|
| Precedente :: Successivo |
| Autore |
Messaggio |
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
 Inviato: 21 Apr 2008 17:08 Oggetto: LAUNCH 1 EXE |
 |
|
Ciao a tutti..come vedete ho un problema con il processo launch 1 exe che compare sempre.Nel task manager lo chiudo sempre quindi ho scaricato Hijack ed ho copiato dal blocco note il risultato della ricerca.Qualcuno saprebbe darmi un piccolo aiutino per continuare ad usarlo?Nel forum si dice che bisognava copiare quello che si trovava ed attendere che qualcuno più esperto si pronunciasse.Grazie dell'aiuto.Adolfo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.41.24, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe
C:\Programmi\Mouse Driver\MouseDrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [MultimediaMouse] C:\Programmi\Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/download/DownloaderActiveX.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LogoMedia TranslateDotNet Server - Unknown owner - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 8373 bytes |
|
| Top |
|
 |
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
| Inviato: 21 Apr 2008 21:10 Oggetto: |
|
|
Qualcuno può aiutarmi?  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 21 Apr 2008 21:20 Oggetto: |
|
|
Ciao adolfo, 
il log di hijackthis sembra pulito.
Fai comunque le pulizie generiche:
PS: se vuoi, puoi presentarti qui |
|
| Top |
|
|
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
| Inviato: 22 Apr 2008 01:17 Oggetto: |
|
|
NFix_2008-04-22_00-05-13.log
Questo è il frutto del lavoro dopo che ho inserito il file in blocco note sul sito...sai dirmi qualcosa in più?Il mio LAUNCH 1 EXE compare ancora...grazie |
|
| Top |
|
|
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
| Inviato: 22 Apr 2008 01:48 Oggetto: |
|
|
Questo è il log di Combofix:
ComboFix 08-04-20.5 - adolfo 2008-04-22 1.19.32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.208 [GMT 2:00]
Eseguito da: C:\Documents and Settings\adolfo\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL
C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.ini
C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\DownloaderActiveX.INF
C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\DownloaderActiveX.ocx
C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\dwusplay.dll
C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\dwusplay.exe
C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\isusweb.dll
C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\jinstall-6u2.inf
C:\WINDOWS\winload.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_IPRIP
-------\Service_6to4
-------\Service_Iprip
((((((((((((((((((((((((( Files Creati Da 2008-03-21 al 2008-04-21 )))))))))))))))))))))))))))))))))))
.
2008-04-21 23:47 . 2008-04-21 23:47 <DIR> d-------- C:\Programmi\CCleaner
2008-04-21 17:05 . 2008-04-21 17:05 244 --ah----- C:\sqmnoopt19.sqm
2008-04-21 17:05 . 2008-04-21 17:05 232 --ah----- C:\sqmdata19.sqm
2008-04-21 14:33 . 2008-04-21 14:33 <DIR> d-------- C:\Programmi\Trend Micro
2008-04-21 14:25 . 2008-04-21 14:25 <DIR> d-------- C:\Documents and Settings\adolfo\Dati applicazioni\Uniblue
2008-04-16 22:05 . 2008-04-16 22:05 244 --ah----- C:\sqmnoopt18.sqm
2008-04-16 22:05 . 2008-04-16 22:05 232 --ah----- C:\sqmdata18.sqm
2008-04-09 21:09 . 2008-04-09 21:09 244 --ah----- C:\sqmnoopt17.sqm
2008-04-09 21:09 . 2008-04-09 21:09 232 --ah----- C:\sqmdata17.sqm
2008-04-08 21:15 . 2008-04-08 21:15 244 --ah----- C:\sqmnoopt16.sqm
2008-04-08 21:15 . 2008-04-08 21:15 232 --ah----- C:\sqmdata16.sqm
2008-04-07 17:02 . 2008-04-07 17:02 244 --ah----- C:\sqmnoopt15.sqm
2008-04-07 17:02 . 2008-04-07 17:02 232 --ah----- C:\sqmdata15.sqm
2008-04-05 16:38 . 2008-04-05 16:38 244 --ah----- C:\sqmnoopt14.sqm
2008-04-05 16:38 . 2008-04-05 16:38 232 --ah----- C:\sqmdata14.sqm
