Olimpo Informatico

sabatino · Eroe Registrato: 12/06/06 15:47 Messaggi: 72

ciao a tutti

nella mia , seppur limitata, storia di internauta mi ritengo abbastanza fortunato. Stavolta però vedo che la situazione mi sfugge dalle mani: sia chiaro io il computer lo accendo per scaricare musica e fare ricerche, nient'altro. Da un pò di giorni noto questi sintomi:

rallentamento anche se non eccessivo

le pagine web non mi si aprono (impossibile visualizzare la pagina), poi basta che mi disconnetto e mi connetto e tutto si risolve

ogni tanto norton mi notifica la presenza di due minacce W32.Alcra.B e Exploit IE, che non cancella per "accesso negato al file"

c'è una finestra pubblicitaria che mi si apre ad ogni avvio mediaclick fastclick qualcosa del genere e non riesco a capira donde viene

norton non mi individua niente, gli altri spybot ewido ad.aware solo tracking cookie. Comunque questo è il rapporto di panda active scan

Incident Status Location

Dialer:dialer.cos Not disinfected C:\Documents and Settings\utente\Dati applicazioni\microsoft\internet explorer\quick launch\exsplorer.lnk
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32a.sys
Adware:adware/emediacodec Not disinfected c:\programmi\eMedia Codec
Potentially unwanted tool:application/need2find Not disinfected c:\programmi\Need2Find
Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Dialer:Dialer.HCX Not disinfected C:\Documents and Settings\utente\1059847.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\utente\Cookies\utente@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\utente\Cookies\utente@ad.yieldmanager[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\utente\Cookies\utente@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\utente\Cookies\utente@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\utente\Cookies\utente@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\utente\Cookies\utente@as1.falkag[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\utente\Cookies\utente@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\utente\Cookies\utente@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\utente\Cookies\utente@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\utente\Cookies\utente@mediaplex[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\utente\Cookies\utente@revenue[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\utente\Cookies\utente@statcounter[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\utente\Cookies\utente@tradedoubler[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\utente\Cookies\utente@tribalfusion[2].txt
Spyware:Cookie/ademails Not disinfected C:\Documents and Settings\utente\Cookies\utente@www.ademails[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\utente\Cookies\utente@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\utente\Cookies\utente@yadro[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\utente\Cookies\utente@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\utente\Documenti\software\AntiPuper.exe[²PÇ]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\utente\Documenti\software\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\utente\Documenti\software\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\utente\Documenti\software\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\utente\Documenti\software\smitRem.exe[smitRem/Process.exe]

hijackthis mi individua solo un processo "abbastanza sospetto", che elimino e che mi si ripresenta ad ogni avvio ed è

O17 - HKLM\System\CCS\Services\Tcpip\..\{7C01C8D1-27E3-4773-B6E6-4AC107EA4EA4}: NameServer = 85.37.17.9 85.38.28.75

ringrazio per l'aiuto che mi verrà fornito

Smjert

Intanto che aspettiamo Holifay( Fiore

) ti conviene fare le scansioni in Modalità Provvisoria (F8 al boot)... non vorrei dire una stupidaggine ma magari alcuni di quei file vengono usati da un processo o loro stessi sono in esecuzione quindi non te li lascia togliere.. poi posta anche il log intero di HijackThis.

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

ciao e benvenuto Smile

Quello che cancelli e che ritorna è normale, è il DNS del tuo provider (Telecom). La voce viene ricreata tutte le volte che ti colleghi ad Internet.

Del log di panda mi piacciono poco:
exsplorer.lnk a quale processo punta il link?
smdat32a.sys è collegato all´adware Topsearch.

Quoto Smjert e ti chiedo di fare una nuova scansione con il tuo AV dalla modalità provvisoria e se vuoi posta un log di HijackThis. Il fatto che l´analisi automatica non ti rilevi nulla è positivo, ma è sempre meglio dargli una occhiata.

Non ti dimenticare di cancellare anche la cache di Java (file temporanei di java) dal pannello di controllo.

