|
| Precedente :: Successivo |
| Autore |
Messaggio |
cosmic
Mortale pio
Registrato: 02/01/08 14:43
Messaggi: 19
|
 Inviato: 04 Gen 2008 12:10 Oggetto: Cronologia IE: file tmp "visitati" in Risorse del |
 |
|
PC appena avviato: in Cronologia IE di oggi trovo dei file temporanei "visitati" in Risorse del Computer:
C:/Documents and Settings/cosmic/Impostazioni locali/Temp/STSA.tmp
C:/Documents and Settings/cosmic/Impostazioni locali/Temp/STS8.tmp
C:/Documents and Settings/cosmic/Impostazioni locali/Temp/STSB2.tmp
Effettivamente altre volte avevo notato dei file tmp in Cronologia, il fatto è che la finestra Cronologia non la tengo quasi mai aperta!
Che cosa possono essere?
N.B.: ho da poco risolto (spero risolto davvero e bene) il problema descritto qui http://forum.zeusnews.com/viewtopic.php?t=21605&start=0&postdays=0&postorder=asc&highlight=
Di seguito il log di HijackThis, se può servire:
Logfile of HijackThis v1.99.1
Scan saved at 11.04.59, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\cosmic\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\varie\utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beppegrillo.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series LPT3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SA4.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: wkcalrem.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmi\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
Grazie mille |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 04 Gen 2008 12:39 Oggetto: |
|
|
Ciao cosmic, 
Ci sono un paio di voci sospette nel log di hijackthis ma, prima di procedere oltre, segui le istruzioni di questo topic per postare il log di combofix.
PS: se vuoi, puoi presentarti qui |
|
| Top |
|
|
cosmic
Mortale pio
Registrato: 02/01/08 14:43
Messaggi: 19
|
| Inviato: 04 Gen 2008 13:24 Oggetto: log |
|
|
OK, ora posto il log di Combofix, poi quello aggiornato di HijackThis (che magari non è cambiato...)
ComboFix 08-01-04.1 - cosmic 2008-01-04 12.04.28.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.480 [GMT 1:00]
Eseguito da: C:\Documents and Settings\cosmic\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\utente2\err.log
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\NPF
((((((((((((((((((((((((( Files Creati Da 2007-12-04 al 2008-01-04 )))))))))))))))))))))))))))))))))))
.
2008-01-04 12:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 19:01 . 2007-12-30 19:01 108 --a------ C:\index.ini
2007-12-30 18:47 . 2007-12-30 18:47 <DIR> d-------- C:\Programmi\CCleaner
2007-12-30 18:35 . 2007-12-30 18:35 60,416 --a------ C:\WINDOWS\system32\drivers\baurv^pr.sys
2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\!KillBox
2007-12-30 17:51 . 2003-07-10 10:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2007-12-30 17:51 . 2003-07-10 10:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2007-12-30 17:51 . 2003-09-05 11:27 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2007-12-30 17:51 . 2003-07-10 10:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2007-12-30 17:51 . 2003-07-10 10:32 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2007-12-30 17:51 . 2003-07-10 10:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2007-12-30 17:51 . 2003-09-05 11:27 <DIR> dr------- C:\Documents and Settings\Administrator\Documenti
2007-12-30 17:51 . 2003-09-05 11:29 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Acer
2007-12-30 17:51 . 2003-07-10 10:32 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2007-12-26 18:19 . 2007-12-26 18:28 10 --a------ C:\WINDOWS\WININIT.INI
2007-12-25 06:54 . 2007-12-25 06:54 <DIR> d--hs---- C:\FOUND.016
2007-12-24 16:08 . 2007-12-24 16:08 <DIR> d-------- C:\Programmi\MIKSOFT
2007-12-22 11:01 . 2007-12-22 11:01 <DIR> d-------- C:\Programmi\DSP-worx
2007-12-20 21:22 . 2007-12-20 21:22 <DIR> d-------- C:\archivio download
2007-12-20 20:08 . 2007-12-20 20:08 <DIR> d--hs---- C:\FOUND.015
2007-12-16 14:24 . 2007-12-16 14:24 <DIR> d-------- C:\Programmi\uTorrent
2007-12-16 14:23 . 2007-12-16 14:23 <DIR> d-------- C:\Documents and Settings\cosmic\Dati applicazioni\uTorrent
2007-12-16 10:51 . 2007-12-16 10:51 <DIR> d-------- C:\Programmi\SopCast
2007-12-16 01:27 . 2007-12-16 01:27 <DIR> d-------- C:\Documents and Settings\cosmic\Dati applicazioni\vlc
2007-12-16 01:25 . 2007-12-16 01:25 <DIR> d-------- C:\Programmi\VideoLAN
2007-12-15 16:18 . 2007-12-15 16:18 <DIR> d-------- C:\Programmi\AdunanzA
2007-12-14 16:11 . 2007-12-14 16:11 <DIR> d--hs---- C:\FOUND.014
2007-12-07 00:27 . 2007-12-07 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 14:21 --------- d-----w C:\Programmi\a-squared HiJackFree
2007-11-23 21:17 --------- d-----w C:\Programmi\Lavasoft
2007-11-23 21:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2007-11-23 21:16 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2007-11-23 20:45 --------- d-----w C:\Programmi\Enigma Software Group
2007-11-23 18:53 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2007-11-14 07:27 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 09:56 3,086,848 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:42 8,489,472 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:11 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:11 668,672 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:11 619,008 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:11 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:11 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:11 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:11 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:11 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:11 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:11 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:11 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:11 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:11 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:11 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:11 1,498,624 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:11 1,056,256 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:11 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-10-02 23:02 81,920 ----a-w C:\Documents and Settings\cosmic\Dati applicazioni\ezpinst.exe
2007-10-02 23:02 47,360 ----a-w C:\Documents and Settings\cosmic\Dati applicazioni\pcouffin.sys
2006-09-10 22:36 110 ----a-w C:\Documents and Settings\cosmic\Dati applicazioni\wklnhst.dat
2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [ ]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 23:07 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-12-13 21:31 151552]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-19 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 00:25 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 00:22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 00:26 118784]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"ntiMUI"="C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 02:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 23:21 53248]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 18:41 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-04-03 17:03 471040]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-03-31 10:47 225280]
"LogitechCameraAssistant"="C:\Programmi\Acer\OrbiCam\CameraAssistant.exe" [2006-03-31 10:24 331776]
"LogitechVideo[inspector]"="C:\Programmi\Acer\OrbiCam\InstallHelper.exe" [2006-03-31 10:32 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Share-to-Web Namespace Daemon"="C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 20:15 579072]
"IntelliPoint"="C:\Programmi\Microsoft IntelliPoint\point32.exe" [2005-03-24 00:26 217088]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"NWEReboot"="" []
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11 102491]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11 692315]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 03:43 69632 C:\WINDOWS\Alcmtr.exe]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"@"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 05:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 17:14 219136]
C:\Documents and Settings\cosmic\Menu Avvio\Programmi\Esecuzione automatica\
wkcalrem.LNK - C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 09:54:24]
FreePOPs.lnk - C:\Programmi\FreePOPs\freepopsd.exe [2007-06-22 21:17:44]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-09 21:18:30]
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-10-19 01:38:14]
HP Digital Imaging Monitor.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
Avvio rapido HP Photosmart Premier.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 01:14]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-03-30 20:11]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 05:00]
S3 AF05BDA;Cinergy T USB XE service;C:\WINDOWS\system32\drivers\AF05BDA.sys [2006-06-29 13:42]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-04-03 15:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14e1568a-4858-11dc-9e06-0016364e5d7f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-04 11:08:24 C:\WINDOWS\Tasks\ocyv.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:24 C:\WINDOWS\Tasks\gzl.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:24 C:\WINDOWS\Tasks\vfmsues.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:24 C:\WINDOWS\Tasks\ciku.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:24 C:\WINDOWS\Tasks\mwq.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:24 C:\WINDOWS\Tasks\nnnhfyzs.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:24 C:\WINDOWS\Tasks\retfhz.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\shdr.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\shhdn.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\zbtll.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\smn.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\qgsdtzx.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\ctl.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\tuylxjsh.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\hnlslkpd.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\sdthypeu.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\htxylk.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\zshio.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\aywk.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\pxodhi.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\egwemjwi.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\ving.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\tvxo.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\lnzaqc.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\axd.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\gokvdyoo.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\zbnrw.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\tqrodfg.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\zaarod.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\irf.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\siggtdl.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\ddljxwzz.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\hyhtgej.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\vekmte.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\ohxmfk.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\kjmc.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\xmafc.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\bjwjyb.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\bhsrca.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\kpeksf.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\ymr.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\fgdqni.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\vlt.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\bgqnwenv.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\mnls.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\fku.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\kwnmbwle.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\fkslnfh.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\dgk.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\nghp.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\ppgtzm.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\seyo.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\vkpq.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\yywtorqs.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\atrav.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\qsvkg.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\zepnf.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\eynwsxmv.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\illsoitb.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\wfgset.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\gjz.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\bpedje.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\mbzp.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\hgx.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\nbhef.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\zysu.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\ieyssd.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\zfpwzsmx.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\wzkpkeer.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\spcoitl.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\ydd.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\uhequr.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:22 C:\WINDOWS\Tasks\tka.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\isxosz.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\prdk.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\sbnna.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\ewmri.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\mel.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\zscwkub.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\gqwronpc.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\bcazga.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\bqk.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\wlpnlpn.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\hgv.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\xck.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\xzhwfj.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\hreqhl.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\xintx.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\jgl.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\rigbmv.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\sglqxoqk.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\bzbbx.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\lrmyozu.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\rjcqqgg.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\iznajs.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\zijmjs.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\ptawlbbd.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\fevrpmk.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\hpty.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\nrwtjm.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\llo.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\trl.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\iets.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\xafo.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\drs.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\yhb.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\xzod.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\shvuy.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\ifodmg.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\xjlxhpf.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\qdarp.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\sabocae.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\vow.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\nrvlu.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\zkehjq.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\rwfikk.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\nng.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\hlac.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\mwnuw.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\xoco.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\iuldufgh.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\igzkrq.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\bblxt.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\rdg.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\mzfpf.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\bolcxclk.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\tue.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\lhoauqu.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\cdcfu.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\ndqfih.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\tnmtenub.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\jahfvu.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\dbphjs.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\rfsxg.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\cnavimm.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\hji.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\oenoeb.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\evimmi.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\aeu.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\vnibx.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\rjdlwpmh.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\ypghrkpr.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\ibrtadmd.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\ohmon.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\tmz.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\mvpuizzj.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\xkjtr.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\wnosln.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\drtcxreu.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\qfgueuyt.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\ggfot.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\liaa.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\jsjuix.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\fhua.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\yfegq.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\dahjio.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\strtr.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\bjk.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\fcbdj.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\trgr.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\veb.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\ychtgxxy.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\fhrq.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\fsplvnjl.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\evmtj.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\ajcexgyf.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\uhqdni.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\tslnuka.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\mfgw.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\twm.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\qizngda.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\tzkxj.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\pxgktig.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\qnfcm.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\pqbvtypo.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:20 C:\WINDOWS\Tasks\rqepnqxz.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\wpkssrw.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\mpcndlg.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\pgsycs.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\rqjj.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\enzqjbqb.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\ylsfriqt.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\oawnt.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\junc.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\dnqmf.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\xjh.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\zhzpe.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\glm.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\qwfdy.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\eduujou.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\igqehxmq.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\dkwm.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\pjnb.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\fle.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\ufg.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\pmt.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\qbkzl.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\ltnwiue.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\yjtwru.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\jghwaiob.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\shyrkm.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\bzdmfc.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\yqxtxyyg.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\zmdqg.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\mmvys.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\vxl.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\yoplhuhj.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\ciklhwok.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\amin.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\enrwyp.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\mpwce.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\nnh.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\wnpx.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\akavmrt.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\fcmvjbr.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\zujxaeu.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\testsw.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\ixxafid.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\ryievbhi.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\eswvx.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\svd.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\eacxg.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\luhqfhmu.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\xci.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\edb.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\vjo.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\gwsyzibd.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\dkzjczef.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\kbxnu.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\ipkpk.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\kmkfv.job"
- c:\windows\system32\srvirsbu.exe
"2008-01-04 11:08:18 C:\WINDOWS\Tasks\zbdjx.job"
- c:\windows\system32\srvirsbu.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 12:09:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-01-04 12:10:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-04 11:10:42
.