2008-04-05 16:26 . 2008-04-05 16:26 244 --ah----- C:\sqmnoopt13.sqm
2008-04-05 16:26 . 2008-04-05 16:26 232 --ah----- C:\sqmdata13.sqm
2008-04-05 13:45 . 2008-04-05 13:45 244 --ah----- C:\sqmnoopt12.sqm
2008-04-05 13:45 . 2008-04-05 13:45 232 --ah----- C:\sqmdata12.sqm
2008-04-05 01:03 . 2008-04-05 01:03 244 --ah----- C:\sqmnoopt11.sqm
2008-04-05 01:03 . 2008-04-05 01:03 232 --ah----- C:\sqmdata11.sqm
2008-04-04 21:20 . 2008-04-04 21:20 244 --ah----- C:\sqmnoopt10.sqm
2008-04-04 21:20 . 2008-04-04 21:20 232 --ah----- C:\sqmdata10.sqm
2008-04-04 18:31 . 2008-04-04 18:31 244 --ah----- C:\sqmnoopt09.sqm
2008-04-04 18:31 . 2008-04-04 18:31 232 --ah----- C:\sqmdata09.sqm
2008-04-03 23:31 . 2008-04-03 23:31 244 --ah----- C:\sqmnoopt08.sqm
2008-04-03 23:31 . 2008-04-03 23:31 232 --ah----- C:\sqmdata08.sqm
2008-04-03 17:39 . 2008-04-03 17:39 244 --ah----- C:\sqmnoopt07.sqm
2008-04-03 17:39 . 2008-04-03 17:39 232 --ah----- C:\sqmdata07.sqm
2008-04-03 01:00 . 2008-04-03 01:00 244 --ah----- C:\sqmnoopt06.sqm
2008-04-03 01:00 . 2008-04-03 01:00 232 --ah----- C:\sqmdata06.sqm
2008-04-01 17:50 . 2008-04-01 17:50 244 --ah----- C:\sqmnoopt05.sqm
2008-04-01 17:50 . 2008-04-01 17:50 232 --ah----- C:\sqmdata05.sqm
2008-03-26 18:11 . 2008-03-26 18:11 244 --ah----- C:\sqmnoopt04.sqm
2008-03-26 18:11 . 2008-03-26 18:11 232 --ah----- C:\sqmdata04.sqm
2008-03-26 00:04 . 2008-03-26 00:04 244 --ah----- C:\sqmnoopt03.sqm
2008-03-26 00:04 . 2008-03-26 00:04 232 --ah----- C:\sqmdata03.sqm
2008-03-25 16:47 . 2008-03-25 16:47 244 --ah----- C:\sqmnoopt02.sqm
2008-03-25 16:47 . 2008-03-25 16:47 232 --ah----- C:\sqmdata02.sqm
2008-03-25 12:51 . 2008-03-25 12:51 244 --ah----- C:\sqmnoopt01.sqm
2008-03-25 12:51 . 2008-03-25 12:51 232 --ah----- C:\sqmdata01.sqm
2008-03-24 22:14 . 2008-03-24 22:14 244 --ah----- C:\sqmnoopt00.sqm
2008-03-24 22:14 . 2008-03-24 22:14 232 --ah----- C:\sqmdata00.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 23:08 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3245.sys
2008-04-21 21:37 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\uTorrent
2008-04-21 12:19 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\AVG7
2008-04-20 13:55 --------- d-----w C:\Programmi\eMule
2008-04-19 21:03 --------- d-----w C:\Programmi\GestioneAcquario
2008-04-17 12:35 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\U3
2008-04-14 07:45 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\AdobeUM
2008-03-24 19:15 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\mIRC
2008-03-23 08:13 --------- d-----w C:\Programmi\Gravity Gems
2008-03-23 08:13 --------- d-----w C:\Programmi\Absolutist.com
2008-03-21 16:20 --------- d-----w C:\Programmi\Luxor
2008-03-15 21:32 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-03-15 21:32 --------- d-----w C:\Programmi\AVS4YOU
2008-03-15 21:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-03-15 21:26 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\AVS4YOU
2008-03-06 19:04 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\Apple Computer
2008-03-06 19:03 --------- d-----w C:\Programmi\iTunes
2008-03-06 19:03 --------- d-----w C:\Programmi\iPod
2008-03-06 19:03 --------- d-----w C:\Programmi\Bonjour
2008-03-06 19:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-03-06 19:00 --------- d-----w C:\Programmi\File comuni\Apple
2008-03-06 19:00 --------- d-----w C:\Programmi\Apple Software Update
2008-03-06 19:00 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-01-30 11:27 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-02-01 19:18 87,608 ----a-w C:\Documents and Settings\adolfo\Dati applicazioni\ezpinst.exe
2007-02-01 19:18 47,360 ----a-w C:\Documents and Settings\adolfo\Dati applicazioni\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 17:25 94208]
