Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

InnoSetupRegFile.0000000001 [risolto] Opzioni
iracondo
Inviato: Saturday, April 10, 2010 2:59:19 AM

Rank: AiutAmico

Iscritto dal : 7/11/2009
Posts: 850
Ciao ragazzi è parecchio che non vengo a chiedere aiuto in questa sezione e la cosa non mi dispiaceva per niente, non che non abbia piacere di leggervi ( lo faccio quasi tutti i giorni) ma un conto è leggervi e l'altro e chiedervi aiuto.
Espongo il problema, oggi sono entrato in XP per fare delle cose e come ogni volta che sto per chiudere tutto ho fatto il mio solito giretto con i vari programmi di pulizia e controllo (CCleaner,Mbam,Avast5,Revounistaller). Con quest'ultimo ho riscontrato una cosa che non ho capito da dove sia saltata fuori ne come, la cosa di cui parlo è quella dell'oggetto del post InnoSetupRegFile.0000000001 che è tra i programmi ad avvio automatico come si evince dalla figura




Vi allego anche un log di HJt.

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.49.27, on 10/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Trust\MI-4520T Wireless Optical Tilt Mouse\moffice.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Trust\MI-4520T Wireless Optical Tilt Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Flock\flock.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Trust\MI-4520T Wireless Optical Tilt Mouse\moffice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "C:\Programmi\Malwarebytes' Anti-Malware\mbamext.dll"
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-L4L3E.exe" /REG
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261715495468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261715479468
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D3E191-D5E4-442E-8C11-4FD6D550EE7C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{50D3E191-D5E4-442E-8C11-4FD6D550EE7C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{50D3E191-D5E4-442E-8C11-4FD6D550EE7C}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6855 bytes


Come si nota dalla figura, dopo aver effettuato la scansione con Hjt. ho tolto la spunta a Innosetup in attesa che voi mi sappiate dare delle delucidazioni in merito.
Sono venuto a postare nella sezione sicurezza perchè da quel che ho potuto capire (ben poco) cercando in rete non è nulla di buono.
Grazie del'aiuto
Sponsor
Inviato: Saturday, April 10, 2010 2:59:19 AM

 
meme1580
Inviato: Saturday, April 10, 2010 8:16:46 AM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170
la chiave "RunOnce" dovrebbe sparire al primo riavvio e la voce [InnoSetupRegFile.0000000001] indica appunto che è stata aggiunta dal setup.
Quindi quando riaccendi il pc non dovrebbero esserci.
iracondo
Inviato: Saturday, April 10, 2010 12:44:35 PM

Rank: AiutAmico

Iscritto dal : 7/11/2009
Posts: 850
Confermo quanto detto da meme1580, al riavvio oggi InnoSetupRegFile.0000000001 non è presente. Allego nuovamente un log di Hjt giusto per sicurezza.Grazie

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.41.30, on 10/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\Trust\MI-4520T Wireless Optical Tilt Mouse\moffice.exe
C:\Programmi\Trust\MI-4520T Wireless Optical Tilt Mouse\MOUSE32A.DAT
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Flock\flock.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Trust\MI-4520T Wireless Optical Tilt Mouse\moffice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261715495468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261715479468
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D3E191-D5E4-442E-8C11-4FD6D550EE7C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{50D3E191-D5E4-442E-8C11-4FD6D550EE7C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{50D3E191-D5E4-442E-8C11-4FD6D550EE7C}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6377 bytes
meme1580
Inviato: Saturday, April 10, 2010 1:01:04 PM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170
il log è pulito
speedy63
Inviato: Saturday, April 10, 2010 1:09:31 PM

Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 1,321
ciao iracondo leggi qui O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-JVMCU.exe" /REG

http://forum.wininizio.it/index.php?showtopic=75523

segui le istruzioni nel link
iracondo
Inviato: Saturday, April 10, 2010 4:10:26 PM

Rank: AiutAmico

Iscritto dal : 7/11/2009
Posts: 850
speedy63 ha scritto:
ciao iracondo leggi qui O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-JVMCU.exe" /REG

http://forum.wininizio.it/index.php?showtopic=75523

segui le istruzioni nel link


grazie anche a te speedy, praticamente nel link che mi hai segnalato dicono la stesa cosa che ha detto meme.
Grazie
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.