2007-12-22 06:59:05 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 12.14.54, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\cosmic\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
D:\varie\utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beppegrillo.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: wkcalrem.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmi\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
Che ne dici??
...ora vado a presentarmi... so che ci tieni... |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 04 Gen 2008 13:28 Oggetto: |
|
|
Che dico?
Che di casini ne hai parecchi. 
Lasciami dare un'occhiata con calma, ci sentiamo dopo. |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 04 Gen 2008 14:33 Oggetto: |
|
|
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
| Citazione: | Files to delete:
c:\windows\system32\srvirsbu.exe
C:\WINDOWS\Tasks\ocyv.job
C:\WINDOWS\Tasks\gzl.job
C:\WINDOWS\Tasks\vfmsues.job
C:\WINDOWS\Tasks\ciku.job
C:\WINDOWS\Tasks\mwq.job
C:\WINDOWS\Tasks\nnnhfyzs.job
C:\WINDOWS\Tasks\retfhz.job
C:\WINDOWS\Tasks\shdr.job
C:\WINDOWS\Tasks\shhdn.job
C:\WINDOWS\Tasks\zbtll.job
C:\WINDOWS\Tasks\smn.job
C:\WINDOWS\Tasks\qgsdtzx.job
C:\WINDOWS\Tasks\ctl.job
C:\WINDOWS\Tasks\tuylxjsh.job
C:\WINDOWS\Tasks\hnlslkpd.job
C:\WINDOWS\Tasks\sdthypeu.job
C:\WINDOWS\Tasks\htxylk.job
C:\WINDOWS\Tasks\zshio.job
C:\WINDOWS\Tasks\aywk.job
C:\WINDOWS\Tasks\pxodhi.job
C:\WINDOWS\Tasks\egwemjwi.job
C:\WINDOWS\Tasks\ving.job
C:\WINDOWS\Tasks\tvxo.job
C:\WINDOWS\Tasks\lnzaqc.job
C:\WINDOWS\Tasks\axd.job
C:\WINDOWS\Tasks\gokvdyoo.job
C:\WINDOWS\Tasks\zbnrw.job
C:\WINDOWS\Tasks\tqrodfg.job
C:\WINDOWS\Tasks\zaarod.job
C:\WINDOWS\Tasks\irf.job
C:\WINDOWS\Tasks\siggtdl.job
C:\WINDOWS\Tasks\ddljxwzz.job
C:\WINDOWS\Tasks\hyhtgej.job
C:\WINDOWS\Tasks\vekmte.job
C:\WINDOWS\Tasks\ohxmfk.job
C:\WINDOWS\Tasks\kjmc.job
C:\WINDOWS\Tasks\xmafc.job
C:\WINDOWS\Tasks\bjwjyb.job
C:\WINDOWS\Tasks\bhsrca.job
C:\WINDOWS\Tasks\kpeksf.job
C:\WINDOWS\Tasks\ymr.job
C:\WINDOWS\Tasks\fgdqni.job
C:\WINDOWS\Tasks\vlt.job
C:\WINDOWS\Tasks\bgqnwenv.job
C:\WINDOWS\Tasks\mnls.job
C:\WINDOWS\Tasks\fku.job
C:\WINDOWS\Tasks\kwnmbwle.job
C:\WINDOWS\Tasks\fkslnfh.job
C:\WINDOWS\Tasks\dgk.job
C:\WINDOWS\Tasks\nghp.job
C:\WINDOWS\Tasks\ppgtzm.job
C:\WINDOWS\Tasks\seyo.job
C:\WINDOWS\Tasks\vkpq.job
C:\WINDOWS\Tasks\yywtorqs.job
C:\WINDOWS\Tasks\atrav.job
C:\WINDOWS\Tasks\qsvkg.job
C:\WINDOWS\Tasks\zepnf.job
C:\WINDOWS\Tasks\eynwsxmv.job
C:\WINDOWS\Tasks\illsoitb.job
C:\WINDOWS\Tasks\wfgset.job
C:\WINDOWS\Tasks\gjz.job
C:\WINDOWS\Tasks\bpedje.job
C:\WINDOWS\Tasks\mbzp.job
C:\WINDOWS\Tasks\hgx.job
C:\WINDOWS\Tasks\nbhef.job
C:\WINDOWS\Tasks\zysu.job
C:\WINDOWS\Tasks\ieyssd.job
C:\WINDOWS\Tasks\zfpwzsmx.job
C:\WINDOWS\Tasks\wzkpkeer.job
C:\WINDOWS\Tasks\spcoitl.job
C:\WINDOWS\Tasks\ydd.job
C:\WINDOWS\Tasks\uhequr.job
C:\WINDOWS\Tasks\tka.job
C:\WINDOWS\Tasks\isxosz.job
C:\WINDOWS\Tasks\prdk.job
C:\WINDOWS\Tasks\sbnna.job
C:\WINDOWS\Tasks\ewmri.job
C:\WINDOWS\Tasks\mel.job
C:\WINDOWS\Tasks\zscwkub.job
C:\WINDOWS\Tasks\gqwronpc.job
C:\WINDOWS\Tasks\bcazga.job
C:\WINDOWS\Tasks\bqk.job
C:\WINDOWS\Tasks\wlpnlpn.job
C:\WINDOWS\Tasks\hgv.job
C:\WINDOWS\Tasks\xck.job
C:\WINDOWS\Tasks\xzhwfj.job
C:\WINDOWS\Tasks\hreqhl.job
C:\WINDOWS\Tasks\xintx.job
C:\WINDOWS\Tasks\jgl.job
C:\WINDOWS\Tasks\rigbmv.job
C:\WINDOWS\Tasks\sglqxoqk.job
C:\WINDOWS\Tasks\bzbbx.job
C:\WINDOWS\Tasks\lrmyozu.job
C:\WINDOWS\Tasks\rjcqqgg.job
C:\WINDOWS\Tasks\iznajs.job
C:\WINDOWS\Tasks\zijmjs.job
C:\WINDOWS\Tasks\ptawlbbd.job
C:\WINDOWS\Tasks\fevrpmk.job
C:\WINDOWS\Tasks\hpty.job
C:\WINDOWS\Tasks\nrwtjm.job
C:\WINDOWS\Tasks\llo.job
C:\WINDOWS\Tasks\trl.job
C:\WINDOWS\Tasks\iets.job
C:\WINDOWS\Tasks\xafo.job
C:\WINDOWS\Tasks\drs.job
C:\WINDOWS\Tasks\yhb.job
C:\WINDOWS\Tasks\xzod.job
C:\WINDOWS\Tasks\shvuy.job
C:\WINDOWS\Tasks\ifodmg.job
C:\WINDOWS\Tasks\xjlxhpf.job
C:\WINDOWS\Tasks\qdarp.job
C:\WINDOWS\Tasks\sabocae.job
C:\WINDOWS\Tasks\vow.job
C:\WINDOWS\Tasks\nrvlu.job
C:\WINDOWS\Tasks\zkehjq.job
C:\WINDOWS\Tasks\rwfikk.job
C:\WINDOWS\Tasks\nng.job
C:\WINDOWS\Tasks\hlac.job
C:\WINDOWS\Tasks\mwnuw.job
C:\WINDOWS\Tasks\xoco.job
C:\WINDOWS\Tasks\iuldufgh.job
C:\WINDOWS\Tasks\igzkrq.job
C:\WINDOWS\Tasks\bblxt.job
C:\WINDOWS\Tasks\rdg.job
C:\WINDOWS\Tasks\mzfpf.job
C:\WINDOWS\Tasks\bolcxclk.job
