www.MegaLab.it

da **ricchysb** » lun nov 10, 2008 2:47 pm

Come faccio a liberarmi di questo virus che avast individua quando inserisco un drive USB nel mio pc????
In particolare quando inserisco la penna USB o l'iPod avast visualizza un allarme che dice che il file H:\autorun.inf è infetto dal virus BV:AutoRun-G [Wrm].
Il bello è che il file autorun.inf non si vede assolutamente su H: anche abilitando la visione di cartelle e file nascosti..
In qualche modo sono riuscito ad isolare il file e al suo interno c'erano queste righe di comando:

[autorun]
open=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1113\crss.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1113\crss.exe
shell\open\default=1

ho cercato il file crss.exe ma senza successo.
Navigando in internet ho visto che molti avevano un problema analogo ma con il file autorun.inf e smss.exe...
ho fatto una ricerca di questo file e oltre a quello presente nel system32 (che ritengo legittimo) ne ho trovato un secondo in C:\WINDOWS\ServicePackFiles\i386... l'ho eliminato ma il problema persiste!

A I U T O O O O ...

[grazie]

da **ste_95** » lun nov 10, 2008 2:54 pm

http://www.MegaLab.it/2899

da **ricchysb** » mer nov 12, 2008 5:20 pm

caxxxxxxooooooooooooooooooooooooooooo......
Stè intanto grazie...!
ho provato con il PRT ma non funziona..
anzi le cose sono apparentemente peggiorate...
ogni volta che riavvio il pc mi da 3 errori che riporto in sequenza:

1) errore di protezione esecuzione programmi : per facilitare la protezione del pc è stato chiuso esplora risorse...
2) invia segnalazione errori per drwtsn32.exe
3) invia segnalazione errori per explorer.exe

dopo aver inviato le segnalazioni il pc è praticamente bloccato fino a quando non termino l'applicazione drwtsn32.exe con ctrl+alt+canc...
Se inserisco la chiavetta o l'ipod avast mi segnala ancora la presenza del virus...

da **ste_95** » mer nov 12, 2008 5:38 pm

Scarica HijackThis
Salvalo in una cartella (non aprirlo direttamente, sennò non farà i backup!)
Apri l'eseguibile
Clicca quindi su "Do a System Scan and Save a Logfile"
Attendi che finisca la scansione
Posta sul forum il risultato facendo attenzione a queste regole.

da **ricchysb** » mer nov 12, 2008 5:59 pm

OK eccolo..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.58.33, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Programmi\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\Programmi\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\vNFlexnt\Lmgrd.exe
C:\Programmi\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
C:\Programmi\vNFlexnt\MSC.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\DOCUME~1\RICCAR~1\IMPOST~1\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Riccardo Piccoli\Documenti\Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ing.unitn.it:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 8988074828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2698101125
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Programmi\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Programmi\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Programmi\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Flexlm Service 1 - Macrovision Corporation - C:\Programmi\vNFlexnt\Lmgrd.exe
O23 - Service: FLEXlm Service for vNDesktop - Macrovision Corporation - C:\Programmi\vNFlexnt\lmgrd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - C:\Programmi\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - C:\Programmi\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 15402 bytes

da **ste_95** » mer nov 12, 2008 6:30 pm

Il log è pulito.
In modalità provvisoria hai gli stessi problemi?

da **ricchysb** » mer nov 12, 2008 6:46 pm

in modalità provvisoria addirittura non parte neanche..
mi sembra di vedere al volo un blue screen error che compare prima che si riavvia tutto di nuovo..
ora dò un'occhiata con regcleaner perché sempre il solito drwtsn32.exe mi blocca il pc..

[uhm]

da **ricchysb** » gio nov 13, 2008 3:55 pm

niente.. non ne vengo fuori... che posso fare prima di formattare...???
ah tra l'altro il mio acer aspire ha deciso che acer eRecovery Managment non funziona più..
quindi non ho neanche i cd per formattare...
....una caporetto...!!

