Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Potreste controllarmi il log? Grazie

2 pages: [1] 2
Potreste controllarmi il log? Grazie Opzioni
Topic Precedente · Topic Sucessivo
nanomalo
Inviato: Friday, September 19, 2008 5:44:37 PM
Rank: Newbie

Iscritto dal : 9/19/2008
Posts: 0
Qualcuno potrebbe controllarmi il log che penso sia un disastro? mi aiutereste a risolvere gli eventuali problemi? Chiedo anche un consiglio su cm rendermi bene o male sicuro efficientemente da queste minacce. Grazie mille per l'attenzione ed il disturbo Anxious

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.32.30, on 19/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Qliner Hotkeys\HotKeys.exe
C:\Windows\faceback.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Twain\Twain.exe
C:\Users\nano\AppData\Roaming\SpeedRunner\SpeedRunner.exe
C:\Users\nano\AppData\Roaming\Microsoft\Windows\ejfpbcg.exe
C:\Program Files\GetPack\GetPack21.exe
C:\Users\nano\AppData\Roaming\?ppPatch\mmc.exe
C:\Program Files\?ppPatch\w?aclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\TuneUp Utilities 2008\Integrator.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\notepad.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {038AEE53-CB94-4EA2-8480-217918806B47} - C:\Windows\system32\hxmvpkjq.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: (no name) - {235B90D6-CB93-40A6-8F1A-AF422ADA9637} - C:\Windows\system32\tuvtTMCv.dll
O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Program Files\OINAnalytics\OINAnalytics.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7A5147CD-DB3B-4B88-85C5-69E28DE0D91D} - C:\Windows\system32\cbXNEWoo.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {6c9b13db-0705-7629-0b24-84092731b5fa} - {af5b1372-9048-42b0-9267-5070bd31b9c6} - C:\Windows\system32\cayjyr.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: (no name) - {DF30EE3F-26AB-0959-FF3A-7FA295CF42E5} - C:\Windows\system32\uuwcngex.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [00Hotkeys] "C:\Program Files\Qliner Hotkeys\HotKeys.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvtTMCv.dll,#1
O4 - HKLM\..\Run: [spc1000] C:\Windows\vspc1000.exe
O4 - HKLM\..\Run: [BM2568805f] Rundll32.exe "C:\Windows\system32\ujreaxri.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Users\nano\AppData\Roaming\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Users\nano\AppData\Roaming\Microsoft\Windows\ejfpbcg.exe
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - HKCU\..\Run: [Ieuu] "C:\Users\nano\AppData\Roaming\PPPATC~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldit-it.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD6BDA61-D794-431E-95CA-EB43952B2C50}: NameServer = 151.99.125.2,125.99.125.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: cayjyr.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 10239 bytes



Grazie ancora
Torna in alto
 
Sponsor
Inviato: Friday, September 19, 2008 5:44:37 PM

 
Torna in alto
 
r16
Inviato: Friday, September 19, 2008 6:23:06 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Si è un macello........Anxious
DEVI INSTALLARE IMMEDIATAMENTE UN ANTIVIRUS.
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema
Quando hai disattivato il ripristino configurazione di sistema, Spegni, e Avvia il pc.( è importante questa operazione)
Scarica VIRIT : (per il momento, poi ti consiglierò un antivirus definitivo)
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai 2 scansioni .
Posta anche il log.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223

Proviamo a eliminare alcune fetecchie in automatico.
Scarica: Malwarebytes' Anti-MalwareMalwarebyte e salvalo sul desktop (o dove vuoi tu). : http://www.besttechie.net/tools/mbam-setup.exe

Doppio click sull'icona di mbam-setup.exe che hai salvato,e procedi con l'installazione

Assicurati che ci siano entrambi i segni di spunta su :Aggiorna Malwarebytes' Anti-Malware e Avvia, e clicca Fine
Al primo avvio, ti comparirà un messaggio di benvenuto, Assicurati che il collegamento Internet sia attivo e clicca OK
Attendi la fine dell'aggiornamento.
Compare la schermata principale.
Clicca Scansiona
Potrebbe volerci parecchio tempo,(dipende quanto è infettato il pc) quindi bisogna avere un pò di pazienza.