C:\WINDOWS\Tasks\tue.job
C:\WINDOWS\Tasks\lhoauqu.job
C:\WINDOWS\Tasks\cdcfu.job
C:\WINDOWS\Tasks\ndqfih.job
C:\WINDOWS\Tasks\tnmtenub.job
C:\WINDOWS\Tasks\jahfvu.job
C:\WINDOWS\Tasks\dbphjs.job
C:\WINDOWS\Tasks\rfsxg.job
C:\WINDOWS\Tasks\cnavimm.job
C:\WINDOWS\Tasks\hji.job
C:\WINDOWS\Tasks\oenoeb.job
C:\WINDOWS\Tasks\evimmi.job
C:\WINDOWS\Tasks\aeu.job
C:\WINDOWS\Tasks\vnibx.job
C:\WINDOWS\Tasks\rjdlwpmh.job
C:\WINDOWS\Tasks\ypghrkpr.job
C:\WINDOWS\Tasks\ibrtadmd.job
C:\WINDOWS\Tasks\ohmon.job
C:\WINDOWS\Tasks\tmz.job
C:\WINDOWS\Tasks\mvpuizzj.job
C:\WINDOWS\Tasks\xkjtr.job
C:\WINDOWS\Tasks\wnosln.job
C:\WINDOWS\Tasks\drtcxreu.job
C:\WINDOWS\Tasks\qfgueuyt.job
C:\WINDOWS\Tasks\ggfot.job
C:\WINDOWS\Tasks\liaa.job
C:\WINDOWS\Tasks\jsjuix.job
C:\WINDOWS\Tasks\fhua.job
C:\WINDOWS\Tasks\yfegq.job
C:\WINDOWS\Tasks\dahjio.job
C:\WINDOWS\Tasks\strtr.job
C:\WINDOWS\Tasks\bjk.job
C:\WINDOWS\Tasks\fcbdj.job
C:\WINDOWS\Tasks\trgr.job
C:\WINDOWS\Tasks\veb.job
C:\WINDOWS\Tasks\ychtgxxy.job
C:\WINDOWS\Tasks\fhrq.job
C:\WINDOWS\Tasks\fsplvnjl.job
C:\WINDOWS\Tasks\evmtj.job
C:\WINDOWS\Tasks\ajcexgyf.job
C:\WINDOWS\Tasks\uhqdni.job
C:\WINDOWS\Tasks\tslnuka.job
C:\WINDOWS\Tasks\mfgw.job
C:\WINDOWS\Tasks\twm.job
C:\WINDOWS\Tasks\qizngda.job
C:\WINDOWS\Tasks\tzkxj.job
C:\WINDOWS\Tasks\pxgktig.job
C:\WINDOWS\Tasks\qnfcm.job
C:\WINDOWS\Tasks\pqbvtypo.job
C:\WINDOWS\Tasks\rqepnqxz.job
C:\WINDOWS\Tasks\wpkssrw.job
C:\WINDOWS\Tasks\mpcndlg.job
C:\WINDOWS\Tasks\pgsycs.job
C:\WINDOWS\Tasks\rqjj.job
C:\WINDOWS\Tasks\enzqjbqb.job
C:\WINDOWS\Tasks\ylsfriqt.job
C:\WINDOWS\Tasks\oawnt.job
C:\WINDOWS\Tasks\junc.job
C:\WINDOWS\Tasks\dnqmf.job
C:\WINDOWS\Tasks\xjh.job
C:\WINDOWS\Tasks\zhzpe.job
C:\WINDOWS\Tasks\glm.job
C:\WINDOWS\Tasks\qwfdy.job
C:\WINDOWS\Tasks\eduujou.job
C:\WINDOWS\Tasks\igqehxmq.job
C:\WINDOWS\Tasks\dkwm.job
C:\WINDOWS\Tasks\pjnb.job
C:\WINDOWS\Tasks\fle.job
C:\WINDOWS\Tasks\ufg.job
C:\WINDOWS\Tasks\pmt.job
C:\WINDOWS\Tasks\qbkzl.job
C:\WINDOWS\Tasks\ltnwiue.job
C:\WINDOWS\Tasks\yjtwru.job
C:\WINDOWS\Tasks\jghwaiob.job
C:\WINDOWS\Tasks\shyrkm.job
C:\WINDOWS\Tasks\bzdmfc.job
C:\WINDOWS\Tasks\yqxtxyyg.job
C:\WINDOWS\Tasks\zmdqg.job
C:\WINDOWS\Tasks\mmvys.job
C:\WINDOWS\Tasks\vxl.job
C:\WINDOWS\Tasks\yoplhuhj.job
C:\WINDOWS\Tasks\ciklhwok.job
C:\WINDOWS\Tasks\amin.job
C:\WINDOWS\Tasks\enrwyp.job
C:\WINDOWS\Tasks\mpwce.job
C:\WINDOWS\Tasks\nnh.job
C:\WINDOWS\Tasks\wnpx.job
C:\WINDOWS\Tasks\akavmrt.job
C:\WINDOWS\Tasks\fcmvjbr.job
C:\WINDOWS\Tasks\zujxaeu.job
C:\WINDOWS\Tasks\testsw.job
C:\WINDOWS\Tasks\ixxafid.job
C:\WINDOWS\Tasks\ryievbhi.job
C:\WINDOWS\Tasks\eswvx.job
C:\WINDOWS\Tasks\svd.job
C:\WINDOWS\Tasks\eacxg.job
C:\WINDOWS\Tasks\luhqfhmu.job
C:\WINDOWS\Tasks\xci.job
C:\WINDOWS\Tasks\edb.job
C:\WINDOWS\Tasks\vjo.job
C:\WINDOWS\Tasks\gwsyzibd.job
C:\WINDOWS\Tasks\dkzjczef.job
C:\WINDOWS\Tasks\kbxnu.job
C:\WINDOWS\Tasks\ipkpk.job
C:\WINDOWS\Tasks\kmkfv.job
C:\WINDOWS\Tasks\zbdjx.job |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato. |
|
| Top |
|
|
cosmic
Mortale pio
Registrato: 02/01/08 14:43
Messaggi: 19
|
| Inviato: 05 Gen 2008 01:36 Oggetto: mmh |
|
|
avenger: dopo il riavvio, finestra di errore (voleva il disco di windows?!?)
devo rifare?
Log aggiornato di Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 00:32, on 2008-01-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\DOCUME~1\cosmic\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\varie\utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beppegrillo.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: wkcalrem.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmi\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
ora procedo con kaspersky... |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 05 Gen 2008 11:28 Oggetto: Re: mmh |
|
|
| cosmic ha scritto: | avenger: dopo il riavvio, finestra di errore (voleva il disco di windows?!?)
devo rifare? |
Cerca il file C:\avenger.txt e postalo, così vediamo cosa è successo. |
|
| Top |
|
|
cosmic
Mortale pio
Registrato: 02/01/08 14:43
Messaggi: 19
|
| Inviato: 05 Gen 2008 12:08 Oggetto: boh |
|
|
ecco che c'è scritto in avenger.txt:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\umrykicr
*******************
Script file located at: dnoqiac^
Could not open script file! Error
Could not open script file! Status: 0xc000003b Abort!
