Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi controllate il lg di hijack per favore

mi controllate il lg di hijack per favore Opzioni
Topic Precedente · Topic Sucessivo
pokerdassi
Inviato: Friday, October 02, 2009 8:43:40 PM

Rank: AiutAmico

Iscritto dal : 8/31/2007
Posts: 3,448
nessun problema di spicco, ma sento che c'e' qualcosa che non va', malware non mi ha rilevato nulla.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.39.29, on 27/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Users\Arimondo\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0709&m=aspire_5536
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0709&m=aspire_5536
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0709&m=aspire_5536
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10710 bytes

grazie
Torna in alto
 
Sponsor
Inviato: Friday, October 02, 2009 8:43:40 PM

 
Torna in alto
 
shapiro
Inviato: Friday, October 02, 2009 9:26:19 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

non sembra esserci niente di dannoso dal log...sapesti descrivermi che problemi riscontri? altra domanda :hai una webcam gjusto?

per toglierti ogni dubbio prova a scansionare il pc con combofix


Scarica Combofix da qui
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!
Torna in alto
 
pokerdassi
Inviato: Saturday, October 03, 2009 11:56:35 AM

Rank: AiutAmico

Iscritto dal : 8/31/2007
Posts: 3,448
Si c'e' una webcam integrata, e' un notebook, il problema(gia' mi era successo) e' che per qualche millesiimo di secondo lo schermo diventava tutto nero, poi e' uscito un avviso "programma in esecuzione non compatibli con vista aero", cmq risolto disinstallando il programma, ho fatto la scansione con combo, appena lanciato mcafee mi ha rilevato e fermato un virus, e' uscito un avviso), cmq ho atteso ed ecco il risultato:
ComboFix 09-10-01.05 - Arimondo 03/10/2009 11.35.13.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3070.1923 [GMT 2:00]
Eseguito da: c:\users\Arimondo\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-966093477-1798243618-2112350761-1002
c:\$recycle.bin\S-1-5-21-966093477-1798243618-2112350761-1004
c:\$recycle.bin\S-1-5-21-966093477-1798243618-2112350761-500
c:\users\Arimondo\AppData\Local\bmauht.dat
c:\users\Arimondo\AppData\Local\bmauht_nav.dat
c:\users\Arimondo\AppData\Local\bmauht_navps.dat
c:\users\Arimondo\AppData\Local\Temp\ppcrlui_5164_2
c:\users\Arimondo\AppData\Roaming\.#
c:\windows\Installer\26f58.msi
c:\windows\Installer\2ebe5.msi
c:\windows\Suyin.reg

.
((((((((((((((((((((((((( Files Creati Da 2009-09-03 al 2009-10-03 )))))))))))))))))))))))))))))))))))
.