Al termine della scansione, clicca OK

Assicurati che tutti i files evidenziati siano selezionati e clicca Rimuovi Selezionati

Quando la disinfezione sarà completata, verrà aperto Notepad con il risultato dell'operazione .
Postalo qui.
RIAVVIA IL PC.
********************************************************************************************************
Esegui ALLA LETTERA queste indicazioni:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .Sempre in questo topic.
Torna in alto
 
nanomalo
Inviato: Monday, September 22, 2008 3:49:59 PM
Rank: Newbie

Iscritto dal : 9/19/2008
Posts: 0
Grazie per la tempestività e gli aiuti inanzitutto Applause , posto i log uno alla volta nell'ordine da te consigliato.

VirIT eXplorer Lite Log


=================================================
SCANSIONE NUMERO 1
=================================================



[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
19/09/2008 - 18:50:17

[SCANSIONE DEL REGISTRO]
{15421B84-3488-49A7-AD18-CBF84A3EFAF6} Infetto da BHO.CPV.A
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Users\nano\AppData\Local\Temp\tmp000069c9 Infetto da Trojan.Win32.Vundo.EU
* * * RIMOSSO * * *
C:\Users\nano\AppData\Local\Temp\tmp00006c78 Infetto da Trojan.Win32.Vundo.EU
* * * RIMOSSO * * *
C:\Users\nano\AppData\Local\Temp\tmp00006c87 Infetto da Trojan.Win32.Vundo.EU
* * * RIMOSSO * * *
C:\Users\nano\AppData\Local\Temp\tmp00006d14 Infetto da Trojan.Win32.Vundo.EU
* * * RIMOSSO * * *
C:\Users\nano\AppData\Local\Temp\tmp0000868d Infetto da Trojan.Win32.Vundo.EU
* * * RIMOSSO * * *
C:\Users\nano\AppData\Local\Temp\tmp00008a92 Infetto da Trojan.Win32.Vundo.EU
* * * RIMOSSO * * *
C:\Users\nano\AppData\Local\Temp\tmp00009433 Infetto da Trojan.Win32.Vundo.EU
* * * RIMOSSO * * *
C:\Users\nano\AppData\Local\Temp\tmp0000958a Infetto da Trojan.Win32.Vundo.EU
* * * RIMOSSO * * *
C:\Users\nano\AppData\Local\Temp\tmp00009951 Infetto da Trojan.Win32.Vundo.EU
* * * RIMOSSO * * *
C:\Users\nano\AppData\Local\Temp\tmp0000aeb5 Infetto da Trojan.Win32.Vundo.EU
* * * RIMOSSO * * *
C:\Users\nano\AppData\Local\Temp\tmp000178b7 Infetto da Trojan.Win32.Vundo.EU
* * * RIMOSSO * * *
C:\Windows\System32\iifgeDUM.dll Infetto da Trojan.Win32.Vundo.EU
Il file sarà spostato nella cartella di quarantena.
C:\Windows\System32\rqRKEUlk.dll Infetto da Trojan.Win32.Vundo.EU
* * * RIMOSSO * * *
C:\Windows\System32\uuwcngex.dll Infetto da BHO.NDrv.Gen
* * * RIMOSSO * * *

Chiavi Registro infette: 1.
Files Infetti: 14.
Files Sospetti: 0.
Files Analizzati: 221378.
Files Totali: 221378.
Chiavi Registro rimosse: 1.
Virus Rimossi: 13.

Adesso puoi RIAVVIARE il computer per spostare il file nella cartella di quarantena.
[SCANSIONE DELLA MEMORIA]
OK






=================================================
SCANSIONE NUMERO 2
=================================================


19/09/2008 - 20:34:28

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\QUARANTENA_VIRIT\iifgeDUM.dll Infetto da Trojan.Win32.Vundo.EU
* * * RIMOSSO * * *

[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[E:]


[F:]
BOOT SECTOR: OK


[G:]
BOOT SECTOR: OK


[H:]
BOOT SECTOR: OK


[I:]
BOOT SECTOR: OK


[L:]


Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 230978.
Files Totali: 230978.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.