"PeerGuardian"="C:\Programmi\PeerGuardian2\pg2.exe" [ ]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"Uniblue RegistryBooster 2"="C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-21 14:18 579584]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-01-04 10:31 406528]
"Acronis Scheduler2 Service"="C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe" [2007-08-30 10:44 148760]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"MultimediaMouse"="C:\Programmi\Mouse Driver\StartAutorun.exe" [2005-11-30 13:48 94208]
"QuickTime Task"="C:\Programmi\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-10 00:58 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"msacm.ac3acm"= AC3ACM.acm
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\Mirc fusion\\FUSIONSCRIPT\\FUSIONSCRIPT\\mirc.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system\\nppagent.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"16981:TCP"= 16981:TCP:NortonAV
"12335:TCP"= 12335:TCP:NortonAV
"18725:TCP"= 18725:TCP:NortonAV
"16548:TCP"= 16548:TCP:NortonAV
"18494:TCP"= 18494:TCP:NortonAV
"12390:TCP"= 12390:TCP:NortonAV
"16718:TCP"= 16718:TCP:NortonAV
"18971:TCP"= 18971:TCP:NortonAV
"15308:TCP"= 15308:TCP:NortonAV
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 MOUSEWDFilter;MOUSEWDFilter;C:\WINDOWS\System32\Drivers\MOUSEWD.SYS [2006-08-20 17:23]
S3 LogoMedia TranslateDotNet Server;LogoMedia TranslateDotNet Server;C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe []
S3 p2pgasvc;Autenticazione gruppo rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 15:39]
S3 p2pimsvc;Gestione identità rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 15:39]
S3 p2psvc;Rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 15:39]
S3 PNRPSvc;Peer Name Resolution Protocol (PNRP);C:\WINDOWS\system32\svchost.exe [2004-08-19 15:39]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89edbb50-9e44-11db-8d05-0050fc911277}]
\Shell\Auto\command - J:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{947717d0-e15d-11dc-8ec3-0050fc911277}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c247f9e0-fcd4-11dc-8ef9-0050fc911277}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa77e0f6-5d3c-11dc-8d98-0050fc911277}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 01:24:25
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Mouse Driver\MouseDrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
.
**************************************************************************
.
Ora fine scansione: 2008-04-22 1:30:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 23:30:28
11 Directory 33,657,335,808 byte disponibili
15 Directory 33,542,418,432 byte disponibili
227 --- E O F --- 2008-02-15 00:07:43 |
|
| Top |
|
|
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
| Inviato: 22 Apr 2008 01:51 Oggetto: |
|
|
E quasto l'aggiornato di Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.50.23, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Mouse Driver\MouseDrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [MultimediaMouse] C:\Programmi\Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/download/DownloaderActiveX.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LogoMedia TranslateDotNet Server - Unknown owner - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 8544 bytes |
|
| Top |
|
|
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
| Inviato: 22 Apr 2008 12:19 Oggetto: |
|
|
| Qualcuno può aiutarmi?il mio LAUNCH 1 EXE permane...grazie a tutti.Adolfo |
|
| Top |
|
|
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
| Inviato: 22 Apr 2008 15:07 Oggetto: |
|
|
| bdoriano ha scritto: | - Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria
- esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:
| Citazione: | O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe |
clicca fix checked
Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo
- Disabilita il tuo antivirus
- Collegati a BitDefender (con IE) e fai la scansione completa.
- Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
|
http://forum.zeusnews.com/link/32041/download/3g0m7 |
|
| Top |
|
|
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
| Inviato: 22 Apr 2008 20:31 Oggetto: |
|
|
Per favore,qualcuno può aiutarmi?Il log di Kaspersky mi dà un sacco di virus.Ecco qui lo allego:
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 22, 2008 3:02:06 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/04/2008
Kaspersky Anti-Virus database records: 720900
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 87747
Number of viruses found 12
Number of infected objects 31
Number of suspicious objects 0
Duration of the scan process 01:54:44
Infected Object Name Virus Name Last Action
C:\Documents and Settings\adolfo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\adolfo\Dati applicazioni\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\adolfo\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\adolfo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\adolfo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\adolfo\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\adolfo\ntuser.dat Object is locked skipped
C:\Documents and Settings\adolfo\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-04-22.12-02-25.log Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Programmi\Mirc fusion\FUSIONSCRIPT\FUSIONSCRIPT\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Programmi\Mirc fusion\FUSIONSCRIPT\FUSIONSCRIPT\script\ps.dll Infected: not-a-virus:RiskTool.Win32.PsKill.q skipped
C:\Programmi\MultiMedia Italy Toolbar\MultiMedia - Installer.exe/data0015/data0005 Infected: not-a-virus:AdWare.Win32.Shopper.l skipped
C:\Programmi\MultiMedia Italy Toolbar\MultiMedia - Installer.exe/data0015 Infected: not-a-virus:AdWare.Win32.Shopper.l skipped
C:\Programmi\MultiMedia Italy Toolbar\MultiMedia - Installer.exe NSIS: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2FB069B4-D85C-4B40-B479-BB848C18523A}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system\outlok.exe Infected: not-a-virus:PSWTool.Win32.MailPassView.130 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd3245.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_524.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\MUSICA\M\MARIE J BLIGE\marie j blige lil man just fin.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
G:\SOFTWARE\FUSIONSCRIPT.zip/FUSIONSCRIPT/FUSIONSCRIPT/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
G:\SOFTWARE\FUSIONSCRIPT.zip/FUSIONSCRIPT/FUSIONSCRIPT/script/ps.dll Infected: not-a-virus:RiskTool.Win32.PsKill.q skipped
G:\SOFTWARE\FUSIONSCRIPT.zip ZIP: infected - 2 skipped
G:\SOFTWARE\mIRC 6.3 Ita Eng\mIRC - English.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
G:\SOFTWARE\mIRC 6.3 Ita Eng\mIRC - Italiano.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
G:\SOFTWARE\puazzo_ins.exe/file01 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
G:\SOFTWARE\puazzo_ins.exe/file27 Infected: not-a-virus:NetTool.Win32.Scan.12 skipped
G:\SOFTWARE\puazzo_ins.exe Inno: infected - 2 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\VARIE\GIOCHI\120 games cracked\Abracadabra\abracadabrasetup.exe Infected: not-a-virus:AdWare.Win32.EShoper.e skipped
G:\VARIE\GIOCHI\120 games cracked\Androkids\Androkids.exe Infected: not-a-virus:AdWare.Win32.EShoper.e skipped
G:\VARIE\GIOCHI\120 games cracked\Bongo Boogie\Bongo Boogie.exe Infected: not-a-virus:AdWare.Win32.EShoper.e skipped
G:\VARIE\GIOCHI\120 games cracked\Drip Drop\dripdrop.exe Infected: not-a-virus:AdWare.Win32.EShoper.e skipped
G:\VARIE\GIOCHI\120 games cracked\Magic Ball\Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0007/data0005 Infected: not-a-virus:AdWare.Win32.MegaSearch.g skipped