Devo ancora fare la procedura Kaspersky, ieri ho visto che era una scansione lunga e non potevo finirla... ...procedo... a dopo |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 05 Gen 2008 12:22 Oggetto: |
|
|
Apri un nuovo file con notepad e inserisci queste righe:
| Citazione: | File::
c:\windows\system32\srvirsbu.exe
C:\WINDOWS\Tasks\ocyv.job
C:\WINDOWS\Tasks\gzl.job
C:\WINDOWS\Tasks\vfmsues.job
C:\WINDOWS\Tasks\ciku.job
C:\WINDOWS\Tasks\mwq.job
C:\WINDOWS\Tasks\nnnhfyzs.job
C:\WINDOWS\Tasks\retfhz.job
C:\WINDOWS\Tasks\shdr.job
C:\WINDOWS\Tasks\shhdn.job
C:\WINDOWS\Tasks\zbtll.job
C:\WINDOWS\Tasks\smn.job
C:\WINDOWS\Tasks\qgsdtzx.job
C:\WINDOWS\Tasks\ctl.job
C:\WINDOWS\Tasks\tuylxjsh.job
C:\WINDOWS\Tasks\hnlslkpd.job
C:\WINDOWS\Tasks\sdthypeu.job
C:\WINDOWS\Tasks\htxylk.job
C:\WINDOWS\Tasks\zshio.job
C:\WINDOWS\Tasks\aywk.job
C:\WINDOWS\Tasks\pxodhi.job
C:\WINDOWS\Tasks\egwemjwi.job
C:\WINDOWS\Tasks\ving.job
C:\WINDOWS\Tasks\tvxo.job
C:\WINDOWS\Tasks\lnzaqc.job
C:\WINDOWS\Tasks\axd.job
C:\WINDOWS\Tasks\gokvdyoo.job
C:\WINDOWS\Tasks\zbnrw.job
C:\WINDOWS\Tasks\tqrodfg.job
C:\WINDOWS\Tasks\zaarod.job
C:\WINDOWS\Tasks\irf.job
C:\WINDOWS\Tasks\siggtdl.job
C:\WINDOWS\Tasks\ddljxwzz.job
C:\WINDOWS\Tasks\hyhtgej.job
C:\WINDOWS\Tasks\vekmte.job
C:\WINDOWS\Tasks\ohxmfk.job
C:\WINDOWS\Tasks\kjmc.job
C:\WINDOWS\Tasks\xmafc.job
C:\WINDOWS\Tasks\bjwjyb.job
C:\WINDOWS\Tasks\bhsrca.job
C:\WINDOWS\Tasks\kpeksf.job
C:\WINDOWS\Tasks\ymr.job
C:\WINDOWS\Tasks\fgdqni.job
C:\WINDOWS\Tasks\vlt.job
C:\WINDOWS\Tasks\bgqnwenv.job
C:\WINDOWS\Tasks\mnls.job
C:\WINDOWS\Tasks\fku.job
C:\WINDOWS\Tasks\kwnmbwle.job
C:\WINDOWS\Tasks\fkslnfh.job
C:\WINDOWS\Tasks\dgk.job
C:\WINDOWS\Tasks\nghp.job
C:\WINDOWS\Tasks\ppgtzm.job
C:\WINDOWS\Tasks\seyo.job
C:\WINDOWS\Tasks\vkpq.job
C:\WINDOWS\Tasks\yywtorqs.job
C:\WINDOWS\Tasks\atrav.job
C:\WINDOWS\Tasks\qsvkg.job
C:\WINDOWS\Tasks\zepnf.job
C:\WINDOWS\Tasks\eynwsxmv.job
C:\WINDOWS\Tasks\illsoitb.job
C:\WINDOWS\Tasks\wfgset.job
C:\WINDOWS\Tasks\gjz.job
C:\WINDOWS\Tasks\bpedje.job
C:\WINDOWS\Tasks\mbzp.job
C:\WINDOWS\Tasks\hgx.job
C:\WINDOWS\Tasks\nbhef.job
C:\WINDOWS\Tasks\zysu.job
C:\WINDOWS\Tasks\ieyssd.job
C:\WINDOWS\Tasks\zfpwzsmx.job
C:\WINDOWS\Tasks\wzkpkeer.job
C:\WINDOWS\Tasks\spcoitl.job
C:\WINDOWS\Tasks\ydd.job
C:\WINDOWS\Tasks\uhequr.job
C:\WINDOWS\Tasks\tka.job
C:\WINDOWS\Tasks\isxosz.job
C:\WINDOWS\Tasks\prdk.job
C:\WINDOWS\Tasks\sbnna.job
C:\WINDOWS\Tasks\ewmri.job
C:\WINDOWS\Tasks\mel.job
C:\WINDOWS\Tasks\zscwkub.job
C:\WINDOWS\Tasks\gqwronpc.job
C:\WINDOWS\Tasks\bcazga.job
C:\WINDOWS\Tasks\bqk.job
C:\WINDOWS\Tasks\wlpnlpn.job
C:\WINDOWS\Tasks\hgv.job
C:\WINDOWS\Tasks\xck.job
C:\WINDOWS\Tasks\xzhwfj.job
C:\WINDOWS\Tasks\hreqhl.job
C:\WINDOWS\Tasks\xintx.job
C:\WINDOWS\Tasks\jgl.job
C:\WINDOWS\Tasks\rigbmv.job
C:\WINDOWS\Tasks\sglqxoqk.job
C:\WINDOWS\Tasks\bzbbx.job
C:\WINDOWS\Tasks\lrmyozu.job
C:\WINDOWS\Tasks\rjcqqgg.job
C:\WINDOWS\Tasks\iznajs.job
C:\WINDOWS\Tasks\zijmjs.job
C:\WINDOWS\Tasks\ptawlbbd.job
C:\WINDOWS\Tasks\fevrpmk.job
C:\WINDOWS\Tasks\hpty.job
C:\WINDOWS\Tasks\nrwtjm.job
C:\WINDOWS\Tasks\llo.job
C:\WINDOWS\Tasks\trl.job
C:\WINDOWS\Tasks\iets.job
C:\WINDOWS\Tasks\xafo.job
C:\WINDOWS\Tasks\drs.job
C:\WINDOWS\Tasks\yhb.job
C:\WINDOWS\Tasks\xzod.job
C:\WINDOWS\Tasks\shvuy.job
C:\WINDOWS\Tasks\ifodmg.job
C:\WINDOWS\Tasks\xjlxhpf.job
C:\WINDOWS\Tasks\qdarp.job
C:\WINDOWS\Tasks\sabocae.job
C:\WINDOWS\Tasks\vow.job
C:\WINDOWS\Tasks\nrvlu.job
C:\WINDOWS\Tasks\zkehjq.job
C:\WINDOWS\Tasks\rwfikk.job
C:\WINDOWS\Tasks\nng.job
C:\WINDOWS\Tasks\hlac.job
C:\WINDOWS\Tasks\mwnuw.job
C:\WINDOWS\Tasks\xoco.job
C:\WINDOWS\Tasks\iuldufgh.job
C:\WINDOWS\Tasks\igzkrq.job
C:\WINDOWS\Tasks\bblxt.job
C:\WINDOWS\Tasks\rdg.job
C:\WINDOWS\Tasks\mzfpf.job
C:\WINDOWS\Tasks\bolcxclk.job
C:\WINDOWS\Tasks\tue.job
C:\WINDOWS\Tasks\lhoauqu.job
C:\WINDOWS\Tasks\cdcfu.job
C:\WINDOWS\Tasks\ndqfih.job
C:\WINDOWS\Tasks\tnmtenub.job
C:\WINDOWS\Tasks\jahfvu.job
C:\WINDOWS\Tasks\dbphjs.job
C:\WINDOWS\Tasks\rfsxg.job
C:\WINDOWS\Tasks\cnavimm.job
C:\WINDOWS\Tasks\hji.job
C:\WINDOWS\Tasks\oenoeb.job
C:\WINDOWS\Tasks\evimmi.job
C:\WINDOWS\Tasks\aeu.job
C:\WINDOWS\Tasks\vnibx.job
C:\WINDOWS\Tasks\rjdlwpmh.job
C:\WINDOWS\Tasks\ypghrkpr.job
C:\WINDOWS\Tasks\ibrtadmd.job
C:\WINDOWS\Tasks\ohmon.job
C:\WINDOWS\Tasks\tmz.job
C:\WINDOWS\Tasks\mvpuizzj.job
C:\WINDOWS\Tasks\xkjtr.job
C:\WINDOWS\Tasks\wnosln.job
C:\WINDOWS\Tasks\drtcxreu.job
C:\WINDOWS\Tasks\qfgueuyt.job
C:\WINDOWS\Tasks\ggfot.job
C:\WINDOWS\Tasks\liaa.job
C:\WINDOWS\Tasks\jsjuix.job
C:\WINDOWS\Tasks\fhua.job
C:\WINDOWS\Tasks\yfegq.job
C:\WINDOWS\Tasks\dahjio.job
C:\WINDOWS\Tasks\strtr.job
C:\WINDOWS\Tasks\bjk.job
C:\WINDOWS\Tasks\fcbdj.job
C:\WINDOWS\Tasks\trgr.job
C:\WINDOWS\Tasks\veb.job
C:\WINDOWS\Tasks\ychtgxxy.job
C:\WINDOWS\Tasks\fhrq.job
C:\WINDOWS\Tasks\fsplvnjl.job
C:\WINDOWS\Tasks\evmtj.job
C:\WINDOWS\Tasks\ajcexgyf.job
C:\WINDOWS\Tasks\uhqdni.job
C:\WINDOWS\Tasks\tslnuka.job
C:\WINDOWS\Tasks\mfgw.job
C:\WINDOWS\Tasks\twm.job
C:\WINDOWS\Tasks\qizngda.job
C:\WINDOWS\Tasks\tzkxj.job
C:\WINDOWS\Tasks\pxgktig.job
C:\WINDOWS\Tasks\qnfcm.job
C:\WINDOWS\Tasks\pqbvtypo.job
C:\WINDOWS\Tasks\rqepnqxz.job
C:\WINDOWS\Tasks\wpkssrw.job
C:\WINDOWS\Tasks\mpcndlg.job
C:\WINDOWS\Tasks\pgsycs.job
C:\WINDOWS\Tasks\rqjj.job
C:\WINDOWS\Tasks\enzqjbqb.job
C:\WINDOWS\Tasks\ylsfriqt.job
C:\WINDOWS\Tasks\oawnt.job
C:\WINDOWS\Tasks\junc.job
C:\WINDOWS\Tasks\dnqmf.job
C:\WINDOWS\Tasks\xjh.job
C:\WINDOWS\Tasks\zhzpe.job
C:\WINDOWS\Tasks\glm.job
C:\WINDOWS\Tasks\qwfdy.job
C:\WINDOWS\Tasks\eduujou.job
C:\WINDOWS\Tasks\igqehxmq.job
C:\WINDOWS\Tasks\dkwm.job
C:\WINDOWS\Tasks\pjnb.job
C:\WINDOWS\Tasks\fle.job
C:\WINDOWS\Tasks\ufg.job
C:\WINDOWS\Tasks\pmt.job
C:\WINDOWS\Tasks\qbkzl.job
C:\WINDOWS\Tasks\ltnwiue.job
C:\WINDOWS\Tasks\yjtwru.job
C:\WINDOWS\Tasks\jghwaiob.job
C:\WINDOWS\Tasks\shyrkm.job
C:\WINDOWS\Tasks\bzdmfc.job
C:\WINDOWS\Tasks\yqxtxyyg.job
C:\WINDOWS\Tasks\zmdqg.job
C:\WINDOWS\Tasks\mmvys.job
C:\WINDOWS\Tasks\vxl.job
C:\WINDOWS\Tasks\yoplhuhj.job
C:\WINDOWS\Tasks\ciklhwok.job
C:\WINDOWS\Tasks\amin.job
C:\WINDOWS\Tasks\enrwyp.job
C:\WINDOWS\Tasks\mpwce.job
C:\WINDOWS\Tasks\nnh.job
C:\WINDOWS\Tasks\wnpx.job
C:\WINDOWS\Tasks\akavmrt.job
C:\WINDOWS\Tasks\fcmvjbr.job
C:\WINDOWS\Tasks\zujxaeu.job
C:\WINDOWS\Tasks\testsw.job
C:\WINDOWS\Tasks\ixxafid.job
C:\WINDOWS\Tasks\ryievbhi.job
C:\WINDOWS\Tasks\eswvx.job
C:\WINDOWS\Tasks\svd.job
C:\WINDOWS\Tasks\eacxg.job
C:\WINDOWS\Tasks\luhqfhmu.job
C:\WINDOWS\Tasks\xci.job
C:\WINDOWS\Tasks\edb.job
C:\WINDOWS\Tasks\vjo.job
C:\WINDOWS\Tasks\gwsyzibd.job
C:\WINDOWS\Tasks\dkzjczef.job
C:\WINDOWS\Tasks\kbxnu.job
C:\WINDOWS\Tasks\ipkpk.job
C:\WINDOWS\Tasks\kmkfv.job
C:\WINDOWS\Tasks\zbdjx.job |
Salva il file sul desktop e chiamalo CFScript.txt.