[SCANSIONE DELLA MEMORIA]
OK
Torna in alto
 
nanomalo
Inviato: Monday, September 22, 2008 3:50:30 PM
Rank: Newbie

Iscritto dal : 9/19/2008
Posts: 0
=====================================================
LOG CCleaner dopo pulizia
=====================================================


ANALISI COMPLETATA - (0.322 sec)
0 byte da rimuovere. (circa)
Cancellazione sicura attivata - Sovrascrittura semplice (1 passaggio)
Torna in alto
 
nanomalo
Inviato: Monday, September 22, 2008 3:51:44 PM
Rank: Newbie

Iscritto dal : 9/19/2008
Posts: 0
Malwarebytes' Anti-Malware 1.28
Versione del database: 1177
Windows 6.0.6000

19/09/2008 23.37.42
mbam-log-2008-09-19 (23-37-42).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 240312
Tempo trascorso: 1 hour(s), 25 minute(s), 34 second(s)

Processi delle memoria infetti: 4
Moduli della memoria infetti: 6
Chiavi di registro infette: 38
Valori di registro infetti: 8
Elementi dato del registro infetti: 2
Cartelle infette: 12
File infetti: 71

Processi delle memoria infetti:
C:\Program Files\Twain\Twain.exe (Adware.Agent) -> Unloaded process successfully.
C:\Users\nano\AppData\Roaming\SpeedRunner\SpeedRunner.exe (Adware.SpeedRunner) -> Unloaded process successfully.
C:\Users\nano\AppData\Roaming\Microsoft\Windows\ejfpbcg.exe (Trojan.Vundo) -> Unloaded process successfully.
C:\Program Files\GetPack\GetPack21.exe (Trojan.Agent) -> Unloaded process successfully.

Moduli della memoria infetti:
C:\Windows\System32\cbXNEWoo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\oabddchp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\cmmgxqji.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\pxdnoo.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\hxmvpkjq.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Delete on reboot.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf4bcfc6-b3ac-4031-8239-a3463a1eafaf} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{cf4bcfc6-b3ac-4031-8239-a3463a1eafaf} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fda3dcc3-853a-49a8-9e04-ec867b9b1b32} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fda3dcc3-853a-49a8-9e04-ec867b9b1b32} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038aee53-cb94-4ea2-8480-217918806b47} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{038aee53-cb94-4ea2-8480-217918806b47} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oinanalytics (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\265bb3c3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm2568805f (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\twain (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\speedrunner (Adware.SpeedRunner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wip (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack21 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ieuu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxnewoo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxnewoo -> Delete on reboot.

Cartelle infette:
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Twain (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Users\nano\AppData\Roaming\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

File infetti:
C:\Windows\System32\cbXNEWoo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\ooWENXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ooWENXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\pxdnoo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\idrayhfk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\kfhyardi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\iifgEuRl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lRuEgfii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lRuEgfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJCsQKB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\BKQsCJjl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\BKQsCJjl.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\oabddchp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\phcddbao.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\rqrQkIcA.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\AcIkQrqr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\AcIkQrqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\urqOEvUm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mUvEOqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mUvEOqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\hxmvpkjq.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Windows\System32\cmmgxqji.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Twain\Twain.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\nano\AppData\Roaming\SpeedRunner\SpeedRunner.exe (Adware.SpeedRunner) -> Quarantined and deleted successfully.
C:\Users\nano\AppData\Roaming\Microsoft\Windows\ejfpbcg.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Users\nano\AppData\Roaming\?ppPatch\mmc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics\OINAnalytics.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle3050OinAdmin.exe (Adware.Yazzle) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle3050OinUninstaller.exe (Adware.Yazzle) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\Webtools\webtools.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\iCheck.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Users\nano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B4VMOS5\upd105320[2] (Trojan.Vundo) -> Delete on reboot.
C:\Users\nano\AppData\Roaming\SpeedRunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Windows\b148.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\b157.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\faceback.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\ljsyncpj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\afpsppbb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cayjyr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\dkqvkqal.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\frfmysvk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jmptoahf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jnjvyq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\kuppdavk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mgwuuftj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\njrmbg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rbrhkcxs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tktkxoww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ujreaxri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vlijrjnb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\zuvnsy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\huqhgsvw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qahejcvr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrBlock\xtarga.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\GetPack21.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Users\nano\AppData\Roaming\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Windows\b128.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\b161.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Torna in alto
 
