scusa jacomo,
potresti ricapitolare il modo con cui sei riuscito a debellarlo?
Ciao Herman,non vorrei essere l'uccello del malaugurio ma non sottovalutare il dialer:) Aspetta almeno 24 ore per avere almeno una piccola certezza di averlo eliminato. Io,anche in precedenza, ho avuto la sensazione di essermene sbarazzato ed invece...eccolo ricomparire puntualmente.Adesso,dopo quasi 48 ore di totale assenza di questo problema,comincio a sentirmi meglio:)
Comunque,mi auguro che tu l'abbia già risolto ma in caso,come mi ha giustamente consigliato Lucas, scarica FindAWF e controlla il report della scansione.Ci saranno delle cartelle "bak" che contengono i files non infetti.Avvia Windows in modalità provvisoria e copia i files buoni delle cartelle bak nelle loro cartelle immediatamente superiori indicate dalla scansione fatta con findAWF.Dopo di ciò riavvia windows normalmente e ...come per magia tutto risolto:-) Per sicurezza fai qualche altra scansione online con AVG antispyware o con kaspersky ma non credo che ci dovrebbero essere problemi.Ciaoooo:)
E' accaduto di nuovo!!!
Ma questa volta l'icona è una "D" verde con sfondo bianco e la connessione è "Instant Access Dialer".
La cattiva notizia è che ho lo stesso problema con il pc e anche con il laptop!!!
Non appena avrò entrambi i log di Hijack e AWF li posterò.
Lucassssssss.....HELP ME!!!!
....Questi sono i logs del laptop, posterò subito anche quelli del pc
Logfile of HijackThis v1.99.1
Scan saved at 22.13.14, on 23/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe (file missing)
*****************************************++
Find AWF report by noahdfear ©2006
bak folders found
~~~~~~~~~~~
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\WINDOWS\SYSTEM32\BAK
19/08/2004 05.00 & nbsp; 15.360 ctfmon.exe
01/11/2004 18.22 & nbsp; 262.144 ElkCtrl.exe
28/11/2005 13.52 & nbsp; 77.824 hkcmd.exe
28/11/2005 13.55 & nbsp; 118.784 igfxpers.exe
28/11/2005 13.55 & nbsp; 98.304 igfxtray.exe
30/12/2005 14.02 & nbsp; 40.960 ImageItEncrypt.exe
06/04/2006 19.22 & nbsp; 225.280 LVCOMSX.EXE
7 File 838.656 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\PROGRA~1\LAUNCH~1\BAK
30/03/2006 13.56 & nbsp; 471.040 QtZgAcer.EXE
1 File 471.040 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\PROGRA~1\MICROS~3\BAK
24/03/2005 00.26 & nbsp; 217.088 point32.exe
1 File 217.088 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\PROGRA~1\SYMNET~1\BAK
07/03/2007 18.10 & nbsp; 100.048 SNDMon.exe
1 File 100.048 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\WINDOWS\IME\IMJP8_1\BAK
19/08/2004 05.00 & nbsp; 208.952 IMJPMIG.EXE
1 File 208.952 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\PROGRA~1\REALTEK\INSTAL~1\BAK
25/08/2005 14.21 & nbsp; 53.248 AzMixerSel.exe
1 File 53.248 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK
08/01/2005 07.16 & nbsp; 692.315 SynTPEnh.exe
08/01/2005 07.17 & nbsp; 102.491 SynTPLpr.exe
2 File 794.806 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
02/11/2004 20.24 & nbsp; 32.768 PDVDServ.exe
1 File 32.768 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\PROGRA~1\NEWTEC~1\NTICD&~1\BAK
11/05/2005 17.15 & nbsp; 45.056 ntiMUI.exe
1 File 45.056 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\PROGRA~1\ACER\ORBICAM\BAK
06/04/2006 19.00 & nbsp; 331.776 CameraAssistant.exe
06/04/2006 19.06 & nbsp; 73.728 InstallHelper.exe
2 File 405.504 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\ACER\EMPOWE~1\EDATAS~1\BAK
17/03/2006 15.00 & nbsp; 345.088 eDSloader.exe
1 File 345.088 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\ACER\EMPOWE~1\EPRESE~1\BAK
31/03/2006 16.39 & nbsp; 204.800 ePresentation.exe
1 File 204.800 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\ACER\EMPOWE~1\EPOWER\BAK
15/03/2006 22.12 & nbsp; 579.584 Boot.exe
04/04/2006 18.08 & nbsp; 421.888 ePower_DMC.exe