[cry+]

da **ste_95** » gio nov 13, 2008 4:09 pm

Crea il MegaLabCD e fai il boot da quello all'avvio. Dopo che lo hai avviato apri il menù Start -> Programmi -> Antivirus -> Avira Antivir.

Scansiona con Antivir tutto il computer, e vedi se trovi malware, in caso positivo eliminali.

da **Amantide** » gio nov 13, 2008 4:15 pm

Prima di creare MegalabCD prova a fare la scansione con Combofix.

Scarica ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.

da **ricchysb** » gio nov 13, 2008 4:50 pm

ecco il log di combofix..
c'è da dire che all'avvio non mi sono usciti tutti gli errori che ho citato sopra... e già qui potrebbe essere bello..

ComboFix 08-11-12.01 - Riccardo Piccoli 2008-11-13 16.35.51.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1585 [GMT 1:00]
Eseguito da: c:\documents and settings\Riccardo Piccoli\Documenti\Software\ComboFix.exe
* Creato nuovo punto di ripristino
.
Os seguintes ficheiros foram desabilitados durante a rodagem:
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Riccardo Piccoli\Dati applicazioni\inst.exe
c:\windows\system32\cfx32.ocx
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\systeminfo3.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_NPF
-------\Service_Iprip
-------\Service_NPF

((((((((((((((((((((((((( Files Creati Da 2008-10-13 al 2008-11-13 )))))))))))))))))))))))))))))))))))
.