G:\VARIE\GIOCHI\120 games cracked\Magic Ball\Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0007/data0007 Infected: Trojan-Downloader.Win32.Keenval.n skipped
G:\VARIE\GIOCHI\120 games cracked\Magic Ball\Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0007 Infected: Trojan-Downloader.Win32.Keenval.n skipped
G:\VARIE\GIOCHI\120 games cracked\Magic Ball\Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0008/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval.h skipped
G:\VARIE\GIOCHI\120 games cracked\Magic Ball\Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0008/data0002 Infected: Trojan-Downloader.Win32.Keenval.h skipped
G:\VARIE\GIOCHI\120 games cracked\Magic Ball\Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0008/data0005 Infected: Trojan.Win32.Keenval.a skipped
G:\VARIE\GIOCHI\120 games cracked\Magic Ball\Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe/data0008 Infected: Trojan.Win32.Keenval.a skipped
G:\VARIE\GIOCHI\120 games cracked\Magic Ball\Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe/Alawar_bundle.exe Infected: Trojan.Win32.Keenval.a skipped
G:\VARIE\GIOCHI\120 games cracked\Magic Ball\Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe/Alawar_gamebar.exe Infected: Trojan.Win32.Keenval.a skipped
G:\VARIE\GIOCHI\120 games cracked\Magic Ball\Breakout Magic Ball-2 V2.1 + Serial.rar/MagicBall2.exe Infected: Trojan.Win32.Keenval.a skipped
G:\VARIE\GIOCHI\120 games cracked\Magic Ball\Breakout Magic Ball-2 V2.1 + Serial.rar RAR: infected - 10 skipped
G:\VARIE\GIOCHI\120 games cracked\Spin Around 1.0\Spin Around v1.0 Setup.exe Infected: not-a-virus:AdWare.Win32.EShoper.e skipped
Scan process completed. |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 23 Apr 2008 16:06 Oggetto: |
|
|
Cancella i seguenti files (contenenti virus):
| Citazione: | G:\VARIE\GIOCHI\120 games cracked\Magic Ball\Breakout Magic Ball-2 V2.1 + Serial.rar
G:\MUSICA\M\MARIE J BLIGE\marie j blige lil man just fin.mp3 |
Per il resto, vengono identificati parecchi adware (software pubblicitari) e risktool (software potenzialmente rischiosi).
Dicci se vuoi eliminarli (così eventuali programmi che li utilizzano smetteranno di funzionare) o tenerli. |
|
| Top |
|
|
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
| Inviato: 24 Apr 2008 00:13 Oggetto: |
|
|
| Vorrei eliminarli bdoriano ma spero che riesca anche a cancellare quel LAUNCH 1 EXE!!!Fammi avere notizie.Grazie,Adolfo |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 24 Apr 2008 09:34 Oggetto: |
|
|
Siccome di quel Launch 1 EXE non se ne vede traccia nei logs finora postati, fai queste scansioni con GMER (sono 2: autostart e rootkit) e posta i logs su FreeFileHosting come indicato qui. |
|
| Top |
|
|
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
| Inviato: 27 Apr 2008 17:07 Oggetto: |
|
|
gmer126.txt
prima scansione con gmer
gmer225.txt
seconda scansione con gmer
Ciao bdoriano...fatto la scansione con gmer..cosa mi dici di questi link estrapolati da freefilehosting?? |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 28 Apr 2008 17:14 Oggetto: |
|
|
I logs che hai postato sono perfettamente identici. 
Serviva anche il log rootkit... ma non importa.
Avevi, per caso, caricato il PCSuite della Nokia?
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup |
|
| Top |
|
|
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
| Inviato: 28 Apr 2008 17:21 Oggetto: |
|
|
| Si bdoriano..cosa mi dici in merito? |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 28 Apr 2008 19:08 Oggetto: |
|
|
Se hai disinstallato il Nokia PCSuite, ne è comunque rimasta traccia all'avvio del pc.
