Home News Guide Hardware Download Forum Glossario

Condividi:        

ho beccato un virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

ho beccato un virus

Postdi gigiv77 » 20/10/07 12:16

Ciao ragazzi una volta ogni sei mesi in media ho bisogno di voi!!
il pc andava lento quindi preoccupato ho fatto una scansione con avast che ha trovato i seguenti virus:

20/10/2007 10.59.38 Gigi 3364 Sign of "Win32:Agent-US [Trj]" has been found in "C:\hiberfil.sys" file.

19/10/2007 16.07.46 Gigi 3800 Sign of "Win32:Agent-AWB [Adw]" has been found in "D:\System Volume Information\_restore{83A38AD4-F094-4EFF-8D9C-E5DFB4F59C96}\RP56\A0007987.exe\$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSave_Installer.exe" file.

19/10/2007 16.07.24 Gigi 3800 Sign of "Win32:Agent-AWB [Adw]" has been found in "D:\System Volume Information\_restore{83A38AD4-F094-4EFF-8D9C-E5DFB4F59C96}\RP56\A0007983.exe\$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSave_Installer.exe" file.

19/10/2007 15.23.39 Gigi 3800 Sign of "Win32:Agent-AWB [Adw]" has been found in "D:\Documents and Settings\Gigi\Documenti\Documenti\Nuova cartella (2)\fOOTBALL MANAGER FILE VARI\daemon4091-x86.exe\$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSave_Installer.exe" file.

19/10/2007 15.19.48 Gigi 3800 Sign of "Win32:Agent-AWB [Adw]" has been found in "D:\Documents and Settings\Gigi\Documenti\Documenti\fOOTBALL MANAGER FILE VARI\daemon4091-x86.exe\$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSave_Installer.exe" file.

19/10/2007 14.04.16 Gigi 3800 Sign of "Win32:Agent-US [Trj]" has been found in "C:\hiberfil.sys" file.

Cosa devo fare???
Grazie a tutti
gigiv77
Utente Junior
 
Post: 27
Iscritto il: 20/10/06 13:43
Top
Sponsor
 

Postdi gigiv77 » 20/10/07 12:24

eccovi il log di hjackthis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13.21.53, on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
D:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
D:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
D:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
D:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Programmi\TomTom HOME\TomTomHOME.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
D:\Programmi\MSN Messenger\MsnMsgr.Exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programmi\iPass\iPassConnect Bacardi\iPCAgent.exe
D:\Programmi\Network Associates\Common Framework\FrameworkService.exe
D:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
D:\Programmi\OpenOffice.org 2.3\program\soffice.exe
D:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
D:\Programmi\iPass\iPassConnect Bacardi\downloader\ipccheck.exe
D:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe
D:\Programmi\Network Associates\VirusScan\Mcshield.exe
D:\Programmi\H3G\3G HSDPA Wireless Modem MD-@\WirelessCard.exe
D:\Programmi\Outlook Express\msimn.exe
D:\Programmi\Internet Explorer\iexplore.exe
D:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
D:\Documents and Settings\Gigi\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ngohq.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPEnh] D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] D:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [nTrayFw] D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = D:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://D:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://torinohub2.tor.it.bl.bacardi.net/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0554746718
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://torinohub2.tor.it.bl.bacardi.net/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC884154-9995-4958-8F9A-CBDA7C731D18}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCC71090-C4CD-4560-A613-B072D04A9AFE}: NameServer = 62.13.171.1 62.13.171.2
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - D:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPassConnectEngine - iPass - D:\Programmi\iPass\iPassConnect Bacardi\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - D:\Programmi\iPass\iPassConnect Bacardi\iPCAgent.exe
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - D:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10558 bytes
gigiv77
Utente Junior
 
Post: 27
Iscritto il: 20/10/06 13:43
Top

Postdi Pao1o » 20/10/07 12:57

Ma avast non te li elimina?
Cmq molti stanno in ripristino configurazioni.