Ti consiglio anche di provare la scansione online con Bitdefender
http://www.bitdefender.com/scan8/ie.html

Ciao Smile

sabatino · Eroe Registrato: 12/06/06 15:47 Messaggi: 72

Logfile of HijackThis v1.99.1
Scan saved at 10.47.44, on 13/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\bcmntray.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\HPQ\Shared\hpqwmi.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\BearShare\BearShare.exe
C:\Documents and Settings\utente\Documenti\software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06IXLRD_1886343] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138189427172
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C01C8D1-27E3-4773-B6E6-4AC107EA4EA4}: NameServer = 85.37.17.9 85.38.28.75
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

eccolo

sabatino · Eroe Registrato: 12/06/06 15:47 Messaggi: 72

Logfile of HijackThis v1.99.1
Scan saved at 10.47.44, on 13/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\bcmntray.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\HPQ\Shared\hpqwmi.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\BearShare\BearShare.exe
C:\Documents and Settings\utente\Documenti\software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06IXLRD_1886343] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138189427172
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C01C8D1-27E3-4773-B6E6-4AC107EA4EA4}: NameServer = 85.37.17.9 85.38.28.75
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

eccoloora provo dalla modalità provvisoria

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

Il log in effetti non ha apparentemente niente di allarmante. Alcune delle cose che ti rileva Norton sono veicolate attraverso le reti Peer to Peer. Vedo che hai tra i processi attivi Bearshare, ma nel log non è presente nelle chiavi di avvio. Mi dovresti dire:
- lo avevi apeto tu prima di fare il log con HijackThis?
- Sei sicuro di averlo scaricato da un sito affidabile?
- Hai provato a vedere se hai problemi di popup anche con Bearshare chiuso?

Poi devo chiederti alcune verifiche:

1) fai una ricerca se trovi questo file mscornet.exe sul computer. Prima assicurati di visualizzare i file nascosti e di sistema.

sabatino · Eroe Registrato: 12/06/06 15:47 Messaggi: 72

allora , innanzitutto grazie mille

poi regedit e prompt dei comandi aprendoli non mi danno problemi di alcun genere.

il file mscornet.exe non c'è

il file exsplorer.lnk se è quello che ho capito è un collegamento e aprendolo con blocco note mi esce questo

L À FÁ ? h?S? Bi¢ê +00p a? h t t p : / / w w w . a r c h i v i o s e x . n e t / m e m b e r s / i n d e x 2 . p h p ? 2 1 8 4 u r l . d l l

poi non ricordo se bearshare lo avevo già avviato prima di hijackthis, comunque lo ho scaricato da uno di quei siti che ti propongono più software di file sharing , dando un voto, analizzandoli, pareva affidabile