Crea un file di testo con le seguenti istruzioni:
| Codice: | Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"=-
File::
G:\VARIE\GIOCHI\120 games cracked\Spin Around 1.0\Spin Around v1.0 Setup.exe
G:\VARIE\GIOCHI\120 games cracked\Drip Drop\dripdrop.exe
G:\VARIE\GIOCHI\120 games cracked\Bongo Boogie\Bongo Boogie.exe
G:\VARIE\GIOCHI\120 games cracked\Androkids\Androkids.exe
G:\VARIE\GIOCHI\120 games cracked\Abracadabra\abracadabrasetup.exe
G:\SOFTWARE\FUSIONSCRIPT.zip
G:\SOFTWARE\puazzo_ins.exe
C:\WINDOWS\system\outlok.exe
C:\Programmi\MultiMedia Italy Toolbar\MultiMedia - Installer.exe |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. 
Posta i logs aggiornati di combofix e di hijackthis |
|
| Top |
|
|
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
| Inviato: 28 Apr 2008 22:01 Oggetto: |
|
|
ComboFix 08-04-20.5 - adolfo 2008-04-28 21:24:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.229 [GMT 2:00]
Eseguito da: C:\Documents and Settings\adolfo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\adolfo\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Programmi\MultiMedia Italy Toolbar\MultiMedia - Installer.exe
C:\WINDOWS\system\outlok.exe
G:\SOFTWARE\FUSIONSCRIPT.zip
G:\SOFTWARE\puazzo_ins.exe
G:\VARIE\GIOCHI\120 games cracked\Abracadabra\abracadabrasetup.exe
G:\VARIE\GIOCHI\120 games cracked\Androkids\Androkids.exe
G:\VARIE\GIOCHI\120 games cracked\Bongo Boogie\Bongo Boogie.exe
G:\VARIE\GIOCHI\120 games cracked\Drip Drop\dripdrop.exe
G:\VARIE\GIOCHI\120 games cracked\Spin Around 1.0\Spin Around v1.0 Setup.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Programmi\MultiMedia Italy Toolbar\MultiMedia - Installer.exe
C:\WINDOWS\system\outlok.exe
G:\SOFTWARE\FUSIONSCRIPT.zip
G:\SOFTWARE\puazzo_ins.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-03-28 al 2008-04-28 )))))))))))))))))))))))))))))))))))
.
2008-04-24 19:08 . 2008-04-27 16:12 250 --a------ C:\WINDOWS\gmer.ini
2008-04-22 12:37 . 2008-04-22 12:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-22 12:37 . 2008-04-22 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-04-22 02:25 . 2008-04-28 17:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-22 02:25 . 2008-04-22 02:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-22 02:16 . 2008-04-22 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Intenium
2008-04-22 02:15 . 2008-04-22 02:18 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-21 23:47 . 2008-04-21 23:47 <DIR> d-------- C:\Programmi\CCleaner
2008-04-21 17:05 . 2008-04-21 17:05 244 --ah----- C:\sqmnoopt19.sqm
2008-04-21 17:05 . 2008-04-21 17:05 232 --ah----- C:\sqmdata19.sqm
2008-04-21 14:33 . 2008-04-21 14:33 <DIR> d-------- C:\Programmi\Trend Micro
2008-04-21 14:25 . 2008-04-21 14:25 <DIR> d-------- C:\Documents and Settings\adolfo\Dati applicazioni\Uniblue
2008-04-16 22:05 . 2008-04-16 22:05 244 --ah----- C:\sqmnoopt18.sqm
2008-04-16 22:05 . 2008-04-16 22:05 232 --ah----- C:\sqmdata18.sqm
2008-04-09 21:09 . 2008-04-09 21:09 244 --ah----- C:\sqmnoopt17.sqm
2008-04-09 21:09 . 2008-04-09 21:09 232 --ah----- C:\sqmdata17.sqm
2008-04-08 21:15 . 2008-04-08 21:15 244 --ah----- C:\sqmnoopt16.sqm
2008-04-08 21:15 . 2008-04-08 21:15 232 --ah----- C:\sqmdata16.sqm
2008-04-07 17:02 . 2008-04-07 17:02 244 --ah----- C:\sqmnoopt15.sqm
2008-04-07 17:02 . 2008-04-07 17:02 232 --ah----- C:\sqmdata15.sqm
2008-04-05 16:38 . 2008-04-05 16:38 244 --ah----- C:\sqmnoopt14.sqm
2008-04-05 16:38 . 2008-04-05 16:38 232 --ah----- C:\sqmdata14.sqm
2008-04-05 16:26 . 2008-04-05 16:26 244 --ah----- C:\sqmnoopt13.sqm
2008-04-05 16:26 . 2008-04-05 16:26 232 --ah----- C:\sqmdata13.sqm
2008-04-05 13:45 . 2008-04-05 13:45 244 --ah----- C:\sqmnoopt12.sqm
2008-04-05 13:45 . 2008-04-05 13:45 232 --ah----- C:\sqmdata12.sqm
2008-04-05 01:03 . 2008-04-05 01:03 244 --ah----- C:\sqmnoopt11.sqm