Trascina il file così creato sull'icona di Combofix, come indicato di seguito:
Verrà chiesto di riavviare il pc.
Al termine posta qui il log di combofix e un log aggiornato di hijackthis. |
|
| Top |
|
|
cosmic
Mortale pio
Registrato: 02/01/08 14:43
Messaggi: 19
|
| Inviato: 05 Gen 2008 13:38 Oggetto: risultato kaspersky |
|
|
qui si trova il risultato di kaspersky:
http://www.freefilehosting.net/download/3a331
Procedo con Combofix.... |
|
| Top |
|
|
cosmic
Mortale pio
Registrato: 02/01/08 14:43
Messaggi: 19
|
| Inviato: 05 Gen 2008 13:53 Oggetto: ecco! |
|
|
ecco combofix.txt:
ComboFix 08-01-04.1 - cosmic 2008-01-05 12:41:05.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.466 [GMT 1:00]
Eseguito da: C:\Documents and Settings\cosmic\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\cosmic\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
FILE
c:\windows\system32\srvirsbu.exe
C:\WINDOWS\Tasks\aeu.job
C:\WINDOWS\Tasks\ajcexgyf.job
C:\WINDOWS\Tasks\akavmrt.job
C:\WINDOWS\Tasks\amin.job
C:\WINDOWS\Tasks\atrav.job
C:\WINDOWS\Tasks\axd.job
C:\WINDOWS\Tasks\aywk.job
C:\WINDOWS\Tasks\bblxt.job
C:\WINDOWS\Tasks\bcazga.job
C:\WINDOWS\Tasks\bgqnwenv.job
C:\WINDOWS\Tasks\bhsrca.job
C:\WINDOWS\Tasks\bjk.job
C:\WINDOWS\Tasks\bjwjyb.job
C:\WINDOWS\Tasks\bolcxclk.job
C:\WINDOWS\Tasks\bpedje.job
C:\WINDOWS\Tasks\bqk.job
C:\WINDOWS\Tasks\bzbbx.job
C:\WINDOWS\Tasks\bzdmfc.job
C:\WINDOWS\Tasks\cdcfu.job
C:\WINDOWS\Tasks\ciklhwok.job
C:\WINDOWS\Tasks\ciku.job
C:\WINDOWS\Tasks\cnavimm.job
C:\WINDOWS\Tasks\ctl.job
C:\WINDOWS\Tasks\dahjio.job
C:\WINDOWS\Tasks\dbphjs.job
C:\WINDOWS\Tasks\ddljxwzz.job
C:\WINDOWS\Tasks\dgk.job
C:\WINDOWS\Tasks\dkwm.job
C:\WINDOWS\Tasks\dkzjczef.job
C:\WINDOWS\Tasks\dnqmf.job
C:\WINDOWS\Tasks\drs.job
C:\WINDOWS\Tasks\drtcxreu.job
C:\WINDOWS\Tasks\eacxg.job
C:\WINDOWS\Tasks\edb.job
C:\WINDOWS\Tasks\eduujou.job
C:\WINDOWS\Tasks\egwemjwi.job
C:\WINDOWS\Tasks\enrwyp.job
C:\WINDOWS\Tasks\enzqjbqb.job
C:\WINDOWS\Tasks\eswvx.job
C:\WINDOWS\Tasks\evimmi.job
C:\WINDOWS\Tasks\evmtj.job
C:\WINDOWS\Tasks\ewmri.job
C:\WINDOWS\Tasks\eynwsxmv.job
C:\WINDOWS\Tasks\fcbdj.job
C:\WINDOWS\Tasks\fcmvjbr.job
C:\WINDOWS\Tasks\fevrpmk.job
C:\WINDOWS\Tasks\fgdqni.job
C:\WINDOWS\Tasks\fhrq.job
C:\WINDOWS\Tasks\fhua.job
C:\WINDOWS\Tasks\fkslnfh.job
C:\WINDOWS\Tasks\fku.job
C:\WINDOWS\Tasks\fle.job
C:\WINDOWS\Tasks\fsplvnjl.job
C:\WINDOWS\Tasks\ggfot.job
C:\WINDOWS\Tasks\gjz.job
C:\WINDOWS\Tasks\glm.job
C:\WINDOWS\Tasks\gokvdyoo.job
C:\WINDOWS\Tasks\gqwronpc.job
C:\WINDOWS\Tasks\gwsyzibd.job
C:\WINDOWS\Tasks\gzl.job
C:\WINDOWS\Tasks\hgv.job
C:\WINDOWS\Tasks\hgx.job
C:\WINDOWS\Tasks\hji.job
C:\WINDOWS\Tasks\hlac.job
C:\WINDOWS\Tasks\hnlslkpd.job
C:\WINDOWS\Tasks\hpty.job
C:\WINDOWS\Tasks\hreqhl.job
C:\WINDOWS\Tasks\htxylk.job
C:\WINDOWS\Tasks\hyhtgej.job
C:\WINDOWS\Tasks\ibrtadmd.job
C:\WINDOWS\Tasks\iets.job
C:\WINDOWS\Tasks\ieyssd.job
C:\WINDOWS\Tasks\ifodmg.job
C:\WINDOWS\Tasks\igqehxmq.job
C:\WINDOWS\Tasks\igzkrq.job
C:\WINDOWS\Tasks\illsoitb.job
C:\WINDOWS\Tasks\ipkpk.job
C:\WINDOWS\Tasks\irf.job
C:\WINDOWS\Tasks\isxosz.job
C:\WINDOWS\Tasks\iuldufgh.job
C:\WINDOWS\Tasks\ixxafid.job
C:\WINDOWS\Tasks\iznajs.job
C:\WINDOWS\Tasks\jahfvu.job
C:\WINDOWS\Tasks\jghwaiob.job
C:\WINDOWS\Tasks\jgl.job
C:\WINDOWS\Tasks\jsjuix.job
C:\WINDOWS\Tasks\junc.job
C:\WINDOWS\Tasks\kbxnu.job
C:\WINDOWS\Tasks\kjmc.job
C:\WINDOWS\Tasks\kmkfv.job
C:\WINDOWS\Tasks\kpeksf.job
C:\WINDOWS\Tasks\kwnmbwle.job
C:\WINDOWS\Tasks\lhoauqu.job
C:\WINDOWS\Tasks\liaa.job
C:\WINDOWS\Tasks\llo.job
C:\WINDOWS\Tasks\lnzaqc.job
C:\WINDOWS\Tasks\lrmyozu.job
C:\WINDOWS\Tasks\ltnwiue.job
C:\WINDOWS\Tasks\luhqfhmu.job
C:\WINDOWS\Tasks\mbzp.job
C:\WINDOWS\Tasks\mel.job
C:\WINDOWS\Tasks\mfgw.job
C:\WINDOWS\Tasks\mmvys.job
C:\WINDOWS\Tasks\mnls.job
C:\WINDOWS\Tasks\mpcndlg.job
C:\WINDOWS\Tasks\mpwce.job
C:\WINDOWS\Tasks\mvpuizzj.job
C:\WINDOWS\Tasks\mwnuw.job
C:\WINDOWS\Tasks\mwq.job
C:\WINDOWS\Tasks\mzfpf.job
C:\WINDOWS\Tasks\nbhef.job
C:\WINDOWS\Tasks\ndqfih.job
C:\WINDOWS\Tasks\nghp.job
C:\WINDOWS\Tasks\nng.job
C:\WINDOWS\Tasks\nnh.job
C:\WINDOWS\Tasks\nnnhfyzs.job
C:\WINDOWS\Tasks\nrvlu.job
C:\WINDOWS\Tasks\nrwtjm.job
C:\WINDOWS\Tasks\oawnt.job
C:\WINDOWS\Tasks\ocyv.job
C:\WINDOWS\Tasks\oenoeb.job
C:\WINDOWS\Tasks\ohmon.job
C:\WINDOWS\Tasks\ohxmfk.job
C:\WINDOWS\Tasks\pgsycs.job
C:\WINDOWS\Tasks\pjnb.job
C:\WINDOWS\Tasks\pmt.job
C:\WINDOWS\Tasks\ppgtzm.job
C:\WINDOWS\Tasks\pqbvtypo.job
C:\WINDOWS\Tasks\prdk.job
C:\WINDOWS\Tasks\ptawlbbd.job
C:\WINDOWS\Tasks\pxgktig.job
C:\WINDOWS\Tasks\pxodhi.job
C:\WINDOWS\Tasks\qbkzl.job
C:\WINDOWS\Tasks\qdarp.job