ecco i log
winpfind

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 19/08/2004 10.00.00 41144 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 06/01/2006 19.06.34 573952 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 06/01/2006 19.06.34 573952 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 17/05/2006 11.23.38 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 04/05/2006 6.26.22 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04/05/2006 6.26.22 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 19/08/2004 10.00.00 729600 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 19/08/2004 10.00.00 674816 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 27/04/2006 17.49.30 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe
UPX! 09/01/2006 10.36.04 42496 C:\WINDOWS\SYSTEM32\swreg.exe
UPX! 09/01/2006 10.36.06 40960 C:\WINDOWS\SYSTEM32\swsc.exe
winsync 19/08/2004 10.00.00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
13/06/2006 12.58.26 S 2048 C:\WINDOWS\bootstat.dat
13/06/2006 12.59.40 H 54156 C:\WINDOWS\QTFont.qfn
17/05/2006 11.24.42 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WGA.cat
13/06/2006 13.06.16 H 1024 C:\WINDOWS\system32\config\default.LOG
13/06/2006 19.24.58 H 1024 C:\WINDOWS\system32\config\SAM.LOG
13/06/2006 19.25.52 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
13/06/2006 19.52.16 H 1024 C:\WINDOWS\system32\config\software.LOG
13/06/2006 19.46.36 H 1024 C:\WINDOWS\system32\config\system.LOG
12/05/2006 19.33.06 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
03/01/2010 15.13.32 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\59af1046-1bef-48b4-84d8-fe0f4ce6b78c
13/06/2006 12.58.30 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 19/08/2004 10.00.00 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 19/08/2004 10.00.00 553472 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 11/05/2005 11.21.28 1138688 C:\WINDOWS\SYSTEM32\bcmcfg.cpl
Microsoft Corporation 19/08/2004 10.00.00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 19/08/2004 10.00.00 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 19/08/2004 10.00.00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 19/08/2004 10.00.00 156160 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 19/08/2004 10.00.00 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 19/08/2004 10.00.00 132608 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 19/08/2004 10.00.00 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 19/08/2004 10.00.00 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 03/06/2005 3.52.54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 19/08/2004 10.00.00 188928 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 19/08/2004 10.00.00 623616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 19/08/2004 10.00.00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 19/08/2004 10.00.00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 19/08/2004 10.00.00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 19/08/2004 10.00.00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 19/08/2004 10.00.00 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 24/10/2003 2.42.28 316416 C:\WINDOWS\SYSTEM32\QuickTime.cpl
08/04/2005 11.05.52 110592 C:\WINDOWS\SYSTEM32\SmartAudio.cpl
Microsoft Corporation 19/08/2004 10.00.00 301568 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 19/08/2004 10.00.00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 19/08/2004 10.00.00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Hewlett-Packard Company 04/05/2005 10.59.44 81920 C:\WINDOWS\SYSTEM32\WACntlPnl.cpl
Microsoft Corporation 19/08/2004 10.00.00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 5.16.32 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/05/2005 5.16.32 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
26/05/2006 10.08.54 1737 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
30/08/2004 13.08.20 HS 84 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
03/01/2006 15.10.22 1678 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DVD Check.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
30/08/2004 14.56.08 HS 62 C:\Documents and Settings\All Users\Dati applicazioni\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
30/08/2004 13.08.20 HS 84 C:\Documents and Settings\utente\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
30/08/2004 14.56.08 HS 62 C:\Documents and Settings\utente\Dati applicazioni\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Document Manager
{666C78C1-A9B6-4AB4-94ED-DC238C81E925} = C:\Programmi\HPQ\IAM\Bin\SFSShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programmi\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Trojan Remover
{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programmi\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Blocco menu Start = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Trojan Remover
{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Document Manager
{666C78C1-A9B6-4AB4-94ED-DC238C81E925} = C:\Programmi\HPQ\IAM\Bin\SFSShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programmi\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programmi\WinAce\arcext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programmi\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Suggerimenti = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programmi\Norton AntiVirus\NavShExt.dll
{147D6308-0614-4112-89B1-31402F9B82C4} = Encarta Web Companion : C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\programmi\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Ricerche :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B205A35E-1FC4-4CE3-818B-899DBBB3388C}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programmi\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
Barra di Explorer per la ricerca file = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programmi\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Indirizzo : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = Co&llegamenti : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programmi\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programmi\google\googletoolbar2.dll
{147D6308-0614-4112-89B1-31402F9B82C4} = Encarta Web Companion : C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
ATIPTA C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
PTHOSTTR C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
UpdateManager "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
dla C:\WINDOWS\system32\dla\tfswctrl.exe
SynTPEnh C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
hpWirelessAssistant C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
eabconfg.cpl C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
Cpqset C:\Programmi\HPQ\Default Settings\cpqset.exe
WatchDog C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
Broadcom Wireless Manager UI C:\WINDOWS\system32\bcmntray
ccApp "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
QuickTime Task "C:\Programmi\QuickTime\qttask.exe" -atboottime
TkBellExe "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
BDMCon "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
BDNewsAgent "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Programmi\Messenger\msmsgs.exe" /background
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
E06IXLRD_1886343 "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoCDBurning 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoCloseDragDropBands 0
NoMovingBands 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 13/06/2006 19.52.31