nanomalo
Inviato: Monday, September 22, 2008 3:52:17 PM
Rank: Newbie

Iscritto dal : 9/19/2008
Posts: 0
ComboFix 08-09-20.05 - nano 2008-09-22 15.39.54.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1040.18.2447 [GMT 2:00]
Eseguito da: C:\Users\nano\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
C:\Program Files\Mozilla Firefox\patch.exe
C:\Program Files\pppatc~1
C:\Program Files\pppatc~1\w?aclt.exe
C:\Users\nano\AppData\Local\Microsoft\Windows\Temporary Internet Files\bestwiner.stt
C:\Users\nano\AppData\Roaming\PPPATC~1
C:\Users\nano\AppData\Roaming\PPPATC~1\?ppPatch\
C:\Users\nano\AppData\Roaming\PPPATC~1\mmc.exe
C:\Users\nano\Documents\SMANTE~1
C:\Windows\system32\actskn43.ocx
C:\Windows\system32\ensgrori.ini
C:\Windows\system32\jusched.exe
C:\Windows\system32\vflxeelr.ini
C:\Windows\system32\xcfrapjy.ini

.
((((((((((((((((((((((((( Files Creati Da 2008-08-22 al 2008-09-22 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 13:38 --------- d-----w C:\Users\nano\AppData\Roaming\Skype
2008-09-22 13:14 --------- d-----w C:\Program Files\Mirc
2008-09-22 13:01 --------- d-----w C:\Users\nano\AppData\Roaming\skypePM
2008-09-19 20:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 20:07 --------- d-----w C:\Users\nano\AppData\Roaming\Malwarebytes
2008-09-19 20:07 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-19 16:45 40,960 ----a-w C:\Windows\system32\drivers\VIRAGTLT.SYS
2008-09-19 15:32 --------- d-----w C:\Program Files\Trend Micro
2008-09-18 21:09 --------- d-----w C:\Program Files\Manage PC Shut Down
2008-09-18 17:40 --------- d-----w C:\Program Files\eMule
2008-09-18 17:28 --------- d-----w C:\Users\nano\AppData\Roaming\uTorrent
2008-09-17 19:52 --------- d-----w C:\Program Files\BearShare
2008-09-17 19:16 --------- d-----w C:\Program Files\Soulseek
2008-09-16 18:57 --------- d-----w C:\ProgramData\DFX
2008-09-16 18:57 --------- d-----w C:\Program Files\DFX
2008-09-16 18:57 --------- d-----w C:\Program Files\Common Files\DFX
2008-09-11 13:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 19:26 --------- d-----w C:\Users\nano\AppData\Roaming\Spore
2008-09-10 19:03 --------- d-----w C:\Program Files\Electronic Arts
2008-09-10 16:05 --------- d-----w C:\Users\nano\AppData\Roaming\Joost
2008-09-10 15:45 --------- d-----w C:\Program Files\RadarSync
2008-09-10 15:39 --------- d-----w C:\Program Files\Joost
2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-09 19:42 --------- d-----w C:\Program Files\MagicISO
2008-09-09 19:29 355,584 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-09-09 19:29 --------- d-----w C:\Users\nano\AppData\Roaming\TuneUp Software
2008-09-09 19:29 --------- d-----w C:\ProgramData\TuneUp Software
2008-09-09 19:29 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-09 19:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-08 13:31 --------- d-----w C:\ProgramData\Skype
2008-09-08 13:31 --------- d-----w C:\Program Files\Skype
2008-09-08 13:31 --------- d-----w C:\Program Files\Common Files\Skype
2008-09-08 13:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-27 16:44 --------- d-----w C:\Program Files\RelevantKnowledge
2008-08-27 11:07 --------- d-----w C:\Program Files\CD Mp3 Extractor
2008-08-27 11:04 --------- d-----w C:\Program Files\Wave 2 Mp3
2008-08-27 10:51 --------- d-----w C:\Program Files\SoftwareClub.ws
2008-08-25 11:45 --------- d-----w C:\Program Files\Halto
2008-08-25 11:35 --------- d-----w C:\ProgramData\Apple Computer
2008-08-25 10:09 --------- d-----w C:\Program Files\Apple Software Update
2008-08-25 10:08 --------- d-----w C:\Users\nano\AppData\Roaming\Apple Computer
2008-08-25 10:07 --------- d-----w C:\Program Files\Bonjour
2008-08-25 10:06 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-23 15:50 --------- d-----w C:\ProgramData\Roxio
2008-08-19 12:53 --------- d-----w C:\Users\nano\AppData\Roaming\Builder
2008-08-19 12:50 --------- d-----w C:\Users\nano\AppData\Roaming\qliner
2008-08-19 12:40 --------- d-----w C:\Program Files\Qliner Hotkeys
2008-08-16 01:36 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-15 15:17 --------- d---a-w C:\ProgramData\TEMP
2008-08-15 13:35 --------- d-----w C:\Users\nano\AppData\Roaming\TeraCopy
2008-08-14 23:10 --------- d-----w C:\Program Files\Mass Effect
2008-08-14 23:05 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-14 23:05 --------- d-----w C:\Program Files\Common Files\BioWare
