Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 10 su 10
  1. 05-03-2010, 21:43 #1
    gius_p
    gius_p non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2010
    Messaggi
    6

    Non riesco a disconnettere hd usb malware??

    Da un paio di giorni ho probabilmente beccato un virus.
    Non riesco a rimuovere l'hard disk esterno.
    Ho f-secure come antivirus e dopo la scansione con l'hd collegato mi trova dei file infetti li elimino, riesco a disconnetre l'hd, ma al primo riavvio sono punto e a capo.
    ho fatto la scansione sia con perlovga che con combofix e succede sempre la stessa cosa, disconnetto l'hd ma al riavvio di nuovo stesso problema.
    Vi posto l'hijackthis in due parti.
    Grazie
    Gius_p

    Logfile of HijackThis v1.99.1
    Scan saved at 20.38.36, on 05/03/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc .exe
    C:\Programmi\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Programmi\Intel\WiFi\bin\EvtEng.exe
    C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Programmi\F-Secure\Common\FSMA32.EXE
    C:\Programmi\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Programmi\F-Secure\Common\FSMB32.EXE
    C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\Intel\AMT\LMS.exe
    C:\Programmi\Maxtor\Sync\SyncServices.exe
    C:\Programmi\F-Secure\Common\FCH32.EXE
    C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
    C:\Programmi\F-Secure\Common\FAMEH32.EXE
    C:\Programmi\F-Secure\Anti-Virus\fsqh.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Programmi\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\File comuni\Intel\Privacy Icon\PrivacyIconClient.exe
    C:\Programmi\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\Programmi\Lenovo\Rescue and Recovery\rrservice.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Programmi\Lenovo\HOTKEY\TPOSDSVC.exe
    c:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Programmi\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Programmi\Lenovo\HOTKEY\TPONSCR.exe
    C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.ex e
    C:\Programmi\Lenovo\Client Security Solution\cssauth.exe
    C:\Programmi\File comuni\Intel\Privacy Icon\UNS\UNS.exe
    C:\Programmi\F-Secure\Common\FSM32.EXE
    C:\Programmi\Lenovo\Zoom\TpScrex.exe
    C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Programmi\ThinkPad\Utilities\PWMDBSVC.exe
    C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    c:\programmi\lenovo\system update\suservice.exe
    C:\WINDOWS\V0420Mon.exe
    C:\Programmi\Java\jre6\bin\jusched.exe
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programmi\SWF Printer Pro\swfpagent.exe
    C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
    C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Programmi\F-Secure\Common\FNRB32.EXE
    C:\Programmi\F-Secure\Anti-Virus\fssm32.exe
    C:\Programmi\F-Secure\FSAUA\program\fsaua.exe
    C:\Programmi\F-Secure\Common\FIH32.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Programmi\ThinkPad\ConnectUtilities\SvcGuiHlpr. exe
    C:\Programmi\F-Secure\Anti-Virus\fsav32.exe
    C:\Programmi\F-Secure\FSGUI\fsguidll.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.itispininfarina.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [picon] "C:\Programmi\File comuni\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
    O4 - HKLM\..\Run: [TPFNF7] C:\Programmi\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Programmi\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrB kGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog
    O4 - HKLM\..\Run: [ACTray] C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.ex e
    O4 - HKLM\..\Run: [cssauth] "C:\Programmi\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [SWF Printer Agent] "C:\Programmi\SWF Printer Pro\swfpagent.exe"
    O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
    O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Programmi\Digital Line Detect\DLG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    Rispondi quotando Rispondi quotando
  2. 05-03-2010, 21:43 #2
    gius_p
    gius_p non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2010
    Messaggi
    6