2009-10-03 09:44 . 2009-10-03 09:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-10-03 09:44 . 2009-10-03 09:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-03 08:35 . 2009-10-03 08:35 -------- d-----w- c:\program files\FreeTime
2009-10-03 05:38 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 18:26 . 2009-07-08 11:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-02 18:26 . 2009-07-08 11:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-02 18:26 . 2009-07-08 11:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-02 18:26 . 2009-07-16 10:32 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-02 18:26 . 2009-10-02 18:26 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-02 18:26 . 2009-10-02 18:26 -------- d-----w- c:\program files\McAfee.com
2009-10-02 18:26 . 2009-10-03 07:09 -------- d-----w- c:\program files\McAfee
2009-10-02 18:14 . 2009-07-08 11:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-02 16:26 . 2009-10-02 16:26 -------- d-----w- c:\program files\QuickTime
2009-09-29 15:05 . 2009-09-30 11:14 -------- d-----w- c:\users\Arimondo\AppData\Roaming\DMCache
2009-09-29 13:43 . 2009-09-29 13:43 -------- d-----w- c:\program files\AviSynth 2.5
2009-09-28 08:29 . 2009-09-28 08:29 -------- d-----w- c:\programdata\Apple Computer
2009-09-27 07:22 . 2009-09-27 07:22 -------- d-----w- c:\users\Arimondo\AppData\Local\Thinstall
2009-09-26 16:15 . 2009-09-26 16:15 -------- d-----w- c:\users\Arimondo\AppData\Local\Broad Intelligence
2009-09-26 15:12 . 2009-09-26 15:12 -------- d-----w- c:\users\Arimondo\AppData\Roaming\OpenCandy
2009-09-26 15:12 . 2009-09-26 16:30 -------- d-----w- c:\users\Arimondo\AppData\Roaming\Broad Intelligence
2009-09-26 13:21 . 2009-09-26 13:21 -------- d-----w- c:\users\Arimondo\AppData\Roaming\ATI
2009-09-26 10:00 . 2009-09-26 10:00 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-09-26 09:25 . 2009-09-26 09:34 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-09-26 09:25 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-09-26 09:25 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-09-26 09:25 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-09-26 09:25 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-09-25 14:57 . 2009-09-30 15:17 -------- d-----w- c:\program files\CCleaner
2009-09-25 13:10 . 2009-09-25 13:10 -------- d-----w- c:\program files\Trend Micro
2009-09-25 10:24 . 2009-10-01 05:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-25 10:24 . 2009-09-25 10:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-25 05:08 . 2009-09-25 05:08 -------- d-----w- c:\users\Arimondo\AppData\Roaming\Malwarebytes
2009-09-25 05:08 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 05:08 . 2009-09-25 05:08 -------- d-----w- c:\programdata\Malwarebytes
2009-09-25 05:08 . 2009-09-25 05:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 05:08 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-24 19:58 . 2009-09-24 19:58 -------- d-----w- c:\users\Arimondo\AppData\Roaming\Media Player Classic
2009-09-24 19:57 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-09-24 19:57 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-09-24 19:57 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-09-24 19:57 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-09-24 19:57 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-24 19:57 . 2009-09-24 19:58 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-24 19:25 . 2009-09-24 19:42 -------- d-----w- c:\users\Arimondo\AppData\Local\ApplicationHistory
2009-09-24 19:25 . 2009-09-24 19:25 96 ----a-w- c:\users\Arimondo\AppData\Local\fusioncache.dat
2009-09-24 19:22 . 2009-09-24 19:22 -------- d-----w- c:\windows\system32\URTTEMP
2009-09-23 07:31 . 2009-10-02 16:46 -------- d-----w- c:\users\Arimondo\Tracing
2009-09-22 09:18 . 2009-09-24 17:05 -------- d-----w- c:\users\Arimondo\AppData\Roaming\Nokia
2009-09-22 09:18 . 2009-09-22 09:20 -------- d-----w- c:\programdata\PC Suite
2009-09-22 09:17 . 2009-09-22 09:17 -------- d-----w- c:\program files\Common Files\PCSuite
2009-09-22 09:17 . 2009-09-22 09:17 -------- d-----w- c:\program files\Common Files\Nokia
2009-09-22 09:17 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-09-22 09:16 . 2009-09-22 09:16 -------- d-----w- c:\program files\PC Connectivity Solution
2009-09-22 09:08 . 2009-02-09 06:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-09-22 09:07 . 2009-09-22 09:07 -------- d-----w- c:\programdata\Installations
2009-09-22 08:20 . 2009-09-22 09:20 -------- d-----w- c:\users\Arimondo\AppData\Roaming\PC Suite
2009-09-22 08:19 . 2009-09-22 09:17 -------- d-----w- c:\program files\Nokia
2009-09-22 08:18 . 2009-09-22 09:17 -------- d-----w- c:\program files\DIFX
2009-09-21 08:49 . 2009-09-21 08:49 -------- d-----w- c:\users\Arimondo\AppData\Roaming\JAM Software
2009-09-21 08:45 . 2009-09-21 08:45 -------- d-----w- c:\program files\JAM Software
2009-09-21 05:25 . 2009-09-21 05:26 -------- d-----w- c:\windows\system32\ca-ES
2009-09-21 05:25 . 2009-09-21 05:26 -------- d-----w- c:\windows\system32\eu-ES
2009-09-21 05:25 . 2009-09-21 05:26 -------- d-----w- c:\windows\system32\vi-VN
2009-09-20 05:27 . 2009-09-20 05:27 -------- d-----w- C:\found.000
2009-09-19 15:55 . 2009-09-19 15:55 -------- d-----w- c:\windows\system32\EventProviders
2009-09-19 15:13 . 2009-09-19 15:13 -------- d-----w- c:\users\Arimondo\Option
2009-09-19 11:47 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-09-19 11:45 . 2009-04-11 06:28 268800 ----a-w- c:\windows\system32\es.dll
2009-09-19 11:44 . 2009-04-11 06:28 61440 ----a-w- c:\windows\system32\wscsvc.dll
2009-09-19 11:43 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-09-19 11:43 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-09-19 11:43 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-09-19 11:43 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-09-19 11:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-09-19 11:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-09-19 11:43 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-19 11:43 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-09-19 11:42 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-19 11:42 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-19 11:41 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-19 10:13 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-19 09:34 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-19 09:34 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-19 09:34 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-19 09:34 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-19 09:34 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-19 09:34 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-19 09:34 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-19 09:34 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-19 09:34 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-19 09:34 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-19 09:34 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-19 08:59 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-09-19 08:39 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-19 08:39 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-19 08:39 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-19 08:39 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-19 08:39 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-19 08:39 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-19 08:39 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-19 08:39 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-19 08:37 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-19 08:37 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-19 08:37 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-19 08:37 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-19 08:37 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-19 08:35 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-19 08:34 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-09-19 08:34 . 2009-04-11 06:28 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-09-19 08:34 . 2009-04-11 06:28 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-09-19 08:33 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-09-19 08:32 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-09-19 08:31 . 2009-07-18 11:35 828416 ----a-w- c:\windows\system32\wininet.dll