e silentrunners

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Programmi\Messenger\msmsgs.exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"E06IXLRD_1886343" = ""C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = "C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"ATIPTA" = "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"PTHOSTTR" = "C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start" ["Hewlett-Packard Development Company, L.P."]
"UpdateManager" = ""C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"SynTPEnh" = "C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"hpWirelessAssistant" = "C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" ["Hewlett-Packard Company"]
"eabconfg.cpl" = "C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start" ["Hewlett-Packard "]
"Cpqset" = "C:\Programmi\HPQ\Default Settings\cpqset.exe" [null data]
"WatchDog" = "C:\Programmi\InterVideo\DVD Check\DVDCheck.exe" ["InterVideo Inc."]
"Broadcom Wireless Manager UI" = "C:\WINDOWS\system32\bcmntray" ["Broadcom Corporation"]
"ccApp" = ""C:\Programmi\File comuni\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"QuickTime Task" = ""C:\Programmi\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"BDMCon" = ""C:\Programmi\Softwin\BitDefender8\bdmcon.exe"" ["SOFTWIN S.R.L."]
"BDNewsAgent" = ""C:\Programmi\Softwin\BitDefender8\bdnagent.exe"" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Estensione panoramica video del Pannello di controllo"
-> {HKLM...CLSID} = "Estensione panoramica video del Pannello di controllo"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Estensione di icona di HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Programmi\Sonic\RecordNow!\shlext.dll" [null data]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programmi\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{666C78C1-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager"
-> {HKLM...CLSID} = "Document Manager (Shell Extension)"
\InProcServer32\(Default) = "C:\Programmi\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" [file not found]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu Extension"
\InProcServer32\(Default) = "C:\Programmi\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 DragDrop Shell Extension"
-> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
\InProcServer32\(Default) = "C:\Programmi\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Programmi\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Property Sheet Shell Extension"
-> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
\InProcServer32\(Default) = "C:\Programmi\WinAce\arcext.dll" ["e-merge GmbH"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programmi\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8"
-> {HKLM...CLSID} = "BitDefender Antivirus v8"
\InProcServer32\(Default) = "C:\Programmi\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Programmi\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programmi\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"
-> {HKLM...CLSID} = "BitDefender Antivirus v8"
\InProcServer32\(Default) = "C:\Programmi\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]
Document Manager\(Default) = "{666C78C1-A9B6-4AB4-94ED-DC238C81E925}"
-> {HKLM...CLSID} = "Document Manager (Shell Extension)"
\InProcServer32\(Default) = "C:\Programmi\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Programmi\ewido\security suite\context.dll" ["ewido networks"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programmi\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" [file not found]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Programmi\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
Document Manager\(Default) = "{666C78C1-A9B6-4AB4-94ED-DC238C81E925}"
-> {HKLM...CLSID} = "Document Manager (Shell Extension)"
\InProcServer32\(Default) = "C:\Programmi\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Programmi\ewido\security suite\context.dll" ["ewido networks"]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Programmi\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"
-> {HKLM...CLSID} = "BitDefender Antivirus v8"
\InProcServer32\(Default) = "C:\Programmi\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programmi\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" [file not found]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

Startup items in "utente" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
"Avvio veloce di Adobe Reader" -> shortcut to: "C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"DVD Check" -> shortcut to: "C:\Programmi\InterVideo\DVD Check\DVDCheck.exe" ["InterVideo Inc."]

Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scansione del computer - utente" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Programmi\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Programmi\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programmi\google\googletoolbar2.dll" ["Google Inc."]
"{147D6308-0614-4112-89B1-31402F9B82C4}"
-> {HKLM...CLSID} = "Encarta Web Companion"
\InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL" [file not found]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Programmi\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{147D6308-0614-4112-89B1-31402F9B82C4}" = "Encarta Web Companion"
-> {HKLM...CLSID} = "Encarta Web Companion"
\InProcServer32\(Default) = "C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL" [file not found]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programmi\google\googletoolbar2.dll" ["Google Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Ricerche"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_04"
\InProcServer32\(Default) = "C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Ricerche"

{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programmi\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://gw.aliceadsl.it/home