C:\WINDOWS\Tasks\qfgueuyt.job
C:\WINDOWS\Tasks\qgsdtzx.job
C:\WINDOWS\Tasks\qizngda.job
C:\WINDOWS\Tasks\qnfcm.job
C:\WINDOWS\Tasks\qsvkg.job
C:\WINDOWS\Tasks\qwfdy.job
C:\WINDOWS\Tasks\rdg.job
C:\WINDOWS\Tasks\retfhz.job
C:\WINDOWS\Tasks\rfsxg.job
C:\WINDOWS\Tasks\rigbmv.job
C:\WINDOWS\Tasks\rjcqqgg.job
C:\WINDOWS\Tasks\rjdlwpmh.job
C:\WINDOWS\Tasks\rqepnqxz.job
C:\WINDOWS\Tasks\rqjj.job
C:\WINDOWS\Tasks\rwfikk.job
C:\WINDOWS\Tasks\ryievbhi.job
C:\WINDOWS\Tasks\sabocae.job
C:\WINDOWS\Tasks\sbnna.job
C:\WINDOWS\Tasks\sdthypeu.job
C:\WINDOWS\Tasks\seyo.job
C:\WINDOWS\Tasks\sglqxoqk.job
C:\WINDOWS\Tasks\shdr.job
C:\WINDOWS\Tasks\shhdn.job
C:\WINDOWS\Tasks\shvuy.job
C:\WINDOWS\Tasks\shyrkm.job
C:\WINDOWS\Tasks\siggtdl.job
C:\WINDOWS\Tasks\smn.job
C:\WINDOWS\Tasks\spcoitl.job
C:\WINDOWS\Tasks\strtr.job
C:\WINDOWS\Tasks\svd.job
C:\WINDOWS\Tasks\testsw.job
C:\WINDOWS\Tasks\tka.job
C:\WINDOWS\Tasks\tmz.job
C:\WINDOWS\Tasks\tnmtenub.job
C:\WINDOWS\Tasks\tqrodfg.job
C:\WINDOWS\Tasks\trgr.job
C:\WINDOWS\Tasks\trl.job
C:\WINDOWS\Tasks\tslnuka.job
C:\WINDOWS\Tasks\tue.job
C:\WINDOWS\Tasks\tuylxjsh.job
C:\WINDOWS\Tasks\tvxo.job
C:\WINDOWS\Tasks\twm.job
C:\WINDOWS\Tasks\tzkxj.job
C:\WINDOWS\Tasks\ufg.job
C:\WINDOWS\Tasks\uhequr.job
C:\WINDOWS\Tasks\uhqdni.job
C:\WINDOWS\Tasks\veb.job
C:\WINDOWS\Tasks\vekmte.job
C:\WINDOWS\Tasks\vfmsues.job
C:\WINDOWS\Tasks\ving.job
C:\WINDOWS\Tasks\vjo.job
C:\WINDOWS\Tasks\vkpq.job
C:\WINDOWS\Tasks\vlt.job
C:\WINDOWS\Tasks\vnibx.job
C:\WINDOWS\Tasks\vow.job
C:\WINDOWS\Tasks\vxl.job
C:\WINDOWS\Tasks\wfgset.job
C:\WINDOWS\Tasks\wlpnlpn.job
C:\WINDOWS\Tasks\wnosln.job
C:\WINDOWS\Tasks\wnpx.job
C:\WINDOWS\Tasks\wpkssrw.job
C:\WINDOWS\Tasks\wzkpkeer.job
C:\WINDOWS\Tasks\xafo.job
C:\WINDOWS\Tasks\xci.job
C:\WINDOWS\Tasks\xck.job
C:\WINDOWS\Tasks\xintx.job
C:\WINDOWS\Tasks\xjh.job
C:\WINDOWS\Tasks\xjlxhpf.job
C:\WINDOWS\Tasks\xkjtr.job
C:\WINDOWS\Tasks\xmafc.job
C:\WINDOWS\Tasks\xoco.job
C:\WINDOWS\Tasks\xzhwfj.job
C:\WINDOWS\Tasks\xzod.job
C:\WINDOWS\Tasks\ychtgxxy.job
C:\WINDOWS\Tasks\ydd.job
C:\WINDOWS\Tasks\yfegq.job
C:\WINDOWS\Tasks\yhb.job
C:\WINDOWS\Tasks\yjtwru.job
C:\WINDOWS\Tasks\ylsfriqt.job
C:\WINDOWS\Tasks\ymr.job
C:\WINDOWS\Tasks\yoplhuhj.job
C:\WINDOWS\Tasks\ypghrkpr.job
C:\WINDOWS\Tasks\yqxtxyyg.job
C:\WINDOWS\Tasks\yywtorqs.job
C:\WINDOWS\Tasks\zaarod.job
C:\WINDOWS\Tasks\zbdjx.job
C:\WINDOWS\Tasks\zbnrw.job
C:\WINDOWS\Tasks\zbtll.job
C:\WINDOWS\Tasks\zepnf.job
C:\WINDOWS\Tasks\zfpwzsmx.job
C:\WINDOWS\Tasks\zhzpe.job
C:\WINDOWS\Tasks\zijmjs.job
C:\WINDOWS\Tasks\zkehjq.job
C:\WINDOWS\Tasks\zmdqg.job
C:\WINDOWS\Tasks\zscwkub.job
C:\WINDOWS\Tasks\zshio.job
C:\WINDOWS\Tasks\zujxaeu.job
C:\WINDOWS\Tasks\zysu.job
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Tasks\aeu.job
C:\WINDOWS\Tasks\ajcexgyf.job
C:\WINDOWS\Tasks\akavmrt.job
C:\WINDOWS\Tasks\amin.job
C:\WINDOWS\Tasks\atrav.job
C:\WINDOWS\Tasks\axd.job
C:\WINDOWS\Tasks\aywk.job
C:\WINDOWS\Tasks\bblxt.job
C:\WINDOWS\Tasks\bcazga.job
C:\WINDOWS\Tasks\bgqnwenv.job
C:\WINDOWS\Tasks\bhsrca.job
C:\WINDOWS\Tasks\bjk.job
C:\WINDOWS\Tasks\bjwjyb.job
C:\WINDOWS\Tasks\bolcxclk.job
C:\WINDOWS\Tasks\bpedje.job
C:\WINDOWS\Tasks\bqk.job
C:\WINDOWS\Tasks\bzbbx.job
C:\WINDOWS\Tasks\bzdmfc.job
C:\WINDOWS\Tasks\cdcfu.job
C:\WINDOWS\Tasks\ciklhwok.job
C:\WINDOWS\Tasks\ciku.job
C:\WINDOWS\Tasks\cnavimm.job
C:\WINDOWS\Tasks\ctl.job
C:\WINDOWS\Tasks\dahjio.job
C:\WINDOWS\Tasks\dbphjs.job
C:\WINDOWS\Tasks\ddljxwzz.job
C:\WINDOWS\Tasks\dgk.job
C:\WINDOWS\Tasks\dkwm.job
C:\WINDOWS\Tasks\dkzjczef.job
C:\WINDOWS\Tasks\dnqmf.job
C:\WINDOWS\Tasks\drs.job
C:\WINDOWS\Tasks\drtcxreu.job
C:\WINDOWS\Tasks\eacxg.job
C:\WINDOWS\Tasks\edb.job
C:\WINDOWS\Tasks\eduujou.job
C:\WINDOWS\Tasks\egwemjwi.job
C:\WINDOWS\Tasks\enrwyp.job
C:\WINDOWS\Tasks\enzqjbqb.job
C:\WINDOWS\Tasks\eswvx.job
C:\WINDOWS\Tasks\evimmi.job
C:\WINDOWS\Tasks\evmtj.job
C:\WINDOWS\Tasks\ewmri.job
C:\WINDOWS\Tasks\eynwsxmv.job
C:\WINDOWS\Tasks\fcbdj.job
C:\WINDOWS\Tasks\fcmvjbr.job
C:\WINDOWS\Tasks\fevrpmk.job
C:\WINDOWS\Tasks\fgdqni.job
C:\WINDOWS\Tasks\fhrq.job
C:\WINDOWS\Tasks\fhua.job
C:\WINDOWS\Tasks\fkslnfh.job
C:\WINDOWS\Tasks\fku.job
C:\WINDOWS\Tasks\fle.job
C:\WINDOWS\Tasks\fsplvnjl.job
C:\WINDOWS\Tasks\ggfot.job
C:\WINDOWS\Tasks\gjz.job
C:\WINDOWS\Tasks\glm.job
C:\WINDOWS\Tasks\gokvdyoo.job
C:\WINDOWS\Tasks\gqwronpc.job
C:\WINDOWS\Tasks\gwsyzibd.job
C:\WINDOWS\Tasks\gzl.job
C:\WINDOWS\Tasks\hgv.job
C:\WINDOWS\Tasks\hgx.job
C:\WINDOWS\Tasks\hji.job
C:\WINDOWS\Tasks\hlac.job
C:\WINDOWS\Tasks\hnlslkpd.job
C:\WINDOWS\Tasks\hpty.job
C:\WINDOWS\Tasks\hreqhl.job
C:\WINDOWS\Tasks\htxylk.job