    seconda parte hijackthis

    O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1231081139468
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ciscolearning.webex.com/clie...ng/ieatgpc.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5108/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A2731658-ED7F-4521-80AC-5D689115E203}: NameServer = 130.192.3.21,130.192.3.24
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: LBTWlgn - c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
    O20 - Winlogon Notify: tpfnf2 - C:\Programmi\Lenovo\HOTKEY\notifyf2.dll
    O20 - Winlogon Notify: tphotkey - C:\Programmi\Lenovo\HOTKEY\tphklock.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc .exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmi\F-Secure\Common\FNRB32.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programmi\F-Secure\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmi\F-Secure\Common\FSMA32.EXE
    O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Unknown owner - C:\Programmi\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.con f (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Programmi\Intel\AMT\LMS.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programmi\Maxtor\Sync\SyncServices.exe
    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programmi\ThinkPad\Utilities\PWMDBSVC.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\DX9\SessionLaun cher.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmi\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Programmi\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programmi\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programmi\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programmi\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Programmi\File comuni\Intel\Privacy Icon\UNS\UNS.exe
    Rispondi quotando Rispondi quotando
  3. 05-03-2010, 23:05 #3
    Conetti
    Conetti non è in linea
    Utente di HTML.it L'avatar di Conetti
    Registrato dal
    Feb 2009
    Messaggi
    2,323
    Fixa con HiJackThis le seguenti voci:
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\DX9\SessionLaun cher.exe (file missing)
    Al termine esegui una scansione mediante l'antivirus e Spybot Search & Destroy.
    Esegui una pulizia dell'HDD mediante Ccleaner ed installa tutti gli aggiornamenti disponibii da Windows Update.
    Riavvia il Pc e posta un nuovo log di HiJackThis.
    Fammi sapere come va
    Rispondi quotando Rispondi quotando
  4. 06-03-2010, 20:04 #4
    gius_p
    gius_p non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2010
    Messaggi
    6
    Ti ringrazio per l'aiuto.
    Proverò quanto mi hai indicato.
    L'antivirus ci metterà un pò di tempo: ho 2 TB di dischi.
    Appena finito ti faccio sapere
    gius_p
    Rispondi quotando Rispondi quotando
  5. 06-03-2010, 22:12 #5
    Conetti
    Conetti non è in linea
    Utente di HTML.it L'avatar di Conetti
    Registrato dal
    Feb 2009
    Messaggi
    2,323
    Ok, appena le operazioni sono terminate fammi sapere l'esito
    Rispondi quotando Rispondi quotando
  6. 07-03-2010, 12:20 #6
    gius_p
    gius_p non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2010
    Messaggi
    6
    Ho eseguito le operazioni nell'ordine indicato.
    Ho riavviato con gli hd collegati ma non riesco a disconnetterli, sempre solito messaggio:"Impossibile disattivare ora la periferica ..."
    Ti posto il nuovo log di hijackthis in due parti.

    Logfile of HijackThis v1.99.1
    Scan saved at 11.14.18, on 07/03/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc .exe
    C:\Programmi\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Programmi\Intel\WiFi\bin\EvtEng.exe
    C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Programmi\F-Secure\Common\FSMA32.EXE
    C:\Programmi\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Programmi\F-Secure\Common\FSMB32.EXE
    C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\Intel\AMT\LMS.exe
    C:\Programmi\Maxtor\Sync\SyncServices.exe
    C:\Programmi\F-Secure\Common\FCH32.EXE
    C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\F-Secure\Anti-Virus\fsqh.exe
    C:\Programmi\F-Secure\Common\FAMEH32.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
    C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Programmi\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Programmi\Lenovo\Rescue and Recovery\rrservice.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    c:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
    C:\Programmi\File comuni\Intel\Privacy Icon\PrivacyIconClient.exe
    C:\Programmi\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\Programmi\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\Programmi\File comuni\Intel\Privacy Icon\UNS\UNS.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Programmi\Lenovo\HOTKEY\TPONSCR.exe
    C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\Programmi\ThinkPad\Utilities\PWMDBSVC.exe
    C:\Programmi\Lenovo\Zoom\TpScrex.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
    C:\WINDOWS\system32\rundll32.exe
    c:\programmi\lenovo\system update\suservice.exe
    C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.ex e
    C:\Programmi\Lenovo\Client Security Solution\cssauth.exe
    C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Programmi\F-Secure\Common\FSM32.EXE
    C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\V0420Mon.exe
    C:\Programmi\Java\jre6\bin\jusched.exe
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programmi\SWF Printer Pro\swfpagent.exe
    C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Programmi\F-Secure\Common\FNRB32.EXE
    C:\Programmi\F-Secure\Common\FIH32.EXE
    C:\Programmi\F-Secure\FSAUA\program\fsaua.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Programmi\ThinkPad\ConnectUtilities\SvcGuiHlpr. exe
    C:\Programmi\F-Secure\Anti-Virus\fsav32.exe
    C:\Programmi\F-Secure\FSGUI\fsguidll.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.itispininfarina.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [picon] "C:\Programmi\File comuni\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
    O4 - HKLM\..\Run: [TPFNF7] C:\Programmi\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Programmi\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrB kGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog
    O4 - HKLM\..\Run: [ACTray] C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.ex e
    O4 - HKLM\..\Run: [cssauth] "C:\Programmi\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [SWF Printer Agent] "C:\Programmi\SWF Printer Pro\swfpagent.exe"
    O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
    O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Programmi\Digital Line Detect\DLG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe
    Rispondi quotando Rispondi quotando
  7. 07-03-2010, 12:20 #7
    gius_p
    gius_p non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2010
    Messaggi
    6
    O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1231081139468
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ciscolearning.webex.com/clie...ng/ieatgpc.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5108/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A2731658-ED7F-4521-80AC-5D689115E203}: NameServer = 130.192.3.21,130.192.3.24
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
    O20 - Winlogon Notify: LBTWlgn - c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
    O20 - Winlogon Notify: tpfnf2 - C:\Programmi\Lenovo\HOTKEY\notifyf2.dll
    O20 - Winlogon Notify: tphotkey - C:\Programmi\Lenovo\HOTKEY\tphklock.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc .exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmi\F-Secure\Common\FNRB32.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programmi\F-Secure\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmi\F-Secure\Common\FSMA32.EXE
    O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Unknown owner - C:\Programmi\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.con f (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Programmi\Intel\AMT\LMS.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programmi\Maxtor\Sync\SyncServices.exe
    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programmi\ThinkPad\Utilities\PWMDBSVC.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmi\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Programmi\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programmi\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programmi\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programmi\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Programmi\File comuni\Intel\Privacy Icon\UNS\UNS.exe
    Rispondi quotando Rispondi quotando
  8. 07-03-2010, 18:17 #8
    Habanero
    Habanero non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di Habanero
    Registrato dal
    Jun 2001
    Messaggi
    9,782
    Scarica Process Explorer e salvalo sul desktop.