Missing lines (compared with English-language version):
[Strings]: 1 line

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
BitDefender Communicator, XCOMM, ""C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]
BitDefender Scan Server, bdss, ""C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]
Broadcom Wireless LAN Tray Service, wltrysvc, "C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe" [null data]
HP WMI Interface, hpqwmi, "C:\Programmi\HPQ\Shared\hpqwmi.exe" ["Hewlett-Packard Development Company, L.P."]
Local Communication Channel, ASChannel, "C:\WINDOWS\System32\svchost.exe -k Cognizance" {"C:\Programmi\HPQ\IAM\Bin\ASChnl.dll" ["Cognizance Corporation"]}
Machine Debug Manager, MDM, ""C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Servizio Auto-Protect di Norton AntiVirus, navapsvc, ""C:\Programmi\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]
HP Mobile Printing Monitor\Driver = "HPMPMW.DLL" ["Hewlett-Packard"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 51 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 22 seconds.
---------- (total run time: 153 seconds)

grazie mille ancora

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

Ok, dai log non c´è qualcosa di evidentemente infetto, ma solo alcuni file che potrebbero essere sostituiti da altri con analoghi nomi, ma dannosi. Prima di stabilire che si tratta definitivamente di ipocondria Wink

facciamo ancora alcune verifiche.

Per favore, segui con calma questa procedura. Magari stampala o salvala per consultarla con comodo quando sarai offline.

Disinstalla dal Pannello di controllo tutte le versioni di java che hai installato e scarica/installa l´ultima disponibile: http://www.java.com/it/download/index.jsp

scarica ATFCleaner da Atribune e salvalo sul desktop.

Scarica RootkitRevealer e fai una scansione. Al termine salva il log in un file di testo.

Riavvia in modalità provvisoria: premi F8 al Boot subito dopo il caricamento del BIOS e dal menu che comparirà seleziona modalità Provvisoria (safe mode)

Abilita la visualizzazione dei file nascosti e di sistema:

sabatino · Eroe Registrato: 12/06/06 15:47 Messaggi: 72

bene

allora cancellati i file che mi hai detto , controllati su virus scan quegli altri e non mi hanno sottolineato alcun pericolo. Il log di rootkit è questo :

