IN QUESTI GIORNI MI SONO CAPITATE SVARIATE COSE "STRANE" SUL MIO PC CHE UTILIZZO AL LAVORO.
PRIMA DI TUTTO FACCIO PRESENTE CHE UTILIZZO UNA WORKSTATION DELLA HP XW6000 CON 2GB DI RAM SULLA QUALE FACCIO GIRARE PROGRAMMI DEL TIPO AUTOCAD2007 E RHINOCEROS PER IL DIS MECCANICO ED IL PC E' COLLEGATO AD UNA RETE AZIENDALE DI 9 PC.
IL PRIMO PROBLEMA DERIVA DAL FATTO CHE DA SABATO NON PARTONO PIU' GLI APPLICATIVI AUTOESK DANDO UN ERRORE DI PROTEZIONE E IL SECONDO DA EXPLORER CHE MI DA' UN ERRORE LEGATO AL SERVICES.EXE.
PREMETTO CHE HO GIROVAGATO UN PO' SU QUESTO FORUM PRIMA DI RICHIEDERE AIUTO ED HO GIA PROVVEDUTO A FARE UNA SCANSIONE CON SCANGUI IN MODALITA' PROVVISORIA ( RIPORTO A SEGUITO IL RISULTATO)
McAfee VirusScan for Win32 v5.10.0
Copyright (c) 1992-2006 McAfee, Inc. All rights reserved.
(408) 988-3832 LICENSED COPY - May 26 2006
Scan engine v5.1.00 for Win32.
Virus data file v4982 created Mar 12 2007
Scanning for 235220 viruses, trojans and variants.
03/13/2007 11:21:08
Options:
"C:\" /CLEAN /SUB /UNZIP /ALL /RPTCOR /RPTERR /REPORT C:\DOCUME~1\ADMINI~1\IMPOST~1\TEMP\SCAN.TXT
Scanning C: [ANDREA]
Scanning C:\*.*
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1157549e-384f4f84.zip\GETACCESS.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1157549e-384f4f84.zip\INSECURECLASSLOADER.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1157549e-384f4f84.zip\DUMMY.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1157549e-384f4f84.zip\INSTALLER.CLASS ... Found the Exploit-ByteVerify trojan !!!
File not renamed - could be archive or compound file.
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1157549e-38fec8cd.zip\GETACCESS.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1157549e-38fec8cd.zip\INSECURECLASSLOADER.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1157549e-38fec8cd.zip\DUMMY.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1157549e-38fec8cd.zip\INSTALLER.CLASS ... Found the Exploit-ByteVerify trojan !!!
File not renamed - could be archive or compound file.
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1157549e-4db1280a.zip\GETACCESS.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1157549e-4db1280a.zip\INSECURECLASSLOADER.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1157549e-4db1280a.zip\DUMMY.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1157549e-4db1280a.zip\INSTALLER.CLASS ... Found the Exploit-ByteVerify trojan !!!
File not renamed - could be archive or compound file.
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2dcec540-14410ddd.zip\GETACCESS.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2dcec540-14410ddd.zip\INSECURECLASSLOADER.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2dcec540-14410ddd.zip\DUMMY.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2dcec540-14410ddd.zip\INSTALLER.CLASS ... Found the Exploit-ByteVerify trojan !!!
File not renamed - could be archive or compound file.
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2dcec540-3163f0f3.zip\GETACCESS.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2dcec540-3163f0f3.zip\INSECURECLASSLOADER.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2dcec540-3163f0f3.zip\DUMMY.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2dcec540-3163f0f3.zip\INSTALLER.CLASS ... Found the Exploit-ByteVerify trojan !!!
File not renamed - could be archive or compound file.
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f7b51e5-492a19d0.zip\GETACCESS.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f7b51e5-492a19d0.zip\INSTALLER.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f7b51e5-492a19d0.zip\NEWSECURITYCLASSLOADER.CLASS ... Found the Generic Downloader.v trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f7b51e5-492a19d0.zip\NEWURLCLASSLOADER.CLASS ... Found the Exploit-ByteVerify trojan !!!
File not renamed - could be archive or compound file.
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv649.jar-26efba3f-6885a299.zip\MATRIX.CLASS ... Found the JV/Shinwow trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv649.jar-26efba3f-6885a299.zip\COUNTER.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv649.jar-26efba3f-6885a299.zip\DUMMY.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv649.jar-26efba3f-6885a299.zip\PARSER.CLASS ... Found the Exploit-ByteVerify trojan !!!