2008-11-12 18:55 . 2008-11-12 18:55 <DIR> d-------- c:\programmi\RegCleaner
2008-11-10 11:25 . 2008-11-10 11:25 <DIR> d-------- c:\programmi\CloneDVD
2008-11-10 11:25 . 2008-11-10 11:25 <DIR> d-------- c:\documents and settings\Riccardo Piccoli\Dati applicazioni\Vso
2008-11-10 11:25 . 2008-11-10 11:25 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\DVDXStudio
2008-11-10 11:25 . 2008-11-10 11:25 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-11-10 11:25 . 2008-11-10 11:25 47,360 --a------ c:\documents and settings\Riccardo Piccoli\Dati applicazioni\pcouffin.sys
2008-10-27 19:15 . 1999-09-10 12:06 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2008-10-27 19:15 . 1999-09-10 12:06 25,244 --a------ c:\windows\system32\drivers\ASPI32.SYS
2008-10-27 19:15 . 1999-09-10 12:06 5,600 --a------ c:\windows\system\WINASPI.DLL
2008-10-27 19:15 . 1999-09-10 12:06 4,672 --a------ c:\windows\system\WOWPOST.EXE
2008-10-27 19:10 . 2008-10-27 19:10 <DIR> d-------- c:\programmi\EasyDVDClone
2008-10-24 16:56 . 2008-10-15 18:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 14:35 . 2008-09-08 12:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-15 14:34 . 2008-08-14 15:22 2,192,896 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 14:34 . 2008-08-14 15:22 2,148,864 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 14:34 . 2008-08-14 15:22 2,069,760 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 14:34 . 2008-08-14 15:22 2,027,520 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 14:34 . 2008-09-15 17:24 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-10 11:24 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nokia
2008-10-10 10:57 --------- d-----w c:\programmi\PC Connectivity Solution
2008-10-10 10:57 --------- d-----w c:\programmi\File comuni\PCSuite
2008-10-10 10:57 --------- d-----w c:\programmi\File comuni\Nokia
2008-10-10 10:45 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-10 10:44 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-09 09:58 --------- d-----w c:\programmi\QuickTime
2008-10-09 09:20 --------- d-----w c:\programmi\iTunes
2008-10-09 09:20 --------- d-----w c:\programmi\iPod
2008-10-09 09:20 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-07 13:23 --------- d-----w c:\programmi\MaZZick
2008-10-06 10:34 --------- d-----w c:\documents and settings\Riccardo Piccoli\Dati applicazioni\Windows Search
2008-10-03 17:58 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-03 14:05 --------- d-----w c:\programmi\GiocoDigitale
2008-10-03 14:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\GiocoDigitale
2008-10-01 12:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-29 15:25 --------- d-----w c:\programmi\Windows Desktop Search
2008-09-29 15:25 --------- d-----w c:\documents and settings\Riccardo Piccoli\Dati applicazioni\Windows Desktop Search
2008-09-28 15:27 --------- d-----w c:\programmi\Macromedia
2008-09-28 15:27 --------- d-----w c:\programmi\File comuni\Macromedia Shared
2008-09-15 16:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-08 19:02 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-08-27 09:57 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 14:22 2,148,864 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 14:22 2,027,520 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
2008-06-07 13:57 22,328 ----a-w c:\documents and settings\Riccardo Piccoli\Dati applicazioni\PnkBstrK.sys
2008-02-13 21:00 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-07-28 17:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008072820080729\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SweetIM"="c:\programmi\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ntiMUI"="c:\programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2008-03-17 397312]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]
"LogitechCameraAssistant"="c:\programmi\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]
"LogitechVideo[inspector]"="c:\programmi\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-14 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-20 3080192]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Maple 10\\JRE\\BIN\\MAPLE.EXE"=
"c:\\Programmi\\MATLAB\\R2006b\\bin\\win32\\MATLAB.exe"=
"d:\\COD4\\iw3mp.exe"=
"c:\\Programmi\\ANSYS Inc\\v110\\RSM\\bin\\JobManagerService.exe"=
"c:\\Programmi\\ANSYS Inc\\v110\\RSM\\bin\\JMAdmin.exe"=
"c:\\Programmi\\ANSYS Inc\\v110\\RSM\\bin\\JMPassword.exe"=
"c:\\Programmi\\ANSYS Inc\\v110\\AISOL\\CommonFiles\\intel\\AnsysWBU.exe"=
"c:\\Programmi\\ANSYS Inc\\v110\\ANSYS\\bin\\intel\\ANSYS.exe"=
"c:\\Programmi\\ANSYS Inc\\v110\\AISOL\\CAD Integration\\intel\\ActivePIMgrU.exe"=
"c:\\Programmi\\ANSYS Inc\\v110\\AISOL\\CAD Integration\\intel\\ReaderHostU.exe"=
"c:\\Programmi\\ANSYS Inc\\v110\\CommonFiles\\TCL\\bin\\intel\\tclsh.exe"=
"c:\\Programmi\\ANSYS Inc\\v110\\CommonFiles\\TCL\\bin\\intel\\wish.exe"=
"c:\\Programmi\\Ansys Inc\\V110\\AISOL\\AUTODYN\\intel\\autodyn.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\System32\\PnkBstrB.exe"=
"c:\\Programmi\\ANSYS Inc\\v110\\RSM\\bin\\ScriptHostService.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"135:TCP"= 135:TCP:*:Disabled:porta135