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 15/06/2006 11.07 80 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\All Users\Desktop\BitDefender 8 Free Edition.lnk 11/06/2006 20.06 1.65 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Desktop\Encarta 2006 Enciclopedia Premium DVD.lnk 11/04/2006 18.43 1.91 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Menu Avvio\BitDefender 8 Free Edition.lnk 11/06/2006 20.06 1.72 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Cookies\utente@google[1].txt 15/06/2006 11.25 130 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\utente\Desktop\bitdefender_free_v8.exe 11/06/2006 20.03 13.18 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\bitdefender_free_v8.exe:Zone.Identifier 11/06/2006 20.03 26 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Camera.xls 11/04/2006 10.51 267.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Camera.xls:Zone.Identifier 11/04/2006 10.51 26 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\il_manif.zip 26/04/2006 13.18 45.34 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\il_manif.zip:Zone.Identifier 26/04/2006 13.18 26 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria.htm 14/06/2006 12.45 159.72 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file 14/06/2006 12.45 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\482547398435ea8993aebb.jpg 14/06/2006 10.18 2.34 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\adimage.gif 14/06/2006 10.18 42.49 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\adlog.gif 14/06/2006 12.45 43 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\formIE.css 14/06/2006 12.45 522 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\front.asp 14/06/2006 12.45 333 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_email.gif 14/06/2006 10.18 590 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_mini_faq.gif 14/06/2006 10.17 219 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_mini_groups.gif 14/06/2006 10.17 222 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_mini_login.gif 14/06/2006 10.17 233 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_mini_members.gif 14/06/2006 10.17 223 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_mini_message.gif 14/06/2006 10.17 232 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_mini_profile.gif 14/06/2006 10.17 236 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_mini_register.gif 14/06/2006 10.17 224 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_mini_search.gif 14/06/2006 10.17 237 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_minipost.gif 14/06/2006 10.18 122 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_msnm.gif 14/06/2006 10.18 567 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_pm.gif 14/06/2006 10.18 609 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_profile.gif 14/06/2006 10.18 607 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_quote.gif 14/06/2006 10.18 666 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_smile.gif 14/06/2006 10.18 174 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_wink.gif 14/06/2006 12.38 170 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\icon_www.gif 14/06/2006 10.18 570 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\logo_phpBB.gif 14/06/2006 10.17 18.01 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\no.htm 14/06/2006 12.45 12.03 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\post.gif 14/06/2006 10.18 1.05 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\reb_fiori2.gif 14/06/2006 10.18 297 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\reply.gif 14/06/2006 10.18 1007 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\spacer.gif 14/06/2006 10.18 43 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\zeta.jpg 14/06/2006 10.18 773 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Olimpo Informatico Leggi argomento - sarà ipocondria_file\zn-ticker-da-olimpoinformatico.htm 14/06/2006 12.37 4.13 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Readme.rtf 03/01/2005 17.26 11.48 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Senato.xls 11/04/2006 10.51 285.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\Senato.xls:Zone.Identifier 11/04/2006 10.51 26 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Desktop\x_dtrace_log 13/06/2006 23.11 37.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\utente\Documenti\Camera.xls 15/06/2006 11.11 267.50 KB Hidden from Windows API.
C:\Documents and Settings\utente\Documenti\Camera.xls:Zone.Identifier 15/06/2006 11.11 26 bytes Hidden from Windows API.
C:\Documents and Settings\utente\Documenti\il_manif.txt 15/06/2006 11.12 124.03 KB Hidden from Windows API.
C:\Documents and Settings\utente\Documenti\info.txt 15/06/2006 11.12 2.07 KB Hidden from Windows API.
C:\Documents and Settings\utente\Documenti\Senato.xls 11/04/2006 10.51 285.50 KB Hidden from Windows API.
C:\Documents and Settings\utente\Documenti\software\bitdefender_free_v8.exe 11/06/2006 20.03 13.18 MB Hidden from Windows API.
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\D73ND5K6 15/06/2006 11.26 0 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\D73ND5K6\096[1].htm 15/06/2006 11.26 9.89 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\D73ND5K6\banche[1].gif 15/06/2006 11.26 218 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\D73ND5K6\CA0DSTAN.htm 15/06/2006 11.26 1.73 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\D73ND5K6\desktop.ini 15/06/2006 11.25 67 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\D73ND5K6\google[1].htm 15/06/2006 11.26 3.81 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\D73ND5K6\logo[1].gif 15/06/2006 11.26 8.59 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\D73ND5K6\logo_sm[1].gif 15/06/2006 11.26 4.60 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\D73ND5K6\nav_current[1].gif 15/06/2006 11.26 376 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\D73ND5K6\nav_next[1].gif 15/06/2006 11.26 1.48 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\D73ND5K6\search[1].htm 15/06/2006 11.26 18.36 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\D73ND5K6\show_ads[2].js 15/06/2006 11.26 6.92 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\utente\Recent\info.txt.lnk 15/06/2006 11.12 508 bytes Hidden from Windows API.
C:\RECYCLER\S-1-5-21-1969762298-1083517408-2681842239-1006\Dc4.chm 07/12/2005 15.19 99.77 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\S-1-5-21-1969762298-1083517408-2681842239-1006\Dc5.txt 11/02/2006 10.22 1.92 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\S-1-5-21-1969762298-1083517408-2681842239-1006\Dc6.log 11/06/2006 18.08 8.08 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\KB916281.log 15/06/2006 11.26 2.26 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\LastGood\INF\oem34.inf 15/06/2006 11.26 0 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\LastGood\INF\oem34.PNF 15/06/2006 11.26 0 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf 15/06/2006 11.18 51.63 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\UPDATE.EXE-3810B67B.pf 15/06/2006 11.26 75.31 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 15/06/2006 11.24 64.