File not renamed - could be archive or compound file.
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat ... file could not be opened.
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG ... file could not be opened.
C:\Documents and Settings\Administrator\ntuser.dat ... file could not be opened.
C:\Documents and Settings\Administrator\ntuser.dat.LOG ... file could not be opened.
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat ... file could not be opened.
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG ... file could not be opened.
C:\Documents and Settings\NetworkService\NTUSER.DAT ... file could not be opened.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG ... file could not be opened.
C:\pagefile.sys ... file could not be opened.
C:\Programmi\eMule\Temp\005.part\01 BACCO PERBACCO.MP3 ... is corrupted.
C:\Programmi\iolo\System Mechanic 5\Undo\Manual\{04B24868-DCA9-4B13-AEEC-13195AE1826E}.und\{438B6923-9227-46CC-BD56-CD05EA6565D5}.TMP ... Found the QLowZones-13 trojan !!!
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\AD-AWARE SE DEFAULT.SKN ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\ARROW1.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\ARROW2.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BCK1.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT11.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT12.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT13.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT21.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT22.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT23.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT31.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT32.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT33.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT41.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT42.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT43.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT51.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT52.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT53.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT61.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\BT62.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\CHECKBOX1.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\CHECKBOX2.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\CHECKBOX3.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\CHECKBOX4.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\DEFBTN1.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\DEFBTN2.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\DEFBTN3.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\GLYPH1.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\GLYPH2.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\GLYPH3.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\GLYPH4.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\GLYPH5.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\GLYPH6.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\GLYPH7.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\MAIN.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\PREVIEW.BMP ... is password-protected.
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\SPRITE1.BMP ... is password-protected.
C:\WINDOWS\system32\config\default ... file could not be opened.
C:\WINDOWS\system32\config\default.LOG ... file could not be opened.
C:\WINDOWS\system32\config\SAM ... file could not be opened.
C:\WINDOWS\system32\config\SAM.LOG ... file could not be opened.
C:\WINDOWS\system32\config\SECURITY ... file could not be opened.
C:\WINDOWS\system32\config\SECURITY.LOG ... file could not be opened.
C:\WINDOWS\system32\config\software ... file could not be opened.
C:\WINDOWS\system32\config\software.LOG ... file could not be opened.
C:\WINDOWS\system32\config\system ... file could not be opened.
C:\WINDOWS\system32\config\system.LOG ... file could not be opened.
C:\WINDOWS\system32\drivers\sptd.sys ... file could not be opened.
Summary report on C:\*.*
File(s)
Total files: ........... 611192
Clean: ................. 611104
Possibly Infected: ..... 29
Cleaned: ............... 0
Non-critical Error(s): 3
E UNA CON HIJACKTHIS (IN MODALITA' NORMALE DOPO LA SCANSIONE CON SCANGUI) CHE ANCHESSA RIPORTO A SEGUITO
Logfile of HijackThis v1.99.1
Scan saved at 13:55:20, on 13/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programmi\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Dassault Systemes\B12\intel_a\code\bin\CATSysDemon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Programmi\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Documents and Settings\Administrator\Desktop\ARCHIVIO\VARIE\CALENDARIO\Rainlendar.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
\?\C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programmi\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Rainlendar.lnk = VARIE\CALENDARIO\Rainlendar.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmi\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://control.dialerbroker.com/dialers/2/qlcv-it-s.exe
O16 - DPF: {00000000-0000-0000-0000-000020050000} - http://www.accessoveloce.com/webline/x/wlaallb14x.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/2/en/Sy ... comInt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8964809578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9789489671
O16 - DPF: {AB6466A4-27CA-417D-A76D-5DA68E08FFE8} - http://uqbvru5am.com/a3206c1dd755e6b458 ... eBonus.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto ... dwnldr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA0E8F8F-F032-4012-9F2F-0266FF7D2C5C}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Programmi\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Programmi\Dassault Systemes\B12\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LEC TranslateDotNet Server - Unknown owner - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: MSSQL$AUTODESKVAULT - Unknown owner - C:\Programmi\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$AUTODESKVAULT - Unknown owner - C:\Programmi\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT (file missing)
HO DEI VIRUS SUL MIO PC CHE NON SONO ANCORA STATI ELIMINATI?
IL MIO ANTIVIRUS DI SISTEMA COSTANTEMENTE AGGIORNATO E' VIRUSSCAN ENTERPRISIS 7.1
VI RINGRAZIO IN ANTICIPO PER L'AIUTO ASPETTANDO UNA RISPOSTA