Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 8 1 2 3 ... ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 75
  1. 25-01-2008, 16:27 #1
    scarerow
    scarerow non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2008
    Messaggi
    40

    Virus e visualizzazione file nascosti

    Salve a tutti. sono nuovo del forum e ho bisogno di una mano per risolvere un problema che mi assilla gia per la seconda volta.
    negli ultimi giorni ho rilevato nel mio pc alcuni virus e oggi mi risulta impossibile visualizzare file e cartelle nascoste.
    ho usato hijack, killbox e ho sempre attivi avast e superantispyware, ma il maledetto continua ad appestare. posto il file di log di hijack nella speranza possiate darmi una mano. in passato era bastato modificare le chiavi di registro per tornare a visualizzare i file, ma oggi non riesco a farlo. avrei anche bisogno dei valori delle stringhe di registro relative alla visualizzazioe dei file nascosti. sperando nel vostro aiuto vi ringrazio anticipatamente.

    Logfile of HijackThis v1.99.1
    Scan saved at 15.19.28, on 25/01/08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programmi\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Programmi\NetLimiter 2 Pro\nlsvc.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\NetLimiter 2 Pro\NLClient.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\bcmntray.exe
    C:\Programmi\Apoint2K\Apntex.exe
    C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
    C:\Documents and Settings\Gabriele\Desktop\KillBox.exe
    C:\Documents and Settings\Gabriele\Desktop\programs\cleaner\HijackT his.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O1 - Hosts: 62.149.206.232 l2authd.lineage2.com #LaContea
    O1 - Hosts: 62.149.206.232 L2testauthd.lineage2.com #LaContea
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users\Documenti\Stardock\WindowBlinds\WBInstall32. exe
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
    O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programmi\NetLimiter 2 Pro\nlsvc.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    Rispondi quotando Rispondi quotando
  2. 25-01-2008, 16:52 #2
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    trovi le voci da modificare da qui in poi: http://forum.html.it/forum/showthrea...&pagenumber=3.
    Prova a saltare "NoFolderOptions" e vedi se modificando solo le altre 3 voci si sistema tutto.

    Ciao
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  3. 25-01-2008, 16:58 #3
    scarerow
    scarerow non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2008
    Messaggi
    40
    avevo gia letto il post il problema e' che devo modificare due voci: checked value e default value e mi servirebbero entrambi i valori.

    per il resto il log e' pulito?
    Rispondi quotando Rispondi quotando
  4. 25-01-2008, 18:27 #4
    scarerow
    scarerow non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2008
    Messaggi
    40
    up
    Rispondi quotando Rispondi quotando
  5. 25-01-2008, 18:27 #5
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    no, non lo è..
    c'è questa:
    O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll

    se hai una pen drive, inseriscila e fai una scansione con Kaspersky_virusscanner. Posta i risultati.
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  6. 25-01-2008, 18:29 #6
    scarerow
    scarerow non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2008
    Messaggi
    40
    cmq ho provato a modificare le chiavi di registro con l'effetto di poter visualizzare i file nascosti fintanto che non accedo a \:C. dopo diche il registro sballa di nuovo. per di piu il virus amvo.exe e' ancora presente.
    Rispondi quotando Rispondi quotando
  7. 25-01-2008, 18:49 #7
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    da kaspersky dovrebbe risultare sia l'uno che l'altro.

    per quanto riguarda l'altra domanda..

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

    presi dal mio registro:

    Nome CheckedValue
    Tipo REG_DWORD
    Dati 0x1


    Nome DefaultValue
    Tipo REG_DWORD
    Dati 0x2
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  8. 26-01-2008, 12:28 #8
    scarerow
    scarerow non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2008
    Messaggi
    40
    dunque dopo una nmottata di scan combinato di antispyware e antivirus ho trovato e rimosso un bel po di roba.

    questo il risultato dello scan di avast. i file nel cestino sono stati eliminati apparentemente con successo.

    [I]* Operazione 'Protezione residente' usata
    * Avviato venerdì 25 gennaio 2008 17.19.34
    * VPS: 080125-2, 01/25/2008
    *