2009-09-19 08:31 . 2009-07-18 16:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-09-19 08:30 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-09-19 08:30 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-19 08:30 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-09-19 08:30 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-09-19 08:30 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-09-19 08:30 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-19 08:30 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-19 07:37 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-09-19 07:13 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-09-19 07:13 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-09-19 07:13 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 09:01 . 2009-03-03 09:29 673070 ----a-w- c:\windows\system32\perfh010.dat
2009-10-03 09:01 . 2009-03-03 09:29 125374 ----a-w- c:\windows\system32\perfc010.dat
2009-10-02 18:29 . 2009-03-03 01:44 -------- d-----w- c:\programdata\McAfee
2009-09-30 15:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-30 15:17 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-22 09:21 . 2009-09-22 09:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-09-22 09:20 . 2009-09-22 09:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-09-22 07:14 . 2009-03-03 02:47 -------- d-----w- c:\programdata\CyberLink
2009-09-21 05:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-21 05:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-21 05:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-21 05:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-21 05:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-18 18:03 . 2009-09-18 18:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-14 19:31 . 2009-09-14 19:31 -------- d-----w- c:\users\Guest\AppData\Roaming\PowerCinema
2009-09-14 19:30 . 2009-09-14 19:30 70176 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-09 16:48 . 2009-07-09 16:52 -------- d-----w- c:\program files\Acer
2009-09-09 16:48 . 2009-02-21 00:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-09 16:46 . 2009-09-09 16:46 -------- d-sh--we c:\programdata\Preferiti
2009-09-09 16:46 . 2009-09-09 16:46 -------- d-sh--we c:\programdata\Modelli
2009-09-09 16:46 . 2009-09-09 16:46 -------- d-sh--we c:\programdata\Menu Avvio
2009-09-09 16:46 . 2009-09-09 16:46 -------- d-sh--we c:\programdata\Documenti
2009-09-09 16:46 . 2009-09-09 16:46 -------- d-sh--we c:\programdata\Desktop
2009-09-09 16:46 . 2009-09-09 16:46 -------- d-sh--we c:\programdata\Dati applicazioni
2009-09-09 16:46 . 2009-09-09 16:46 -------- d-sh--we c:\program files\File comuni
2009-07-17 13:54 . 2009-09-19 08:36 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-11 19:01 . 2009-09-19 08:36 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-19 08:36 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-19 08:36 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-19 08:36 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-19 08:36 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-09 16:51 . 2009-07-09 16:52 855 ----a-w- c:\windows\regfile_I.cmd
2009-07-09 16:51 . 2009-07-09 16:52 256 ----a-w- c:\windows\regfile_E.cmd
2009-07-09 16:47 . 2009-07-09 16:46 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-07-09 16:41 . 2009-07-09 16:41 0 ----a-w- c:\windows\ativpsrm.bin
2009-07-08 11:44 . 2009-07-08 11:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-09 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-18 149280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-09-09 30192]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-09 645328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Arimondo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\Arimondo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):87,97,05,03,7d,3a,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-966093477-1798243618-2112350761-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E4E847AB-BDC8-4971-A5F1-817A090D9D78}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{896E5400-93C8-4A61-AEF6-C4F9BFD03815}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E154DDC9-97D6-4FEE-9143-157D739FFB7E}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{89A0E4EC-7477-4954-B2DF-B4CD571718A2}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{1FE248E7-9052-41EA-B9B3-81944F658052}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{19957F91-2E55-4CF7-9477-7A2452DF30D6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2963CD37-3128-414A-A3AF-E832BDE735C0}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{6D7A2188-1E2E-41C1-AC4F-A47CEE3C1A97}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{7B4B48AF-53E8-4130-9D95-C2A23661CDC9}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{51E2B4A0-56F4-4E56-94C4-5335397C383C}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{E877A9C0-A04F-42D5-8E24-91CD4842FA01}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{FEC773AB-89C2-4C03-BABC-EFB1E3E46B24}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [09/07/2009 19.01.32 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [09/07/2009 18.52.59 723488]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [21/01/2008 4.23.43 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [02/10/2009 20.29.02 206112]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [09/10/2008 16.47.12 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [09/10/2008 16.47.12 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [09/10/2008 16.47.12 59952]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [27/10/2008 12.05.28 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [11/04/2009 19.32.00 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23/09/2008 15.11.34 144632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25/09/2009 12.24.24 1153368]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04/09/2008 6.12.56 223232]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [09/07/2009 18.46.35 22072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 4.23.20 179712]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [09/09/2009 18.47.35 30192]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23/09/2008 15.11.32 50424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-03 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-02 19:26]

