exefnd not found! Deletion of folder C:\WINDOWS\exefnd failed! Could not process line: C:\WINDOWS\exefnd Status: 0xc0000034 Folder C:\WINDOWS\exefld deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRO SA not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRO SA failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRO SA Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\pci32 Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI 32 not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI 32 failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI 32 Status: 0xc0000034 Completed script processing. ***************** Finished! Terminate. Sn riuscito ad installare nod32...e quest'ulitmo mi da molti file infetti...ti rimando il log con hjt fatto dopo l'installazione di nod32, eccolo: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4.00.56, on 25/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Intel\Wireless\Bin\EvtEng.exe C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Acer\Empowering Technology\admtray.exe C:\Programmi\a-squared Free\a2service.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\WINDOWS\RTHDCPL.EXE C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Programmi\Acer\OrbiCam\CameraAssistant.exe C:\Acer\Empowering Technology\admServ.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\Rundll32.exe C:\Programmi\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe C:\Programmi\Rainlendar2\Rainlendar2.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\WINDOWS\system32\qpkpawaa.exe C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Programmi\File comuni\LightScribe\LSSrvc.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe C:\Programmi\CyberLink\Shared Files\RichVideo.exe C:\Documents and Settings\AcerEnzo\Documenti\Roba di Enzo acer\power menu\PowerMenu.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\DOCUME~1\AcerEnzo\IMPOST~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Eset\nod32.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.d ll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programmi\Stardock\WinCustomize\BootSkin\BootSk in.exe" /StartupJobs O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Diagnostica SpeedTouch USB] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [emMON] emMON.exe O4 - HKLM\..\Run: [UVS11 Preload] C:\Programmi\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\qmvkthqy.dll",b O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\ghpshkkb.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] c:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Rainlendar2] C:\Programmi\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hidr.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Collegamento a PowerMenu.exe.lnk = C:\Documents and Settings\AcerEnzo\Documenti\Roba di Enzo acer\power menu\PowerMenu.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe (User 'Default user') O4 - .DEFAULT Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe (User 'Default user') O4 - .DEFAULT Startup: Collegamento a PowerMenu.exe.lnk = C:\Documents and Settings\AcerEnzo\Documenti\Roba di Enzo acer\power menu\PowerMenu.exe (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Startup: Collegamento a PowerMenu.exe.lnk = C:\Documents and Settings\AcerEnzo\Documenti\Roba di Enzo acer\power menu\PowerMenu.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0CFB1D23-479F-48F9-BC78-2333C734EEE6}: NameServer = 193.70.152.15,193.70.152.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{0CFB1D23-479F-48F9-BC78-2333C734EEE6}: NameServer = 193.70.152.15,193.70.152.25 O17 - HKLM\System\CS2\Services\Tcpip\..\{0CFB1D23-479F-48F9-BC78-2333C734EEE6}: NameServer = 193.70.152.15,193.70.152.25 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qpkpawaa.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe (file missing) O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe -- End of file - 12291 bytes Aspetto risposta coolness...grazie mille!Ciao, Enzo.