2008-04-05 01:03 . 2008-04-05 01:03 232 --ah----- C:\sqmdata11.sqm
2008-04-04 21:20 . 2008-04-04 21:20 244 --ah----- C:\sqmnoopt10.sqm
2008-04-04 21:20 . 2008-04-04 21:20 232 --ah----- C:\sqmdata10.sqm
2008-04-04 18:31 . 2008-04-04 18:31 244 --ah----- C:\sqmnoopt09.sqm
2008-04-04 18:31 . 2008-04-04 18:31 232 --ah----- C:\sqmdata09.sqm
2008-04-03 23:31 . 2008-04-03 23:31 244 --ah----- C:\sqmnoopt08.sqm
2008-04-03 23:31 . 2008-04-03 23:31 232 --ah----- C:\sqmdata08.sqm
2008-04-03 17:39 . 2008-04-28 17:23 244 --ah----- C:\sqmnoopt07.sqm
2008-04-03 17:39 . 2008-04-28 17:23 232 --ah----- C:\sqmdata07.sqm
2008-04-03 01:00 . 2008-04-27 18:42 244 --ah----- C:\sqmnoopt06.sqm
2008-04-03 01:00 . 2008-04-27 18:42 232 --ah----- C:\sqmdata06.sqm
2008-04-01 17:50 . 2008-04-27 17:46 244 --ah----- C:\sqmnoopt05.sqm
2008-04-01 17:50 . 2008-04-27 17:46 232 --ah----- C:\sqmdata05.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 19:25 --------- d-----w C:\Programmi\MultiMedia Italy Toolbar
2008-04-28 19:22 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-04-28 19:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2008-04-28 19:16 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\uTorrent
2008-04-25 23:06 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\AdobeUM
2008-04-23 22:15 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\AVG7
2008-04-22 00:21 --------- d-----w C:\Programmi\Oberon Media
2008-04-21 23:08 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3245.sys
2008-04-20 13:55 --------- d-----w C:\Programmi\eMule
2008-04-19 21:03 --------- d-----w C:\Programmi\GestioneAcquario
2008-04-17 12:35 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\U3
2008-03-24 19:15 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\mIRC
2008-03-23 08:13 --------- d-----w C:\Programmi\Gravity Gems
2008-03-23 08:13 --------- d-----w C:\Programmi\Absolutist.com
2008-03-21 16:20 --------- d-----w C:\Programmi\Luxor
2008-03-15 21:32 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-03-15 21:32 --------- d-----w C:\Programmi\AVS4YOU
2008-03-15 21:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-03-15 21:26 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\AVS4YOU
2008-03-06 19:04 --------- d-----w C:\Documents and Settings\adolfo\Dati applicazioni\Apple Computer
2008-03-06 19:03 --------- d-----w C:\Programmi\iTunes
2008-03-06 19:03 --------- d-----w C:\Programmi\iPod
2008-03-06 19:03 --------- d-----w C:\Programmi\Bonjour
2008-03-06 19:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-03-06 19:00 --------- d-----w C:\Programmi\File comuni\Apple
2008-03-06 19:00 --------- d-----w C:\Programmi\Apple Software Update
2008-03-06 19:00 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-01-30 11:27 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-02-01 19:18 87,608 ----a-w C:\Documents and Settings\adolfo\Dati applicazioni\ezpinst.exe
2007-02-01 19:18 47,360 ----a-w C:\Documents and Settings\adolfo\Dati applicazioni\pcouffin.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-22_ 1.30.13.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-21 23:23:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-28 15:08:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 17:08:20 819,200 ----a-w C:\WINDOWS\gmer.dll
+ 2008-03-03 18:29:06 761,856 ----a-w C:\WINDOWS\gmer.exe
- 2007-12-04 13:04:28 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2007-12-04 12:54:04 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
+ 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
- 2007-12-04 14:49:02 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2007-12-04 14:56:02 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