Quindi click risorse del computer\proprietà
scheda ripristino
spunto su disattiva rispristino. (ricordati di togliere lo spunto alla fine di tutto)

Fai una scansione con adaware e spybot aggiornati (dalla sez. download\antispyware)

Poi rifai il log e lo riposti e\o lo controlli qui
http://www.hijackthis.de/it
Immagine
Avatar utente
Pao1o
Utente Senior
 
Post: 1375
Iscritto il: 23/10/05 12:58
Località: non scrivo più su questo forum per divergenze
Top

Postdi gigiv77 » 20/10/07 19:03

credo di non aver risolto anche se avast non trova nulla.
Logfile of HijackThis v1.99.1
Scan saved at 19.58.33, on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
D:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
D:\Programmi\iPass\iPassConnect Bacardi\iPCAgent.exe
D:\Programmi\Network Associates\Common Framework\FrameworkService.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
D:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
D:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
D:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
D:\Programmi\TomTom HOME\TomTomHOME.exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\MSN Messenger\MsnMsgr.Exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\OpenOffice.org 2.3\program\soffice.exe
D:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
D:\Programmi\iPass\iPassConnect Bacardi\downloader\ipccheck.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Programmi\Network Associates\VirusScan\Mcshield.exe
D:\Programmi\Alwil Software\Avast4\ashSimpl.exe
D:\Programmi\H3G\3G HSDPA Wireless Modem MD-@\WirelessCard.exe
D:\Programmi\Internet Explorer\iexplore.exe
D:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Programmi\WinRAR\WinRAR.exe
D:\DOCUME~1\Gigi\IMPOST~1\Temp\Rar$EX01.203\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ngohq.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] D:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [nTrayFw] D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.3.lnk = D:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://D:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://torinohub2.tor.it.bl.bacardi.net/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0554746718
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://torinohub2.tor.it.bl.bacardi.net/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC884154-9995-4958-8F9A-CBDA7C731D18}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCC71090-C4CD-4560-A613-B072D04A9AFE}: NameServer = 62.13.171.1 62.13.171.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - D:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPassConnectEngine - iPass - D:\Programmi\iPass\iPassConnect Bacardi\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - D:\Programmi\iPass\iPassConnect Bacardi\iPCAgent.exe
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - D:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
gigiv77
Utente Junior
 
Post: 27
Iscritto il: 20/10/06 13:43
Top

Postdi gigiv77 » 22/10/07 17:26

ragazzi il problema è serio!!
Ci mette un'ora (o quasi) ad avviarsi ed è lentissimo!
il log vi sembra pulito?
grazie a tutti
gigiv77
Utente Junior
 
Post: 27
Iscritto il: 20/10/06 13:43
Top

Postdi Pao1o » 23/10/07 12:02

Hai visto anche tu: dal log non sembrano esserci problemi serissimi.
Non gli piace la nvidia nel d.
Nel c: hai nvidia?
Cosa ci fa nel d: ?

Però che ci metta un'ora ad avviarsi non è bello.
Se avvii in modalità provvisoria, quanto ci mette?

prova start\esegui
digita
msconfig
vai nella scheda avvio
e togli più spunti possibili.

prova anche start\esegui
digita
eventvwr.msc
e controlla dove sono il maggior numero di errori.

Non penso tanto a un virus, ma a qualche periferica che non funziona bene (forse proprio la nvidia segnalata)

Da gestione periferiche cosa ti dice?

Hai provato con everest a lanciarlo e controllare e aggiornare vari driver?

facci sapere come va in modalità provvisoria (schiacci ripetutamente f8 al riavvio) e gli errori dal registratore eventi.
poi se hai nvidia nel c e cosa ci fa nel d.

In casi estremi come il tuo, forse pensare ad una formattazione non è idea peregrina.....

Ciao
Immagine
Avatar utente
Pao1o
Utente Senior
 
Post: 1375
Iscritto il: 23/10/05 12:58
Località: non scrivo più su questo forum per divergenze
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "ho beccato un virus":

virus spagnolo nel router??
Autore: anm2004 		Forum: Sicurezza e Privacy
Risposte: 1
problema virus allo smart phone
Autore: terrybella 		Forum: Sicurezza e Privacy
Risposte: 8
Virus posta elettronica
Autore: libeccio20 		Forum: Sicurezza e Privacy
Risposte: 5
Problema tasto destro mouse, virus?
Autore: loyvaught 		Forum: Sicurezza e Privacy
Risposte: 1
virus ? spam? o cosa
Autore: loyvaught 		Forum: Sicurezza e Privacy
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 41 ospiti