2009-10-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-02 19:26]

2009-10-02 c:\windows\Tasks\User_Feed_Synchronization-{68FC0B3C-5B6A-4CDB-9C02-B1AED4C6A54C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0709&m=aspire_5536
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 11:45
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-10-03 11.47.49
ComboFix-quarantined-files.txt 2009-10-03 09:47

Pre-Run: 209.169.645.568 byte disponibili
Post-Run: 208.576.536.576 byte disponibili

320 --- E O F --- 2009-10-03 05:38


meglio hijack o combo?

EDIT; durante la scansione mcafee mi ha rilevato che combo mi stava cambiando il registro di sistema, ho dato cmq l'ok, infine ora non trovo combofix installato, a parte il log e l'installer, e' normale?
Torna in alto
 
pokerdassi
Inviato: Wednesday, October 07, 2009 10:10:44 AM

Rank: AiutAmico

Iscritto dal : 8/31/2007
Posts: 3,448
Campa cavallo..........
Torna in alto
 
shapiro
Inviato: Wednesday, October 07, 2009 11:40:20 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
eccomi qui pokerdassi, non sono sparito, ho avuto un contrattempo

controlla se hai ancora quel problema che avevi all'inizio ed esegui questa scansione


apri hijackthis,clicca sul pulsante ''Do a system scan only'' premi "config''>>> "misc tools", metti la spunta sulla destra a "List also minor section(full)", premi il tasto "generate startuplist log", lascia lavorare il programma, allega a un post il log che sarà generato in un file di testo
Torna in alto
 
pokerdassi
Inviato: Thursday, October 08, 2009 7:55:43 AM

Rank: AiutAmico

Iscritto dal : 8/31/2007
Posts: 3,448
Ciao, non c'ho capito nulla con questo programma, ti allego alcuni screensots:
all'avvio di "DO A SYSTEM SCAN ONLY", ma lo fa' anche con scansione normale:




inoltre Hijack si ferma(non risponde) e poi riparte salvandomi il log con scansione normale, mentre proseguendo come te hai suggerito, esce:




infine





Sara' mcafee che combina sti' casini?


EDIT: ho eseguito come te hai suggerito eseguendo il tutto come amministratore( consigliato dallo screenshot, ho w. vista), ecco il risultato;

StartupList report, 08/10/2009, 7.59.15
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows Vista SP2 (WinNT 6.00.1906)
Detected: Internet Explorer v7.00 (7.00.6002.18005)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Users\Arimondo\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,


Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
StartCCC = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Skytel = C:\Program Files\Realtek\Audio\HDA\Skytel.exe
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PLFSetI = C:\Windows\PLFSetI.exe
PlayMovie = "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
LManager = C:\Program Files\Launch Manager\LManager.exe
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
EgisTecLiveUpdate = "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
CLMLServer = "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
BackupManagerTray = "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
ArcadeDeluxeAgent = "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
Acer ePower Management = C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mcagent_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey


Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ProductReg = "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
ehTray.exe = C:\Windows\ehome\ehTray.exe
swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe


Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=


Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\Windows\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\Windows\system32\ie4uinit.exe -UserIconConfig

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\Windows\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install


Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll


Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\Acer.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*


Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present


Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: *Registry key not found*
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: *Registry key not found*
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: *Registry key not found*
.wsh: *Registry key not found*
.scf: *Registry key not found*
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: *Registry key not found*


Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Editor del Registro di sistema'

Registry check failed!


Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll - {27B4851A-3207-45A2-B947-BE8AFE6163AB}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - (no file) - {5C255C8A-E604-49b4-9D64-90988571CECB}
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
(no name) - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll - {B164E929-A1B6-4A06-B104-2CD0E90A88FF}
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}


Enumerating Task Scheduler jobs:

McDefragTask.job
McQcTask.job
User_Feed_Synchronization-{68FC0B3C-5B6A-4CDB-9C02-B1AED4C6A54C}.job


Enumerating Download Program Files:

[Ovi maps browser plugin]
InProcServer32 = C:\Windows\Downloaded Program Files\OviMapsAX.dll
CODEBASE = http://static.s2g.gate5.de/ovi_maps/OviMaps_2.2.30.3.cab

[{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll


Enumerating Windows NT/2000/XP services

@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Ati External Event Utility: %SystemRoot%\system32\Ati2evxx.exe (autostart)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CLHNService: C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (autostart)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\dhcpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\ehome\ehstart.dll,-101: %windir%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\emdmgmt.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Acer ePower Service: C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (autostart)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
HsfXAudioService: %SystemRoot%\system32\svchost.exe -k HsfXAudioService (autostart)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\iphlpsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IrDA Protocol: system32\DRIVERS\irda.sys (autostart)
@%SystemRoot%\System32\irmon.dll,-2000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
UAC File Virtualization: \SystemRoot\system32\drivers\luafv.sys (autostart)
McAfee SiteAdvisor Service: "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" (autostart)
McAfee Services: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (autostart)
McAfee Network Agent: "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" (autostart)
McAfee Proxy Service: c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (autostart)
McAfee Real-time Scanner: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
McAfee Personal Firewall Service: "C:\Program Files\McAfee\MPF\MPFSrv.exe" (autostart)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
McAfee Anti-Spam Service: "C:\Program Files\McAfee\MSK\MskSrver.exe" (autostart)
mwlPSDFilter: system32\DRIVERS\mwlPSDFilter.sys (autostart)
mwlPSDNServ: system32\DRIVERS\mwlPSDNServ.sys (autostart)
mwlPSDVDisk: system32\DRIVERS\mwlPSDVDisk.sys (autostart)
MyWinLocker Service: C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe (autostart)
@%SystemRoot%\system32\netprof.dll,-246: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
NTI IScheduleSvc: C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (autostart)
NTI Backup Now 5 Scheduler Service: C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (autostart)
Parvdm: \SystemRoot\system32\drivers\parvdm.sys (autostart)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
PEAUTH: system32\drivers\peauth.sys (autostart)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (autostart)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
SBSD Security Center Service: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (autostart)
@%SystemRoot%\system32\schedsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\SLsvc.exe,-101: %SystemRoot%\system32\SLsvc.exe (autostart)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\System32\shsvcs.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (autostart)
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (autostart)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
@%systemroot%\system32\wuaueng.dll,-105: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
XAudio: system32\DRIVERS\XAudio32.sys (autostart)



Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Users\Arimondo\AppData\Local\Temp\021872~1.EXE||C:\Users\Arimondo\AppData\Local\Temp\~nsu.tmp\Au_.exe||C:\Users\Arimondo\AppData\Local\Temp\~nsu.tmp|||a


Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\system32\webcheck.dll

End of report, 20.284 bytes
Report generated in 0,266 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


e' cio' che mi hai chiesto?
forse sarebbe opportuno togliere mcafee a installare qualche altro antivirus, solo che mcafee mi protegge globalmente con la suite, in alternativa posso scaricare piu' protezioni, sbaglio?
Torna in alto
 
shapiro
Inviato: Thursday, October 08, 2009 10:31:47 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ma prima di mcafee avevi avg installato?

la prima schermata fa riferimento ai file hosts

http://www.geekstogo.com/forum/HijackThis-System-Denied-Access-to-Hosts-file-t217687.html

fai un po' di pulizia

scarica ccleaner
http://www.ccleaner.com
se non lo hai gia' installato, configuralo in questo modo

In fase d’installazione togli la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)

Fai anche una scansione supplementare

Scarica e installa malwarebytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.

per ora non rimuovere niente
Torna in alto
 
pokerdassi
Inviato: Thursday, October 08, 2009 10:52:18 AM

Rank: AiutAmico

Iscritto dal : 8/31/2007
Posts: 3,448
Avg mai avuto, ho mcafee perche' e' gratuito per 2 mesi( il notebook l'ho preso a settembre), malware-antimalware li ho gia' e spesso lo utilizzo(anche con scansione completa non mi da' nulla di malevolo), lo stesso per ccleaer, ultima pulizia ieri sera.

