trojan gen 32 e c:\eqqom.exe

[cbecher]

Mi sono iscritto al forum su consiglio di amici per risolvere un problema di un virus (o più di uno) che si sono inseriti nel mio pc dopo aver scaricato un messaggio di posta.
Il mio problema è il seguente: Ogni volta che mi collego ad internet,si installano in C:/ dei file e dialer.I messaggi che l'antivirus mi da sono :Trojan gen 32 [other]...
Dopo aver scaricato ATF cleanered aver ripulito i file,ho scaricato come richiesto nel forum i programmi antispyware seguenti (ed ho fatto le scansioni): EWIDO,Ad-Aware,SpyBot e CWShredder.Non avendo risolto il problema,ho fatto (come richiesto nel forum) una scansione online con Kaspersky Online Scanner ma ancora niente.
Il log di Hijackthis è quello riportato qui sotto (Volevo sapere quali sono le voci da eliminare).
Logfile of HijackThis v1.99.1
Scan saved at 23.57.53, on 03/03/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\installdmr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Programmi\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\SOUNDMAN.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\OPLIMIT\ocrawr32.exe
C:\Programmi\Brother\ControlCenter2\brctrcen.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a. exe
C:\WINNT\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmi\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
C:\Programmi\Sophos SWEEP for NT\ICMON.EXE
C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmi\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\BECHER~1\IMPOST~1\Temp\Rar$EX12.188\Hi jackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=c:\oplimit\ocraware.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a .exe" /source=HKLM
O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
O4 - Startup: Ulead Acquire Fast.lnk = C:\Programmi\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Controllo dello stato.lnk = C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Programmi\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02. EXE
O4 - Global Startup: InterCheck Monitor.LNK = C:\Programmi\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Scanner Detector.lnk = C:\Programmi\Microtek ScanSuite\SDetect.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: JPEG Image Optimisation Installation Driver (RegEditor) - Unknown owner - C:\WINNT\installdmr.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Programmi\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Programmi\Sophos SWEEP for NT\SWEEPSRV.SYS

Sono disperato.
Prima di cestinare il pc,chiedo se qualcuno sa eliminarmi questo virus.
Grazie

[OYS]

Devi fixare:

C:\WINNT\installdmr.exe (Malware.Trojan.Backdoor.Gen )

F3 - REG:win.ini: load=c:\oplimit\ocraware.exe

O4 - Global Startup: Controllo dello stato.lnk = C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe

O23 - Service: JPEG Image Optimisation Installation Driver (RegEditor) - Unknown owner - C:\WINNT\installdmr.exe

[tiratardi]

scusa sbagliato...avevo scritto di fixare due altri file...poi ho ricontrollato e stanno apposto...scusate

[cbecher]

Grazie,molto gentile: ho migliorato di molto la situazione,ma ancora,appena mi collego ad internet,mi appare un trojan gen 32 (prima me ne apparivano 4 in sequenza).
Ho fixato i 4 file che mi hai detto, ma appena rifaccio (su hijack) "do a sistem scan only", noto che il file c:/wint/installdmr.exe è ancora presente e non se ne va.
Inoltre,in C:/, ho permanentemente un file che non riesco a togliere chiamato "wpojymlv" che credo essere il problema.Quando lo seleziono e clicco Canc sulla tastiera,mi dice che è impossibile eliminare il file perchè è accesso negato perchè il file potrebbe essere in uso.
Avresti anche altre dritte per questo?
Grazie in anticipo.

[OYS]

Per eliminare wpojymlv usa KillBox.

Prova ad eliminare manualmente installdmr.exe, se non ci riesci scarica prevx

[cbecher]

Ma chi sei tu???
Sei stato incredibilmente efficace!!!!
Non so come ringraziarti....
Spero di aver risolto.Ora provo a riavviare il sistema.Altrimenti ti disturberò ancora...sei la mia unica salvezza....
Grazie davvero!!!!!!!!!

[OYS]

Originariamente inviato da cbecher
Ma chi sei tu???
Sei stato incredibilmente efficace!!!!
Non so come ringraziarti....
Spero di aver risolto.Ora provo a riavviare il sistema.Altrimenti ti disturberò ancora...sei la mia unica salvezza....
Grazie davvero!!!!!!!!!

[cbecher]

Ciao OYS
grazie ai tuoi preziosi consigli ho eliminato i virus ma credo non aver risolto al 100% in quanto ogni volta che mi collego mi si apre una finestra spam di internet ed ogni volta cercano di farmi scaricare una applicazione, rallentandomi il pc.Inoltre,aprendo hijack e facendo scan mi da errore 000000000000 e mi dice che la memoria non può essere read e mi fa chiudere l'applicazione.Riesce comunque a salvarmi il log che è il seguente:

Logfile of HijackThis v1.99.1
Scan saved at 18.25.39, on 05/03/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\Programmi\Prevx1\PXAgent.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Programmi\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\SOUNDMAN.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\Brother\ControlCenter2\brctrcen.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a. exe
C:\WINNT\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Prevx1\PXConsole.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
C:\Programmi\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
C:\Programmi\Sophos SWEEP for NT\ICMON.EXE
C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmi\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINNT\system32\WISPTIS.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a .exe" /source=HKLM
O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
O4 - Startup: Ulead Acquire Fast.lnk = C:\Programmi\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Programmi\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02. EXE
O4 - Global Startup: InterCheck Monitor.LNK = C:\Programmi\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Scanner Detector.lnk = C:\Programmi\Microtek ScanSuite\SDetect.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Programmi\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Programmi\Sophos SWEEP for NT\SWEEPSRV.SYS


Mi diresti se è tutto a posto o se devo intervenire in qualche altro modo???
Eventuali firewall validi?
Grazie 1000

[OYS]

Installa un firewall io ti consiglio Jetico, il migliore ed è free... Anche se è moolto difficile configurarlo, io ero riuscito a farlo attraverso questa guida divisa in due parti:

http://digilander.libero.it/f250gto/Jetico_1.pdf
http://digilander.libero.it/f250gto/Jetico_2.pdf

Il log sembra pulito a parte questo, lo conosci?:

C:\Programmi\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe

Hai un'antispyware?

[tognazzi]

Originariamente inviato da cbecher
Ma chi sei tu???
Sei stato incredibilmente efficace!!!!
Non so come ringraziarti....
Spero di aver risolto.Ora provo a riavviare il sistema.Altrimenti ti disturberò ancora...sei la mia unica salvezza....
Grazie davvero!!!!!!!!!

il mago di Garbagnate
je svulazzo so' mache