C:\WINDOWS\Tasks\hyhtgej.job
C:\WINDOWS\Tasks\ibrtadmd.job
C:\WINDOWS\Tasks\iets.job
C:\WINDOWS\Tasks\ieyssd.job
C:\WINDOWS\Tasks\ifodmg.job
C:\WINDOWS\Tasks\igqehxmq.job
C:\WINDOWS\Tasks\igzkrq.job
C:\WINDOWS\Tasks\illsoitb.job
C:\WINDOWS\Tasks\ipkpk.job
C:\WINDOWS\Tasks\irf.job
C:\WINDOWS\Tasks\isxosz.job
C:\WINDOWS\Tasks\iuldufgh.job
C:\WINDOWS\Tasks\ixxafid.job
C:\WINDOWS\Tasks\iznajs.job
C:\WINDOWS\Tasks\jahfvu.job
C:\WINDOWS\Tasks\jghwaiob.job
C:\WINDOWS\Tasks\jgl.job
C:\WINDOWS\Tasks\jsjuix.job
C:\WINDOWS\Tasks\junc.job
C:\WINDOWS\Tasks\kbxnu.job
C:\WINDOWS\Tasks\kjmc.job
C:\WINDOWS\Tasks\kmkfv.job
C:\WINDOWS\Tasks\kpeksf.job
C:\WINDOWS\Tasks\kwnmbwle.job
C:\WINDOWS\Tasks\lhoauqu.job
C:\WINDOWS\Tasks\liaa.job
C:\WINDOWS\Tasks\llo.job
C:\WINDOWS\Tasks\lnzaqc.job
C:\WINDOWS\Tasks\lrmyozu.job
C:\WINDOWS\Tasks\ltnwiue.job
C:\WINDOWS\Tasks\luhqfhmu.job
C:\WINDOWS\Tasks\mbzp.job
C:\WINDOWS\Tasks\mel.job
C:\WINDOWS\Tasks\mfgw.job
C:\WINDOWS\Tasks\mmvys.job
C:\WINDOWS\Tasks\mnls.job
C:\WINDOWS\Tasks\mpcndlg.job
C:\WINDOWS\Tasks\mpwce.job
C:\WINDOWS\Tasks\mvpuizzj.job
C:\WINDOWS\Tasks\mwnuw.job
C:\WINDOWS\Tasks\mwq.job
C:\WINDOWS\Tasks\mzfpf.job
C:\WINDOWS\Tasks\nbhef.job
C:\WINDOWS\Tasks\ndqfih.job
C:\WINDOWS\Tasks\nghp.job
C:\WINDOWS\Tasks\nng.job
C:\WINDOWS\Tasks\nnh.job
C:\WINDOWS\Tasks\nnnhfyzs.job
C:\WINDOWS\Tasks\nrvlu.job
C:\WINDOWS\Tasks\nrwtjm.job
C:\WINDOWS\Tasks\oawnt.job
C:\WINDOWS\Tasks\ocyv.job
C:\WINDOWS\Tasks\oenoeb.job
C:\WINDOWS\Tasks\ohmon.job
C:\WINDOWS\Tasks\ohxmfk.job
C:\WINDOWS\Tasks\pgsycs.job
C:\WINDOWS\Tasks\pjnb.job
C:\WINDOWS\Tasks\pmt.job
C:\WINDOWS\Tasks\ppgtzm.job
C:\WINDOWS\Tasks\pqbvtypo.job
C:\WINDOWS\Tasks\prdk.job
C:\WINDOWS\Tasks\ptawlbbd.job
C:\WINDOWS\Tasks\pxgktig.job
C:\WINDOWS\Tasks\pxodhi.job
C:\WINDOWS\Tasks\qbkzl.job
C:\WINDOWS\Tasks\qdarp.job
C:\WINDOWS\Tasks\qfgueuyt.job
C:\WINDOWS\Tasks\qgsdtzx.job
C:\WINDOWS\Tasks\qizngda.job
C:\WINDOWS\Tasks\qnfcm.job
C:\WINDOWS\Tasks\qsvkg.job
C:\WINDOWS\Tasks\qwfdy.job
C:\WINDOWS\Tasks\rdg.job
C:\WINDOWS\Tasks\retfhz.job
C:\WINDOWS\Tasks\rfsxg.job
C:\WINDOWS\Tasks\rigbmv.job
C:\WINDOWS\Tasks\rjcqqgg.job
C:\WINDOWS\Tasks\rjdlwpmh.job
C:\WINDOWS\Tasks\rqepnqxz.job
C:\WINDOWS\Tasks\rqjj.job
C:\WINDOWS\Tasks\rwfikk.job
C:\WINDOWS\Tasks\ryievbhi.job
C:\WINDOWS\Tasks\sabocae.job
C:\WINDOWS\Tasks\sbnna.job
C:\WINDOWS\Tasks\sdthypeu.job
C:\WINDOWS\Tasks\seyo.job
C:\WINDOWS\Tasks\sglqxoqk.job
C:\WINDOWS\Tasks\shdr.job
C:\WINDOWS\Tasks\shhdn.job
C:\WINDOWS\Tasks\shvuy.job
C:\WINDOWS\Tasks\shyrkm.job
C:\WINDOWS\Tasks\siggtdl.job
C:\WINDOWS\Tasks\smn.job
C:\WINDOWS\Tasks\spcoitl.job
C:\WINDOWS\Tasks\strtr.job
C:\WINDOWS\Tasks\svd.job
C:\WINDOWS\Tasks\testsw.job
C:\WINDOWS\Tasks\tka.job
C:\WINDOWS\Tasks\tmz.job
C:\WINDOWS\Tasks\tnmtenub.job
C:\WINDOWS\Tasks\tqrodfg.job
C:\WINDOWS\Tasks\trgr.job
C:\WINDOWS\Tasks\trl.job
C:\WINDOWS\Tasks\tslnuka.job
C:\WINDOWS\Tasks\tue.job
C:\WINDOWS\Tasks\tuylxjsh.job
C:\WINDOWS\Tasks\tvxo.job
C:\WINDOWS\Tasks\twm.job
C:\WINDOWS\Tasks\tzkxj.job
C:\WINDOWS\Tasks\ufg.job
C:\WINDOWS\Tasks\uhequr.job
C:\WINDOWS\Tasks\uhqdni.job
C:\WINDOWS\Tasks\veb.job
C:\WINDOWS\Tasks\vekmte.job
C:\WINDOWS\Tasks\vfmsues.job
C:\WINDOWS\Tasks\ving.job
C:\WINDOWS\Tasks\vjo.job
C:\WINDOWS\Tasks\vkpq.job
C:\WINDOWS\Tasks\vlt.job
C:\WINDOWS\Tasks\vnibx.job
C:\WINDOWS\Tasks\vow.job
C:\WINDOWS\Tasks\vxl.job
C:\WINDOWS\Tasks\wfgset.job
C:\WINDOWS\Tasks\wlpnlpn.job
C:\WINDOWS\Tasks\wnosln.job
C:\WINDOWS\Tasks\wnpx.job
C:\WINDOWS\Tasks\wpkssrw.job
C:\WINDOWS\Tasks\wzkpkeer.job
C:\WINDOWS\Tasks\xafo.job
C:\WINDOWS\Tasks\xci.job
C:\WINDOWS\Tasks\xck.job
C:\WINDOWS\Tasks\xintx.job
C:\WINDOWS\Tasks\xjh.job
C:\WINDOWS\Tasks\xjlxhpf.job
C:\WINDOWS\Tasks\xkjtr.job
C:\WINDOWS\Tasks\xmafc.job
C:\WINDOWS\Tasks\xoco.job
C:\WINDOWS\Tasks\xzhwfj.job
C:\WINDOWS\Tasks\xzod.job
C:\WINDOWS\Tasks\ychtgxxy.job
C:\WINDOWS\Tasks\ydd.job
C:\WINDOWS\Tasks\yfegq.job
C:\WINDOWS\Tasks\yhb.job
C:\WINDOWS\Tasks\yjtwru.job
C:\WINDOWS\Tasks\ylsfriqt.job
C:\WINDOWS\Tasks\ymr.job
C:\WINDOWS\Tasks\yoplhuhj.job
C:\WINDOWS\Tasks\ypghrkpr.job
C:\WINDOWS\Tasks\yqxtxyyg.job
C:\WINDOWS\Tasks\yywtorqs.job
C:\WINDOWS\Tasks\zaarod.job
C:\WINDOWS\Tasks\zbdjx.job
C:\WINDOWS\Tasks\zbnrw.job
C:\WINDOWS\Tasks\zbtll.job
C:\WINDOWS\Tasks\zepnf.job
C:\WINDOWS\Tasks\zfpwzsmx.job
C:\WINDOWS\Tasks\zhzpe.job
C:\WINDOWS\Tasks\zijmjs.job
C:\WINDOWS\Tasks\zkehjq.job
C:\WINDOWS\Tasks\zmdqg.job
C:\WINDOWS\Tasks\zscwkub.job
C:\WINDOWS\Tasks\zshio.job
C:\WINDOWS\Tasks\zujxaeu.job
C:\WINDOWS\Tasks\zysu.job
.
((((((((((((((((((((((((( Files Creati Da 2007-12-05 al 2008-01-05 )))))))))))))))))))))))))))))))))))
.