2 File 1.001.472 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\ACER\EMPOWE~1\ERECOV~1\BAK
28/04/2006 16.43 & nbsp; 401.408 eRAgent.exe
1 File 401.408 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK
19/08/2004 05.00 & nbsp; 59.392 ImScInst.exe
1 File 59.392 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK
19/08/2004 05.00 & nbsp; 455.168 TINTSETP.EXE
1 File 455.168 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK
13/11/2006 10.23 & nbsp; 180.269 realsched.exe
1 File 180.269 byte
2 Directory 22.119.776.256 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 4968-4959
Directory di C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK
12/10/2006 03.10 & nbsp; 49.263 jusched.exe
1 File 49.263 byte
2 Directory 22.119.776.256 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
24076 23 Mar 2007 "C:\WINDOWS\system32\igfxtray.exe"
98304 28 Nov 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
24076 23 Mar 2007 "C:\WINDOWS\system32\hkcmd.exe"
77824 28 Nov 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
24076 23 Mar 2007 "C:\WINDOWS\system32\igfxpers.exe"
118784 28 Nov 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
24076 23 Mar 2007 "C:\WINDOWS\system32\LVCOMSX.EXE"
225280 6 Apr 2006 "C:\WINDOWS\system32\bak\LVCOMSX.EXE"
24076 23 Mar 2007 "C:\WINDOWS\system32\ElkCtrl.exe"
262144 1 Nov 2004 "C:\WINDOWS\system32\bak\ElkCtrl.exe"
24076 23 Mar 2007 "C:\WINDOWS\system32\ImageItEncrypt.exe"
40960 30 Dec 2005 "C:\WINDOWS\system32\bak\ImageItEncrypt.exe"
40960 30 Dec 2005 "C:\Acer\Empowering Technology\eRecovery\ImageItEncrypt.exe"
24076 23 Mar 2007 "C:\Programmi\Launch Manager\QtZgAcer.EXE"
471040 30 Mar 2006 "C:\Programmi\Launch Manager\bak\QtZgAcer.EXE"
24076 23 Mar 2007 "C:\Programmi\Microsoft IntelliPoint\point32.exe"
217088 24 Mar 2005 "C:\Programmi\Microsoft IntelliPoint\bak\point32.exe"
95456 23 Mar 2007 "C:\Programmi\SymNetDrv\SNDMon.exe"
100048 7 Mar 2007 "C:\Programmi\SymNetDrv\bak\SNDMon.exe"
208952 19 Aug 2004 "C:\WINDOWS\ime\imjp8_1\imjpmig.exe"
208952 19 Aug 2004 "C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE"
24076 23 Mar 2007 "C:\Programmi\Realtek\InstallShield\AzMixerSel.exe"
53248 25 Aug 2005 "C:\Programmi\Realtek\InstallShield\bak\AzMixerSel.exe"
24076 23 Mar 2007 "C:\Programmi\Synaptics\SynTP\SynTPLpr.exe"
102491 8 Jan 2005 "C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe"
24076 23 Mar 2007 "C:\Programmi\Synaptics\SynTP\SynTPEnh.exe"
692315 8 Jan 2005 "C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe"
24076 23 Mar 2007 "C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe"
32768 2 Nov 2004 "C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe"
24076 23 Mar 2007 "C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe"
45056 11 May 2005 "C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe"
24076 23 Mar 2007 "C:\Programmi\Acer\OrbiCam\CameraAssistant.exe"
331776 6 Apr 2006 "C:\Programmi\Acer\OrbiCam\bak\CameraAssistant.exe"
24076 23 Mar 2007 "C:\Programmi\Acer\OrbiCam\InstallHelper.exe"
15872 21 Feb 2003 "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.ex e"
28672 23 Sep 2005 "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.e xe"
73728 6 Apr 2006 "C:\Programmi\Acer\OrbiCam\bak\InstallHelper.exe"
5420864 7 Mar 2007 "C:\Documents and Settings\All Users\Dati applicazioni\Google Updater\cache\installers_ci_picasa_en_2.6.35.92.35.97_setup_ 2006.12.18_16.28.16.exe"
24076 23 Mar 2007 "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
345088 17 Mar 2006 "C:\Acer\Empowering Technology\eDataSecurity\bak\eDSloader.exe"
81920 26 Jan 2006 "C:\Acer\Empowering Technology\ePresentation\ePresentationLauncher.exe"
204800 31 Mar 2006 "C:\Acer\Empowering Technology\ePresentation\bak\ePresentation.exe"
24076 23 Mar 2007 "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
421888 4 Apr 2006 "C:\Acer\Empowering Technology\ePower\bak\ePower_DMC.exe"