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DC5EBFB8-B83D-4EE7-81B3-17203FDA06EC}\RP451\A0291865.COM [L] Win32:OnLineGames-BOL [Trj] (0)
    File spostato con successo nel cestino...
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{DC5EBFB8-B83D-4EE7-81B3-17203FDA06EC}\RP451\A0291903.EXE\[UPX] [L] Win32:VB-GDG [Trj] (0)
    Durante lo spostamento al cestino, c'è stato un errore: File non compresso.
    Durante lo spostamento al cestino, c'è stato un errore: File non compresso.
    C:\WINDOWS\SYSTEM32\AVPO0.DLL [L] Win32:Trojan-gen {Other} (0)
    File spostato con successo nel cestino...
    C:\WINDOWS\SYSTEM32\AVPO1.DLL [L] Win32:Trojan-gen {Other} (0)
    Durante lo spostamento al cestino, c'è stato un errore: File non compresso.
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\IMPOSTAZI ONI LOCALI\TEMPORARY INTERNET FILES\CONTENT.IE5\0XMV4LMN\SERVER[1].DLL [L] Win32:Trojan-gen {Other} (0)
    File spostato con successo nel cestino...
    D:\NTDE1ECT.COM [L] Win32:OnLineGames-BOL [Trj] (0)
    File spostato con successo nel cestino...
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{40B70121-7FC1-4057-9C2D-765003B2A806}\RP177\A0027646.COM [L] Win32:OnLineGames-BOL [Trj] (0)
    File spostato con successo nel cestino...
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{40B70121-7FC1-4057-9C2D-765003B2A806}\RP177\A0027682.COM [L] Win32:OnLineGames-BOL [Trj] (0)
    File spostato con successo nel cestino...
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{40B70121-7FC1-4057-9C2D-765003B2A806}\RP178\A0027811.COM [L] Win32:OnLineGames-BOL [Trj] (0)
    File spostato con successo nel cestino...
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{40B70121-7FC1-4057-9C2D-765003B2A806}\RP179\A0027897.COM [L] Win32:OnLineGames-BOL [Trj] (0)
    File spostato con successo nel cestino...
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{40B70121-7FC1-4057-9C2D-765003B2A806}\RP180\A0027912.COM [L] Win32:OnLineGames-BOL [Trj] (0)
    File spostato con successo nel cestino...
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{40B70121-7FC1-4057-9C2D-765003B2A806}\RP181\A0027925.COM [L] Win32:OnLineGames-BOL [Trj] (0)
    File spostato con successo nel cestino...
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{40B70121-7FC1-4057-9C2D-765003B2A806}\RP182\A0028128.COM [L] Win32:OnLineGames-BOL [Trj] (0)
    File spostato con successo nel cestino...
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{40B70121-7FC1-4057-9C2D-765003B2A806}\RP183\A0028223.COM [L] Win32:OnLineGames-BOL [Trj] (0)
    File spostato con successo nel cestino...
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{40B70121-7FC1-4057-9C2D-765003B2A806}\RP184\A0028379.COM [L] Win32:OnLineGames-BOL [Trj] (0)
    File spostato con successo nel cestino...
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{DC5EBFB8-B83D-4EE7-81B3-17203FDA06EC}\RP452\A0292981.COM [L] Win32:OnLineGames-BOL [Trj] (0)
    File spostato con successo nel cestino...
    *
    * Rapporto avast!
    * Questo file è generato automaticamente
    *
    * Operazione 'Protezione residente' usata
    * Avviato sabato 26 gennaio 2008 11.09.37
    * VPS: 080125-2, 01/25/2008
    *[I]


    quindi il log di hijack subito dopo lo scan

    Logfile of HijackThis v1.99.1
    Scan saved at 11.03.59, on 26/01/08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programmi\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Programmi\NetLimiter 2 Pro\nlsvc.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\NetLimiter 2 Pro\NLClient.exe
    C:\Programmi\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\Apoint2K\Apntex.exe
    C:\WINDOWS\system32\bcmntray.exe
    C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Documents and Settings\Gabriele\Desktop\programs\cleaner\HijackT his.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O1 - Hosts: 62.149.206.232 l2authd.lineage2.com #LaContea
    O1 - Hosts: 62.149.206.232 L2testauthd.lineage2.com #LaContea
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users\Documenti\Stardock\WindowBlinds\WBInstall32. exe
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
    O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programmi\NetLimiter 2 Pro\nlsvc.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    Rispondi quotando Rispondi quotando
  9. 26-01-2008, 12:28 #9
    scarerow
    scarerow non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2008
    Messaggi
    40
    ed ecco il log di hijack dopo il riavvio del pc che tra parentesi ha disabilitati i restore

    Logfile of HijackThis v1.99.1
    Scan saved at 11.21.49, on 26/01/08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programmi\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Programmi\NetLimiter 2 Pro\nlsvc.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\NetLimiter 2 Pro\NLClient.exe
    C:\Programmi\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\Apoint2K\Apntex.exe
    C:\WINDOWS\system32\bcmntray.exe
    C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
    C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Documents and Settings\Gabriele\Desktop\programs\cleaner\HijackT his.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O1 - Hosts: 62.149.206.232 l2authd.lineage2.com #LaContea
    O1 - Hosts: 62.149.206.232 L2testauthd.lineage2.com #LaContea
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users\Documenti\Stardock\WindowBlinds\WBInstall32. exe
    O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
    O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programmi\NetLimiter 2 Pro\nlsvc.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


    si puo sempre notare l'amvo.exe.
    ragazzi ho bisogno di una mano

    per di piu le cartelle nascoste non si fanno vedere. ho impostato le chiavi sotto SHOWALL come dicevi tu, ma mi servirebbero anche i parametri sotto NOHIDDEN
    e sotto HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced alle voci Hidden, ShowsuperHidden, SuperHidden, dato che non cambia nulla e potrebbe dipendere da una cominazione errata di stringhe (anche se credo sempre sia proprio il virus che si nasconde e non vuole essere trovato )Grazie.
    Rispondi quotando Rispondi quotando
  10. 26-01-2008, 12:31 #10
    scarerow
    scarerow non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2008
    Messaggi
    40
    Tra parentesi sto notando ora che tra le voci di registro in esecuzione all'avvio c'e' la voce avma che e' relativo all'eseguibile avmo.exe che e' il maledetto untore. devo cancellarlo dal registro? potrebbe essere una soluzione?
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.