2008-01-05 00:38 . 2008-01-05 00:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-05 00:38 . 2008-01-05 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-04 18:49 . 2008-01-04 18:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-04 18:49 . 2008-01-04 18:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-04 12:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 19:01 . 2007-12-30 19:01 108 --a------ C:\index.ini
2007-12-30 18:47 . 2007-12-30 18:47 <DIR> d-------- C:\Programmi\CCleaner
2007-12-30 18:35 . 2007-12-30 18:35 60,416 --a------ C:\WINDOWS\system32\drivers\baurv^pr.sys
2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\!KillBox
2007-12-30 17:51 . 2003-07-10 10:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2007-12-30 17:51 . 2003-07-10 10:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2007-12-30 17:51 . 2003-09-05 11:27 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2007-12-30 17:51 . 2003-07-10 10:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2007-12-30 17:51 . 2003-07-10 10:32 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2007-12-30 17:51 . 2003-07-10 10:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2007-12-30 17:51 . 2003-09-05 11:27 <DIR> dr------- C:\Documents and Settings\Administrator\Documenti
2007-12-30 17:51 . 2003-09-05 11:29 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Acer
2007-12-30 17:51 . 2003-07-10 10:32 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2007-12-26 18:19 . 2007-12-26 18:28 10 --a------ C:\WINDOWS\WININIT.INI
2007-12-25 06:54 . 2007-12-25 06:54 <DIR> d--hs---- C:\FOUND.016
2007-12-24 16:08 . 2007-12-24 16:08 <DIR> d-------- C:\Programmi\MIKSOFT
2007-12-22 11:01 . 2007-12-22 11:01 <DIR> d-------- C:\Programmi\DSP-worx
2007-12-20 21:22 . 2007-12-20 21:22 <DIR> d-------- C:\archivio download
2007-12-20 20:08 . 2007-12-20 20:08 <DIR> d--hs---- C:\FOUND.015
2007-12-16 14:24 . 2007-12-16 14:24 <DIR> d-------- C:\Programmi\uTorrent
2007-12-16 14:23 . 2007-12-16 14:23 <DIR> d-------- C:\Documents and Settings\cosmic\Dati applicazioni\uTorrent
2007-12-16 10:51 . 2007-12-16 10:51 <DIR> d-------- C:\Programmi\SopCast
2007-12-16 01:27 . 2007-12-16 01:27 <DIR> d-------- C:\Documents and Settings\cosmic\Dati applicazioni\vlc
2007-12-16 01:25 . 2007-12-16 01:25 <DIR> d-------- C:\Programmi\VideoLAN
2007-12-15 16:18 . 2007-12-15 16:18 <DIR> d-------- C:\Programmi\AdunanzA
2007-12-14 16:11 . 2007-12-14 16:11 <DIR> d--hs---- C:\FOUND.014
2007-12-07 00:27 . 2007-12-07 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 14:21 --------- d-----w C:\Programmi\a-squared HiJackFree
2007-11-23 21:17 --------- d-----w C:\Programmi\Lavasoft
2007-11-23 21:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2007-11-23 21:16 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2007-11-23 20:45 --------- d-----w C:\Programmi\Enigma Software Group
2007-11-23 18:53 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2007-11-14 07:27 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 09:56 3,086,848 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:42 8,489,472 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:11 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:11 668,672 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:11 619,008 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:11 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:11 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:11 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:11 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:11 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:11 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:11 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:11 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:11 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:11 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:11 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:11 1,498,624 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:11 1,056,256 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:11 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-10-02 23:02 81,920 ----a-w C:\Documents and Settings\cosmic\Dati applicazioni\ezpinst.exe
2007-10-02 23:02 47,360 ----a-w C:\Documents and Settings\cosmic\Dati applicazioni\pcouffin.sys
2006-09-10 22:36 110 ----a-w C:\Documents and Settings\cosmic\Dati applicazioni\wklnhst.dat
2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-04_12.10.18.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [ ]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 23:07 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-12-13 21:31 151552]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-19 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 00:25 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 00:22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 00:26 118784]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"ntiMUI"="C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 02:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 23:21 53248]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 18:41 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-04-03 17:03 471040]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-03-31 10:47 225280]
"LogitechCameraAssistant"="C:\Programmi\Acer\OrbiCam\CameraAssistant.exe" [2006-03-31 10:24 331776]
"LogitechVideo[inspector]"="C:\Programmi\Acer\OrbiCam\InstallHelper.exe" [2006-03-31 10:32 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Share-to-Web Namespace Daemon"="C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 20:15 579072]
"IntelliPoint"="C:\Programmi\Microsoft IntelliPoint\point32.exe" [2005-03-24 00:26 217088]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"NWEReboot"="" []
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11 102491]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11 692315]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 05:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 17:14 219136]
C:\Documents and Settings\cosmic\Menu Avvio\Programmi\Esecuzione automatica\
wkcalrem.LNK - C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 09:54:24]
FreePOPs.lnk - C:\Programmi\FreePOPs\freepopsd.exe [2007-06-22 21:17:44]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-09 21:18:30]
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-10-19 01:38:14]
HP Digital Imaging Monitor.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
Avvio rapido HP Photosmart Premier.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 01:14]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-03-30 20:11]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 05:00]
S3 AF05BDA;Cinergy T USB XE service;C:\WINDOWS\system32\drivers\AF05BDA.sys [2006-06-29 13:42]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-04-03 15:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14e1568a-4858-11dc-9e06-0016364e5d7f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
*Newly Created Service* - INT15.SYS
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 12:43:30
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-01-05 12:46:50
ComboFix-quarantined-files.txt 2008-01-05 11:46:40
ComboFix2.txt 2008-01-04 11:10:44
.
2007-12-22 06:59:05 --- E O F --- |
|
| Top |
|
|
cosmic
Mortale pio
Registrato: 02/01/08 14:43
Messaggi: 19
|
| Inviato: 05 Gen 2008 14:00 Oggetto: infine... |
|
|
infine il log aggiornato di HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 12.58.02, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\DOCUME~1\cosmic\IMPOST~1\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\varie\utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beppegrillo.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: wkcalrem.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmi\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe |
|
| Top |
|
|
cosmic
Mortale pio
Registrato: 02/01/08 14:43
Messaggi: 19
|
| Inviato: 07 Gen 2008 10:17 Oggetto: |
|
|
bdoriano, maestro, non dimenticarti di me... 
ho fatto tutto: eliminato quei brutti .job con Combofix, postato tutti i log...
resta ancora il risultato di kaspersky da valutare (quel Trojan.Java.ClassLoader.ap da debellare...)
| cosmic ha scritto: | qui si trova il risultato di kaspersky:
http://www.freefilehosting.net/download/3a331
|
e i file temporanei in Risorse nel Computer ancora là, ogni giorno...
(oggi si chiamano STSD.tmp e STSF.tmp)  |
|
| Top |
|
|
cosmic
Mortale pio
Registrato: 02/01/08 14:43
Messaggi: 19
|
| Inviato: 08 Gen 2008 00:08 Oggetto: nessuno mi dà indicazioni? |
|
|
nessuna risposta...
vado avanti col mio monologo
ho scaricato la versione di prova di kaspersky e ho fatto una scansione che pare abbia eliminato quel Trojan.Java.ClassLoader.
ma allora che cos'è che fa apparire questi file temporanei nella Cronologia?
ho messo il log di kaspersky e quello aggiornato di hijack qui:
kaspersky4.html
hijackthis510.log |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 08 Gen 2008 11:52 Oggetto: Re: nessuno mi dà indicazioni? |
|
|
| cosmic ha scritto: | nessuna risposta...
vado avanti col mio monologo |
Ops! 
Scusa, ti ho perso nei meandri delle richieste d'aiuto.
Stasera darò un'occhiata ai logs. Abbi pazienza ancora qualche oretta.  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 08 Gen 2008 22:07 Oggetto: |
|
|
Ho notato che ComboFix non ha eliminato il file c:\windows\system32\srvirsbu.exe. 
Prova a cercarlo e, se lo trovi, eliminalo. Se lo trovi e non riesci a eliminarlo, prova a usare unlocker.
Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a questa voce:
| Citazione: | | O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab |
clicca fix checked
Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo
Non ho capito se hai installato AVG e Kaspersky o se hai tolto AVG per installare Kaspersky.
|
|
| Top |
|
|
cosmic
Mortale pio
Registrato: 02/01/08 14:43
Messaggi: 19
|
| Inviato: 08 Gen 2008 22:45 Oggetto: |
|
|
ciao bdoriano, sapevo che c'eri ancora...
ho monologato un po' anche per tenere il post in vista, vedo che sei superimpegnato!
dunque: srvirsbu.exe non c'è più... nè in quella cartella, nè altrove... non so quando è sparito...
ho fixato in modalità provvisoria la voce da te indicata.
di seguito il log di hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 21.35.37, on 08/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\DOCUME~1\cosmic\IMPOST~1\Temp\RtkBtMnt.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
D:\varie\utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beppegrillo.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: wkcalrem.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmi\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} -
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
AVG l'ho disinstallato prima di installare Kaspersky, poi, dopo un paio di scansioni con Kaspersky, ho disinstallato quest'ultimo per re-installare AVG. Il tutto con riavvii tra un'operazione e l'altra.
ho fatto sciocchezze?!? 
più tardi farò le scansioni online da te suggerite.
per ora torno a ringraziarti
 |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 10 Gen 2008 11:30 Oggetto: |
 |
|
| cosmic ha scritto: | AVG l'ho disinstallato prima di installare Kaspersky, poi, dopo un paio di scansioni con Kaspersky, ho disinstallato quest'ultimo per re-installare AVG. Il tutto con riavvii tra un'operazione e l'altra.
ho fatto sciocchezze?!? |
Tutto corretto!
Se vuoi, puoi fare anche queste pulizie generiche (offline):
|
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