24076 23 Mar 2007 "C:\Acer\Empowering Technology\ePower\Boot.exe"
579584 15 Mar 2006 "C:\Acer\Empowering Technology\ePower\bak\Boot.exe"
24076 23 Mar 2007 "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe"
401408 28 Apr 2006 "C:\Acer\Empowering Technology\eRecovery\bak\eRAgent.exe"
59392 19 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe"
59392 19 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe"
455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
24076 23 Mar 2007 "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"
180269 13 Nov 2006 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
24076 23 Mar 2007 "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
49263 12 Oct 2006 "C:\Programmi\Java\jre1.5.0_09\bin\bak\jusched.exe"
end of report
Questi sono i logs del pc
Logfile of HijackThis v1.99.1
Scan saved at 22.29.20, on 23/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programmi\Trust\250S Series\lwbwheel.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmi\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\xp\IMPOST~1\Temp\11745932864kKMa.exe
C:\Programmi\Shareaza\Shareaza.exe
C:\DOCUME~1\xp\IMPOST~1\Temp\1174593417xkxSa.exe
C:\Programmi\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Trust\250S Series\lwbwheel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
**********************************
Find AWF report by noahdfear ©2006
21504 byte files found
~~~~~~~~~~~~~
21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
25600 byte files found
~~~~~~~~~~~~~
25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
26450 byte files found
~~~~~~~~~~~~~
26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
bak folders found
~~~~~~~~~~~
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BCE3-5462
Directory di C:\WINDOWS\BAK
26/07/2005 19.45 & nbsp; 40.960 etMon.exe
1 File 40.960 byte
2 Directory 50.398.932.992 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BCE3-5462
Directory di C:\PROGRA~1\SYMNET~1\BAK
28/02/2007 20.16 & nbsp; 95.960 SNDMon.exe
1 File 95.960 byte
2 Directory 50.398.932.992 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BCE3-5462
Directory di C:\WINDOWS\SYSTEM32\BAK
19/08/2004 14.39 & nbsp; 15.360 ctfmon.exe
09/07/2001 11.50 & nbsp; 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 50.398.928.896 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BCE3-5462
Directory di C:\PROGRA~1\AHEAD\INCD\BAK
10/03/2007 10.09 & nbsp; 131.057 Error.log
06/04/2004 18.36 1.298.542 InCD.exe
2 File 1.429.599 byte
2 Directory 50.398.928.896 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BCE3-5462
Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
08/12/2003 17.35 & nbsp; 32.768 PDVDServ.exe
1 File 32.768 byte
2 Directory 50.398.928.896 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BCE3-5462
Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK
04/04/2006 12.02 & nbsp; 71.304 ccApp.exe
1 File 71.304 byte
2 Directory 50.398.928.896 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BCE3-5462
Directory di C:\PROGRA~1\NETROPA\MULTIM~1\BAK
19/06/2002 11.50 & nbsp; 180.224 MMKeybd.exe
1 File 180.224 byte
2 Directory 50.398.928.896 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BCE3-5462
Directory di C:\PROGRA~1\TRUST\250SSE~1\BAK
20/04/2001 12.42 & nbsp; 429.568 lwbwheel.exe
1 File 429.568 byte
2 Directory 50.398.928.896 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BCE3-5462
Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK
10/03/2007 08.57 & nbsp; 180.269 realsched.exe
1 File 180.269 byte
2 Directory 50.398.928.896 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BCE3-5462
Directory di C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK
15/12/2006 03.23 & nbsp; 75.520 jusched.exe
1 File 75.520 byte
2 Directory 50.398.928.896 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