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\programmi\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe [2006-03-24 1294336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-01-23 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-01-23 78208]
R2 Flexlm Service 1;Flexlm Service 1;c:\programmi\vNFlexnt\Lmgrd.exe [2003-07-08 659456]
R2 JobManagerService110;Ansys JobManager Service V11;c:\programmi\ANSYS Inc\v110\RSM\bin\JobManagerService.exe [2007-01-16 20480]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
R2 ScriptHostService110;Ansys ScriptHost Service V11;c:\programmi\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe [2007-01-16 20480]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-06-19 1097728]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2005-09-13 4392]
S2 FLEXlm Service for vNDesktop;FLEXlm Service for vNDesktop;c:\programmi\vNFlexnt\lmgrd.exe [2003-07-08 659456]
S3 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT);c:\programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 p2pgasvc;Autenticazione gruppo rete peer;c:\windows\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Gestione identità rete peer;c:\windows\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Rete peer;c:\windows\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Peer Name Resolution Protocol (PNRP);c:\windows\system32\svchost.exe [2008-04-14 14336]
S3 USBSTOR;Driver archiviazione di massa USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{88B2E5C0-5FCB-11QQ-BAX5-114016608589}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1113\crss.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-RunServicesOnce-washindex - c:\program files\Washer\washidx.exe
HKLM-Run-EoEngine - (no file)
HKLM-Run-EoNet - (no file)
HKU-Default-Run-Nokia.PCSync - c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://it.intl.acer.yahoo.com
R1 -: HKCU-Internet Settings,ProxyServer = proxy.ing.unitn.it:80
O8 -: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 16:40:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
c:\programmi\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\programmi\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\acer\Empowering Technology\admServ.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\vNFlexnt\MSC.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\docume~1\RICCAR~1\IMPOST~1\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-13 16:45:55 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-13 15:45:52

Pre-Run: 9.340.583.936 byte disponibili
Post-Run: 9,782,525,952 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

274 --- E O F --- 2008-10-24 15:00:42

da **Amantide** » gio nov 13, 2008 5:19 pm

ricchysb ha scritto:ecco il log di combofix..
c'è da dire che all'avvio non mi sono usciti tutti gli errori che ho citato sopra... e già qui potrebbe essere bello..

Forse è dovuto al fatto che Combofix ha rimosso qualche file e qualche servizio infetti, per il resto il log sembra essere pulito [^]

Se tu dici che ora il problema è risolto - allora va bene così, altrimenti procedi pure con MegaLab CD.

da **ricchysb** » gio nov 13, 2008 5:39 pm

perfetto!!!
Allora controllo..
tra l'altro sono andato su un'altro pc con la usb pen e con l'ipod e ho trovato finalmente la cartella che conteneva il presunto virus..
l'ho eliminata e adesso faccio un po' di test sul mio pc!!!
Spero vada tutto bene!!
Intanto grazie mille dei preziosi aiuti... !! [applauso+]

da **ricchysb** » mar nov 18, 2008 6:03 pm

Niente da fare!! Questo maledetto trojan è più tenace del previsto..
Ora provo con il bart PE e in caso formatto tutto e vaf....

Ho dei problemi con l'applicazione acer eRecovery preinstallata sul mio portatile acer aspire 5630...
La mia applicazione non funziona più e quella mi serve per formattare il pc....
Qualche consiglio a riguardo?

In ogni caso vi ringrazio per i preziosi consigli e volevo spezzare una lancia in favore di questo forum dove ho trovato spesso le soluzioni ai vari problemi informatici.. [MLI]

Ciao!

da **ricchysb** » mer dic 03, 2008 10:44 am

SOLUZIONE!!

Finalmente sono riuscito a debellare questo melefico virus senza dover formattare tutto..
Si tratta di un backdoor che si nasconde molto bene nel computer, il quale poi si propaga tramite le chiavette e altri dispositivi usb (ipod, hard disk.. etc).
L'unico che ha individuato il benedetto file è stato il virus scan on line di kaspersky http://www.kaspersky.com/virusscanner..
In una volta individuata la posizione della cartella che contiene poi il file eseguibile .exe che causa tutti questi problemini, gli ho dato una bella piallata con the avenger e magicamente tutto si è risolto!!

Attrenzione però.. se le chiavette che avete inserito non sono state "pulite" c'è il rischio che il virus si crei ogni volta che inserite una chiavetta infetta..
Quindi ragazzi... occhio a cosa vi inserite.. usate le giuste protezioni... [:D]

Ciao!!

www.MegaLab.it

AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Re: AIUTOO: virus autorun.inf e crss.exe su pen drive USB e iPod

Chi c’è in linea