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\f2da495a7b7a14dc9ad407e5e39009c9 15/06/2006 11.26 0 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\f2da495a7b7a14dc9ad407e5e39009c9\WindowsXP-KB916281-x86-express-ITA.cab 02/06/2006 23.59 160.92 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\00aa01c3264745a279a5f5476751e3c7 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\00aa01c3264745a279a5f5476751e3c7\BIT2EA.tmp 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\13d7be8e5877238864906ff1fca6db8e 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\13d7be8e5877238864906ff1fca6db8e\BIT2ED.tmp 15/06/2006 11.25 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2a125909aa0e681227519e9459d618d8 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2a125909aa0e681227519e9459d618d8\BIT2E3.tmp 15/06/2006 11.25 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\_downloadprogress_.state 15/06/2006 11.26 4 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\_unpacked_.state 15/06/2006 11.26 34 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\_usedelta_.state 15/06/2006 11.26 34 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup 15/06/2006 11.26 0 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr 15/06/2006 11.26 0 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\browseui.dll 04/03/2006 5.34 999.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\cdfview.dll 04/03/2006 5.34 148.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\danim.dll 04/03/2006 5.34 1.01 MB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\dxtmsft.dll 19/08/2004 10.00 349.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\dxtrans.dll 04/03/2006 5.34 200.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\extmgr.dll 04/03/2006 5.34 54.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\iedw.exe 04/03/2006 2.39 18.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\iepeers.dll 04/03/2006 5.34 245.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\inseng.dll 04/03/2006 5.34 94.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\jsproxy.dll 19/08/2004 10.00 15.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\mshtml.dll 23/03/2006 22.32 2.93 MB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\mshtmled.dll 04/03/2006 5.34 438.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\msrating.dll 04/03/2006 5.34 143.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\mstime.dll 04/03/2006 5.34 520.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\pngfilt.dll 04/03/2006 5.34 38.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\shdocvw.dll 30/03/2006 11.27 1.42 MB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\shlwapi.dll 04/03/2006 5.34 463.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\spru0410.dll 30/03/2006 3.16 18.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\urlmon.dll 18/03/2006 13.09 600.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2gdr\wininet.dll 04/03/2006 5.34 645.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe 15/06/2006 11.26 0 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\browseui.dll 04/03/2006 5.34 999.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\cdfview.dll 04/03/2006 5.34 148.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\danim.dll 04/03/2006 5.34 1.01 MB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\dxtmsft.dll 19/08/2004 10.00 349.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\dxtrans.dll 04/03/2006 5.34 200.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\extmgr.dll 04/03/2006 5.34 54.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\iepeers.dll 04/03/2006 5.34 245.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\inseng.dll 04/03/2006 5.34 94.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\jsproxy.dll 19/08/2004 10.00 15.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\mshtml.dll 23/03/2006 22.32 2.93 MB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\mshtmled.dll 04/03/2006 5.34 438.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\msrating.dll 04/03/2006 5.34 143.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\mstime.dll 04/03/2006 5.34 520.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\pngfilt.dll 04/03/2006 5.34 38.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\shdocvw.dll 30/03/2006 11.27 1.42 MB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\shlwapi.dll 04/03/2006 5.34 463.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\urlmon.dll 18/03/2006 13.09 600.00 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\backup\sp2qfe\wininet.dll 04/03/2006 5.34 645.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\BIT2E4.tmp 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\download 15/06/2006 11.26 0 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\download\BIT2F2.tmp 15/06/2006 11.26 0 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\spmsg.dll 13/10/2005 1.17 15.22 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\spuninst.exe 13/10/2005 1.17 210.72 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\susdl.req 15/06/2006 11.26 3.62 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\update 15/06/2006 11.26 0 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\update\branches.inf 29/05/2006 17.34 705 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\update\eula.txt 12/04/2006 1.29 1.01 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\update\KB916281.cat 29/05/2006 18.16 23.19 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\update\spcustom.dll 13/10/2005 1.17 22.22 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\update\update.exe 13/10/2005 1.18 707.22 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\update\update.url 29/05/2006 18.35 5.20 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\update\update.ver 29/05/2006 18.30 3.63 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\update\update_SP2GDR.inf 29/05/2006 18.21 60.49 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\update\update_SP2QFE.inf 29/05/2006 18.17 69.83 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\update\updatebr.inf 29/05/2006 17.34 496 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\update\updspapi.dll 13/10/2005 1.18 381.72 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\45bb4df0996f30f3148dfaa9ef5ae88a\WindowsXP-KB916281-x86-ITA.psm 29/05/2006 9.53 8.59 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\47b8ad8a70ed501938b99225184ae53e 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\47b8ad8a70ed501938b99225184ae53e\BIT2EC.tmp 15/06/2006 11.25 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\60ef69e1aa38eca67426f7948720a3db 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\60ef69e1aa38eca67426f7948720a3db\BIT2E8.tmp 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\71ac2d816a2005d90d8db4af1186cfbd 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\71ac2d816a2005d90d8db4af1186cfbd\BIT2E9.tmp 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7330d0fe2a47b0bc8c313f6a596353c9 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7330d0fe2a47b0bc8c313f6a596353c9\BIT2E5.tmp 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\842433561d7aa53a1b3da8d2fabcbae0 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\842433561d7aa53a1b3da8d2fabcbae0\BIT2E7.tmp 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b8246740bc4e3eb1cf9d5689825a0032 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b8246740bc4e3eb1cf9d5689825a0032\BIT2E6.tmp 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bdcf675d4e2b9964d94cf23d6fa95979 15/06/2006 11.24 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bdcf675d4e2b9964d94cf23d6fa95979\BIT2EB.tmp 15/06/2006 11.25 0 bytes Hidden from Windows API.
C:\WINDOWS\system32\CatRoot\TMP2F1.tmp 19/07/2005 3.01 14.28 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem34.CAT 19/07/2005 3.01 14.28 KB Visible in Windows API, MFT, but not in directory index.