40960 26 Jul 2005 "C:\Programmi\ETUSB2.0\etMon.exe"
40960 26 Jul 2005 "C:\WINDOWS\bak\etMon.exe"
24076 22 Mar 2007 "C:\Programmi\SymNetDrv\SNDMon.exe"
95960 28 Feb 2007 "C:\Programmi\SymNetDrv\bak\SNDMon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\NeroCheck.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
131057 21 Mar 2007 "C:\Programmi\Ahead\InCD\Error.log"
131057 10 Mar 2007 "C:\Programmi\Ahead\InCD\bak\Error.log"
24076 22 Mar 2007 "C:\Programmi\Ahead\InCD\InCD.exe"
1298542 6 Apr 2004 "C:\Programmi\Ahead\InCD\bak\InCD.exe"
32768 8 Dec 2003 "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
32768 8 Dec 2003 "C:\Programmi\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe"
24076 22 Mar 2007 "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
71304 4 Apr 2006 "C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe"
24076 22 Mar 2007 "C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe"
180224 19 Jun 2002 "C:\Programmi\Netropa\Multimedia Keyboard\bak\MMKeybd.exe"
24076 22 Mar 2007 "C:\Programmi\Trust\250S Series\lwbwheel.exe"
429568 20 Apr 2001 "C:\Programmi\Trust\250S Series\bak\lwbwheel.exe"
24076 22 Mar 2007 "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"
180269 10 Mar 2007 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
24076 22 Mar 2007 "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe"
end of report
***********************************
GRAZIE....ancora
Le due voci .exe sono riferite al dialer (ho fatto L'hijack con loro ancora dentro) e le ho potuto eliminare nella cartella temp solo attarverso Task manager.
Per quanto riguarda Sun Java, non so... .
Comunque ecco i nuovi logs dopo l'eliminazione:
Logfile of HijackThis v1.99.1
Scan saved at 23.07.47, on 23/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programmi\Trust\250S Series\lwbwheel.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmi\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Trust\250S Series\lwbwheel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
*******************************
Find AWF report by
noahdfear ©2006
21504 byte files found
~~~~~~~~~~~~~
21504 byte files sorted
with strings
~~~~~~~~~~~~~~~~~~~~~
25600 byte files found
~~~~~~~~~~~~~
25600 byte files sorted
with strings
~~~~~~~~~~~~~~~~~~~~~
26450 byte files found
~~~~~~~~~~~~~
26450 byte files sorted
with strings
~~~~~~~~~~~~~~~~~~~~~
bak folders found
~~~~~~~~~~~
Il volume nell'unit… C non
ha etichetta.
Numero di serie del
volume: BCE3-5462
Directory di
C:\WINDOWS\BAK
26/07/2005 19.45 & nbsp;
40.960 etMon.exe
1 File
40.960 byte
2 Directory
55.166.066.688 byte
disponibili
Il volume nell'unit… C non
ha etichetta.
Numero di serie del
volume: BCE3-5462
Directory di
C:\PROGRA~1\SYMNET~1\BAK
28/02/2007 20.16 & nbsp;
95.960 SNDMon.exe
1 File
95.960 byte
2 Directory
55.166.066.688 byte
disponibili
Il volume nell'unit… C non
ha etichetta.
Numero di serie del
volume: BCE3-5462
Directory di
C:\WINDOWS\SYSTEM32\BAK
19/08/2004 14.39 & nbsp;
15.360 ctfmon.exe
09/07/2001 11.50 & nbsp;
155.648 NeroCheck.exe
2 File
171.008 byte
2 Directory
55.166.062.592 byte
disponibili
Il volume nell'unit… C non
ha etichetta.
Numero di serie del
volume: BCE3-5462
Directory di
C:\PROGRA~1\AHEAD\INCD\BAK
10/03/2007 10.09 & nbsp;
131.057 Error.log
06/04/2004 18.36
1.298.542 InCD.exe
2 File
1.429.599 byte
2 Directory
55.166.062.592 byte
disponibili
Il volume nell'unit… C non
ha etichetta.
Numero di serie del
volume: BCE3-5462
Directory di
C:\PROGRA~1\CYBERL~1\POWERD
VD\BAK
08/12/2003 17.35 & nbsp;
32.768 PDVDServ.exe
1 File
32.768 byte
2 Directory
55.166.062.592 byte
disponibili
Il volume nell'unit… C non
ha etichetta.
Numero di serie del
volume: BCE3-5462
Directory di
C:\PROGRA~1\FILECO~1\SYMANT
~1\BAK
04/04/2006 12.02 & nbsp;
71.304 ccApp.exe
1 File
71.304 byte
2 Directory
55.166.062.592 byte
disponibili
Il volume nell'unit… C non
ha etichetta.