    Prendi nota delle lettere delle unità che non riescono a disconnettersi (ed esempio D:, E:, F:, etc..)

    Riavvia il sistema e non aprire nessun file e nessuna cartella.

    Lancia Process Explorer. Quando sei nella pagina principale premi CTRL+F, ti si aprirà la pagina di ricerca di Handle e DDL. Nel box di ricerca digita la lettera della prima unita incriminata, ad es D:. (digita solo la lettera seguita dai due punti). Prendi nota dei campi Process e Handle or DLL di tutte le eventuali voci trovate.

    Fatto questo procedi per tutte le unità che non siano quella del SO ( C: )

    Posta qui i risultati.
    Leggi il REGOLAMENTO!

    E' molto complicato, un mucchio di input e output, una quantità di informazioni, un mucchio di elementi da considerare, ho una quantità di elementi da tener presente...
    Drugo
    Rispondi quotando Rispondi quotando
  9. 07-03-2010, 19:44 #9
    gius_p
    gius_p non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2010
    Messaggi
    6
    Credo di aver risolto grazie al consiglio di Habanero.
    Ho usato process exlporer e ho visto che un processo nokiamserver usava gli hd esterni.
    Ho ucciso il processo e gli hd li ho potuto rimuovere.
    Non era un virus ma il processo era legato ad un aggiornamento di nokia suite: ovi suite.
    Ho disinstallato il software e sembra che ora vada tutto bene.
    Grazie a Habanero e Conetti per i vostri consigli.
    Saluti
    gius_p
    Rispondi quotando Rispondi quotando
  10. 07-03-2010, 20:37 #10
    Conetti
    Conetti non è in linea
    Utente di HTML.it L'avatar di Conetti
    Registrato dal
    Feb 2009
    Messaggi
    2,323
    Originariamente inviato da gius_p
    Credo di aver risolto grazie al consiglio di Habanero.
    Ho usato process exlporer e ho visto che un processo nokiamserver usava gli hd esterni.
    Ho ucciso il processo e gli hd li ho potuto rimuovere.
    Non era un virus ma il processo era legato ad un aggiornamento di nokia suite: ovi suite.
    Ho disinstallato il software e sembra che ora vada tutto bene.
    Grazie a Habanero e Conetti per i vostri consigli.
    Saluti
    gius_p
    Prego
    Per problemi siamo qua
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.