poi ho fatto girare Atf Cleaner .Nessuna difficoltà a eliminare o trovare file. i due pop-up sono uno gokerco.com che poi reindirizza su un pop-up di e-bay, l'altro è di bear-share e pubblicizza un prodotto . Il primo appare spesso all'apertura di explorer, talvolta nel bel mezzo della navigazione , senza coincidenze con alcuni siti. L'altro appare solo qualche volta , e con bearshare aperto.

scansioni online:
Kaspersky non individua nulla di infetto, trendmicro individua vari file infetti:

Cookie_Atdmt
Cookie_BlueStreak
Adware Istbar
Adware ZapChast
Adware BHOT RX toolbar
TSPY_Puper
Adware Need 2 find
Adware 2020 search
(ci sono sì i dettagli di ogni minaccia ma non riesco a loggare il risultato, se puoi spiegarmelo..)

ed ecco fresco di giornata hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15.21.31, on 15/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE
C:\Programmi\HPQ\Shared\hpqwmi.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\SpSubRx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Documents and Settings\utente\Documenti\software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06IXLRD_1886343] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138189427172
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C01C8D1-27E3-4773-B6E6-4AC107EA4EA4}: NameServer = 85.37.17.9 85.38.28.75
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TI - Sysinternals - www.sysinternals.com - C:\DOCUME~1\utente\IMPOST~1\Temp\TI.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

ti ringrazio ancora

ps. Io non ho cancellato i file individuatimi da trendmicro, perchè diceva di stare attenti e badare bene a ciò che si eliminava. Dimmi tu

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

A me sembra tutto a posto Rolling Eyes

io mi fiderei di Trend Micro e cancellerei quello che trova di infetto: non è normale che trovi dei falsi positivi.

Quelle infezioni, se guardi il tuo primo log, te le trovava anche Panda, ma non erano associate a dei file. Sembravano dei residui nel registro rimasti dopo qualche pulizia.

Non riesci a vedere se Trend Micro trova dei file o solo delle voci di registro?

Non conosco Bearshare, ma penso che hai scaricato una versione contenente un adware. Per questo ti propina le finestre di popup. Prova a disinstallarlo e vedi se scompaiono, poi lo reinstalli scaricandolo dal sito ufficiale.

Ciao Smile

sabatino · Eroe Registrato: 12/06/06 15:47 Messaggi: 72

si trend micro mi individua voci di registro che ho cancellato. Ora farò quanto suggeritomi. Grazie ancora e perdona la mia "appucundria" direbbe pino.

Ciao Very Happy