Numero di serie del
volume: BCE3-5462
Directory di
C:\PROGRA~1\NETROPA\MULTIM~
1\BAK
19/06/2002 11.50 & nbsp;
180.224 MMKeybd.exe
1 File
180.224 byte
2 Directory
55.166.062.592 byte
disponibili
Il volume nell'unit… C non
ha etichetta.
Numero di serie del
volume: BCE3-5462
Directory di
C:\PROGRA~1\TRUST\250SSE~1\
BAK
20/04/2001 12.42 & nbsp;
429.568 lwbwheel.exe
1 File
429.568 byte
2 Directory
55.166.062.592 byte
disponibili
Il volume nell'unit… C non
ha etichetta.
Numero di serie del
volume: BCE3-5462
Directory di
C:\PROGRA~1\FILECO~1\REAL\U
PDATE~1\BAK
10/03/2007 08.57 & nbsp;
180.269 realsched.exe
1 File
180.269 byte
2 Directory
55.166.062.592 byte
disponibili
Il volume nell'unit… C non
ha etichetta.
Numero di serie del
volume: BCE3-5462
Directory di
C:\PROGRA~1\JAVA\JRE15~1.0_
1\BIN\BAK
15/12/2006 03.23 & nbsp;
75.520 jusched.exe
1 File
75.520 byte
2 Directory
55.166.062.592 byte
disponibili
Duplicate files of bak
directory contents
~~~~~~~~~~~~~~~~~~~~~~~
40960 26 Jul 2005
"C:\Programmi\ETUSB2.0\etMo
n.exe"
40960 26 Jul 2005
"C:\WINDOWS\bak\etMon.exe"
24076 22 Mar 2007
"C:\Programmi\SymNetDrv\SND
Mon.exe"
95960 28 Feb 2007
"C:\Programmi\SymNetDrv\bak
\SNDMon.exe"
15360 19 Aug 2004
"C:\WINDOWS\system32\ctfmon
.exe"
15360 19 Aug 2004
"C:\WINDOWS\system32\bak\ct
fmon.exe"
155648 9 Jul 2001
"C:\WINDOWS\system32\NeroCh
eck.exe"
155648 9 Jul 2001
"C:\WINDOWS\system32\bak\Ne
roCheck.exe"
131057 21 Mar 2007
"C:\Programmi\Ahead\InCD\Er
ror.log"
131057 10 Mar 2007
"C:\Programmi\Ahead\InCD\ba
k\Error.log"
24076 22 Mar 2007
"C:\Programmi\Ahead\InCD\In
CD.exe"
1298542 6 Apr 2004
"C:\Programmi\Ahead\InCD\ba
k\InCD.exe"
32768 8 Dec 2003
"C:\Programmi\CyberLink DVD
Solution\PowerDVD\PDVDServ.
exe"
32768 8 Dec 2003
"C:\Programmi\CyberLink DVD
Solution\PowerDVD\bak\PDVDS
erv.exe"
24076 22 Mar 2007
"C:\Programmi\File
comuni\Symantec
Shared\ccApp.exe"
71304 4 Apr 2006
"C:\Programmi\File
comuni\Symantec
Shared\bak\ccApp.exe"
24076 22 Mar 2007
"C:\Programmi\Netropa\Multi
media Keyboard\MMKeybd.exe"
180224 19 Jun 2002
"C:\Programmi\Netropa\Multi
media
Keyboard\bak\MMKeybd.exe"
24076 22 Mar 2007
"C:\Programmi\Trust\250S
Series\lwbwheel.exe"
429568 20 Apr 2001
"C:\Programmi\Trust\250S
Series\bak\lwbwheel.exe"
24076 22 Mar 2007
"C:\Programmi\File
comuni\Real\Update_OB\reals
ched.exe"
180269 10 Mar 2007
"C:\Programmi\File
comuni\Real\Update_OB\bak\r
ealsched.exe"
24076 22 Mar 2007
"C:\Programmi\Java\jre1.5.0
_11\bin\jusched.exe"
75520 15 Dec 2006
"C:\Programmi\Java\jre1.5.0
_11\bin\bak\jusched.exe"
end of report
L'unica cosa che mi viene da fare è sostituire i files con quelli nelle cartelle bak, ma non sono sicura se devo farlo con tutti oppure solo con alcuni.