GEEKSTOGO cos'e'?

infine ero preoccupato vedendo il log postato che molti chiave di reg. non ci sono, motivo?

quando faccio una pulizia completa co ccleaner e uso malware mi si disinstalla mcaffe, quindi lo devo reinstallare.

cmq i programmi li ho gia' installati , postero' i log.

EDIT, con l'indirizzo geektogo cosa devo fare?
Torna in alto
 
shapiro
Inviato: Thursday, October 08, 2009 10:58:04 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ma da dove esce questo ''GEEKSTOGO '' adesso? Sick

la scansione che ti ho fatto fare e' similare a quella di hjt, evidenzia qualcosina in piu'

se accetti un consiglio, installa avira free
Torna in alto
 
pokerdassi
Inviato: Thursday, October 08, 2009 2:46:52 PM

Rank: AiutAmico

Iscritto dal : 8/31/2007
Posts: 3,448
Geekstogo lo hai postato sopra; http://www.geekstogo.com/forum/HijackThis-System-Denied-Access-to-Hosts-file-t217687.html
perche' hai chiesto se avevo AVG?
le chiavi not found sono un problema?
ecco il log di malware-antimalware, anche se a fine scansione mi ha mandato mcafee in tilt( l'ho dovuto reinstallare) ma mettero' avira;

Malwarebytes' Anti-Malware 1.41
Versione del database: 2922
Windows 6.0.6002 Service Pack 2

08/10/2009 12.23.21
mbam-log-2009-10-08 (12-23-21).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 207723
Tempo trascorso: 1 hour(s), 2 minute(s), 29 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Users\Arimondo\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.

Ha trovato un elemento malevolo che si trovava in un programma installato ieri ma subito rimosso perche' non funzionava.

EDIT; allora disinstallo mcafee( che pero' e' un asuite completa di sicurezza), quindi installo, AVIRA come antivrus, poi come anti-spyare, firewall e altri programmi di sicurezza cosa consigli visto che resto con malware-antimalware e ccleaner che non danno sicurezza in tempo reale?

grazie
Torna in alto
 
shapiro
Inviato: Thursday, October 08, 2009 3:58:41 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
Geekstogo lo hai postato sopra; http://www.geekstogo.com/forum/HijackThis-System-Denied-Access-to-Hosts-file-t217687.html


si avevo messo il link per farti vedere a cosa era riferito quella finestra di hijackthis che ti e' apparsa

in questo caso ti viene segnalato che il programma non ha l'accesso al file hosts, probabilmente perchè non e' stato eseguito dall'aministratore del pc - l'ultima versione di hjt ha anche questa funzionalita'

va bene per la scansione con malwarebytes- per favore postami un log di hjt


come antispyware io uso spyware terminator, con la protezione in tempo reale lo trovo un ottimo abbinamento ad avira

qui puoi scegliere gli altri ''prodotti'' offerti dalla casa

http://software.aiutamici.com/software?ID=10831
Torna in alto
 
pokerdassi
Inviato: Thursday, October 08, 2009 4:22:27 PM

Rank: AiutAmico

Iscritto dal : 8/31/2007
Posts: 3,448
Sull'altro pc uso avast e pc tools firewall plus( i pare che cosi' si chiama, cmq postato sul sito), poi ho malware-anti....., spybot, ccleaner, cmq si disinstallo mcafee anche perche' tra un mese scadono i 2 mesi di prova e dovrei comprarlo, ma non ne vale la pena)
ecco il log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.16.10, on 08/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Arimondo\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0709&m=aspire_5536
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_2.2.30.3.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9824 bytes

SI che mi appoggio gratis su' un hotspot, ma oggi e' lentissima sta' connessione, con adsl speed test arriva a 400kbps, di solito e' 640.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi controllate il lg di hijack per favore


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.