2008-08-14 10:08 --------- d-----w C:\Program Files\Empire Interactive
2008-08-14 09:19 --------- d-----w C:\Program Files\NeroInstall.bak
2008-08-14 09:17 --------- d-----w C:\Users\nano\AppData\Roaming\Nero
2008-08-14 09:15 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-14 09:12 --------- d-----w C:\ProgramData\Nero
2008-08-14 09:12 --------- d-----w C:\Program Files\Nero
2008-08-14 08:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 08:13 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-08-14 07:45 --------- d-----w C:\Program Files\Extension Changer
2008-08-13 21:52 --------- d-----w C:\Users\nano\AppData\Roaming\Microsoft Games
2008-08-06 09:39 --------- d-----w C:\Program Files\CCleaner
2008-08-06 09:08 --------- d-----w C:\Program Files\Mp3 File Editor
2008-08-06 09:04 --------- d-----w C:\Program Files\Game Graphic Studio
2008-08-04 22:28 174 --sha-w C:\Program Files\desktop.ini
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:55 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-07-15 23:53 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-07-15 23:53 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-07-08 22:49 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-03 13:26 22,328 ----a-w C:\Users\nano\AppData\Roaming\PnkBstrK.sys
2008-05-13 15:06 0 ----a-w C:\Users\nano\AppData\Roaming\wklnhst.dat
2008-05-15 18:38 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"00Hotkeys"="C:\Program Files\Qliner Hotkeys\HotKeys.exe" [2006-12-02 45056]
"spc1000"="C:\Windows\vspc1000.exe" [2007-07-12 675840]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-09-19 245760]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pxdnoo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-11-06 20:00 8530464 C:\Windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-06 20:00 81920 C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-11-06 20:00 86016 C:\Windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
--a------ 2007-04-07 02:56 54936 C:\Windows\System32\jureg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 14:36 201728 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"265bb3c3"=rundll32.exe "C:\Windows\system32\idrayhfk.dll",b
"runner1"=C:\Windows\faceback.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-706010174-775629330-2711164088-1001]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{06CA90DE-DFB3-4B43-91D3-1B389F234F16}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{70B69435-A063-4796-96D8-07F97B0BD198}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{E0EE8557-CAB9-47DC-B918-D1C83513B918}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{A9A72485-CFF3-4D61-A690-53C0C5D58487}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{0D9B9856-91E9-477D-BDE7-402B0252F4F7}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{8D4A32BF-3947-4945-8816-75EC9390C8F0}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{68B74467-C34B-408C-B081-4FE0EFFE93AE}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{A4D2ECCE-8EBB-4961-B5C8-80086B09692D}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{273F4132-6DD9-4C8B-AFD7-4137707CBDAE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3710DC32-2022-49A5-8962-2380D17EFE74}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{601984F3-ED3B-4EBF-857B-5CF6722C9ED2}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{EE2A7586-9463-4931-9708-38C6BB66AD75}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{1B268FC8-0D75-4F9A-92FB-674DA61F743B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{D40C0DB1-31C5-4334-9ECB-4419EF0E30EF}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{AEC378CC-15F6-4D11-8236-63F6C7ABA5A9}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{4D8F3937-5FD0-463D-B68C-4BA61CEDC64E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{801F2A47-4F36-4E8F-92B2-5C324E22B6FC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{64787C58-87BD-48E7-811A-0A7CFCFAEB44}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{63C282B8-C9D5-4FD7-A5D9-577A6CCF9C52}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6E5630CF-22EA-4E67-A7C9-C9AE9C1E8180}"= UDP:J:\Call Of Duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{5CFFB5CF-845C-459F-A0A2-FE332897EA8C}"= TCP:J:\Call Of Duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{9D875CA3-885B-4D0D-B6C7-928A4BAF12B3}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC Modified By momo