- 2007-12-04 14:55:46 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2007-12-04 14:53:39 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2007-12-04 14:51:52 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-04-24 17:08:21 86,097 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-04-28 15:08:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4ec.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 17:25 94208]
"PeerGuardian"="C:\Programmi\PeerGuardian2\pg2.exe" [ ]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"Uniblue RegistryBooster 2"="C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-21 14:18 579584]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-01-04 10:31 406528]
"Acronis Scheduler2 Service"="C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe" [2007-08-30 10:44 148760]
"MultimediaMouse"="C:\Programmi\Mouse Driver\StartAutorun.exe" [2005-11-30 13:48 94208]
"QuickTime Task"="C:\Programmi\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-10 00:58 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"msacm.ac3acm"= AC3ACM.acm
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\Mirc fusion\\FUSIONSCRIPT\\FUSIONSCRIPT\\mirc.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system\\nppagent.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"16981:TCP"= 16981:TCP:NortonAV
"12335:TCP"= 12335:TCP:NortonAV
"18725:TCP"= 18725:TCP:NortonAV
"16548:TCP"= 16548:TCP:NortonAV
"18494:TCP"= 18494:TCP:NortonAV
"12390:TCP"= 12390:TCP:NortonAV
"16718:TCP"= 16718:TCP:NortonAV
"18971:TCP"= 18971:TCP:NortonAV
"15308:TCP"= 15308:TCP:NortonAV
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 MOUSEWDFilter;MOUSEWDFilter;C:\WINDOWS\System32\Drivers\MOUSEWD.SYS [2006-08-20 17:23]
S3 LogoMedia TranslateDotNet Server;LogoMedia TranslateDotNet Server;C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe []
S3 p2pgasvc;Autenticazione gruppo rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 15:39]
S3 p2pimsvc;Gestione identità rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 15:39]
S3 p2psvc;Rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 15:39]
S3 PNRPSvc;Peer Name Resolution Protocol (PNRP);C:\WINDOWS\system32\svchost.exe [2004-08-19 15:39]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89edbb50-9e44-11db-8d05-0050fc911277}]
\Shell\Auto\command - J:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{947717d0-e15d-11dc-8ec3-0050fc911277}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c247f9e0-fcd4-11dc-8ef9-0050fc911277}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa77e0f6-5d3c-11dc-8d98-0050fc911277}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 21:28:29
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-04-28 21:30:23
ComboFix-quarantined-files.txt 2008-04-28 19:30:02
ComboFix2.txt 2008-04-21 23:30:37
10 Directory 32,580,247,552 byte disponibili
15 Directory 32,858,578,944 byte disponibili
238 --- E O F --- 2008-02-15 00:07:43 |
|
| Top |
|
|
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
| Inviato: 28 Apr 2008 22:02 Oggetto: |
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.02.03, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Mouse Driver\MouseDrv.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [MultimediaMouse] C:\Programmi\Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/download/DownloaderActiveX.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LogoMedia TranslateDotNet Server - Unknown owner - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 8589 bytes |
|
| Top |
|
|
adolfo
Mortale adepto
Registrato: 21/04/08 17:03
Messaggi: 31
|
| Inviato: 28 Apr 2008 22:03 Oggetto: |
|
|
| Fatto bdoriano...ci sono novità?Grazie.Adolfo |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 29 Apr 2008 08:16 Oggetto: |
 |
|
| Sembra tutto a posto. Riscontri ancora problemi? |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