"UDP Query User{EA868FAA-BD0B-4702-8C0B-63D62ECAD105}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC Modified By momo
"{992C7955-D431-4192-A49A-2057FB9AB92B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5F41B3CD-928D-49CF-B64F-6DC5B7576F73}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9A4CA484-94F0-473B-93C1-6B0B56CE0366}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AF88BD36-EAED-4B29-BEC7-3FBFC4778512}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BCD8C334-C070-4561-9FE5-1494DE78B45C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{CE3260F3-6B8D-4677-B63C-56D305185556}K:\\pc games\\call of duty 4\\iw3mp.exe"= UDP:K:\pc games\call of duty 4\iw3mp.exe:iw3mp
"UDP Query User{FF4D29D4-80E0-4466-AF1D-EBFD1DD9D4DE}K:\\pc games\\call of duty 4\\iw3mp.exe"= TCP:K:\pc games\call of duty 4\iw3mp.exe:iw3mp
"{4AF0EDFA-051F-4B8E-9058-F33346348614}"= UDP:K:\PC Games\Assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{B1C0276E-FC80-47B1-8521-EEF666DC1D72}"= TCP:K:\PC Games\Assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{ED214AD5-0908-41D1-855D-4C23CB27A70F}"= UDP:K:\PC Games\Assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{E479653C-C880-452B-9C98-7A1076AD934A}"= TCP:K:\PC Games\Assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{937E1C34-3E26-46F3-99C6-AEC9B2C0AA8B}"= UDP:K:\PC Games\Assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{6F1BF479-8EF7-4AD0-8C92-4E48F8C162AC}"= TCP:K:\PC Games\Assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{3117FF2F-4959-4E7C-A0D1-AE55FFE86DE9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5A4B6363-8FE8-4ED4-AE7A-99663E583735}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{CD160638-AC91-45B5-84C3-5F1B0FFA2F5D}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{C4A2A781-C6E9-4E49-BDE7-D488F3ACD510}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek
"{133C210F-FAC4-4EEC-9DAF-EEED67503B8B}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D35BED55-E1F2-4600-94FD-870926213ECD}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{3142A81D-7B54-435D-8127-7C804DE6FC5A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{8D654DEF-6FC0-4063-864C-5DC8E311DB3D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{DA06289E-E574-4FB2-B0D1-8CCCD3016C8D}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{59971F91-9B73-4089-AB16-D787A99714BF}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{089BAB57-7050-4589-9D91-2764A3DD72D5}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{CD758429-19AC-4C0C-930F-AE886EBF66BE}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{ED852766-F7F8-46C6-90F3-DB3FDFC84142}"= UDP:C:\Program Files\Codemasters\GRID\GRID.exe:GRID
"{30CCF783-7C0E-40AA-B4CD-16B38E8ACBFD}"= TCP:C:\Program Files\Codemasters\GRID\GRID.exe:GRID
"{F933E3CA-46AC-4EED-A561-2932FBCE262D}"= UDP:C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"{9F2DB86E-FD73-47D4-B695-419910759C26}"= TCP:C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"{E3FEB3A4-9ABC-4E82-98D2-BB37A86F7BE1}"= UDP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{EE66E242-44B3-4B6B-94A5-5B577A41578C}"= TCP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{646AA354-DC50-4D8C-B830-D7A9B03A32B7}"= UDP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{B68FB2B4-BD11-4B78-B8B9-C7752A5A5EDF}"= TCP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{293F0C05-A92D-4022-8109-477BA51C1695}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{20E19FF6-41E7-400B-9F6C-EB7BB7491D5C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4F479F5E-52C8-4906-BD69-03E4BD4413BF}"= UDP:C:\Windows\Temp\~os4663.tmp\ossproxy.exe:ossproxy.exe
"{A018893C-1CD2-4F88-B69C-60BDF9801018}"= UDP:C:\Program Files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{014CF23C-C320-4E45-A76A-7E46A4E7B3B5}"= TCP:C:\Program Files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{2FA5F7F4-6AE9-467C-92EA-AB0C22F2CA1B}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{EA59BD23-EE3E-415F-82C4-5D7F155ADE30}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{807911C6-1296-4F20-87D0-C74458D007E6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{064E2CE2-7AD2-466E-BF48-D304AED3C1F4}"= Disabled:UDP:C:\Program Files\Joost\xulrunner\tvprunner.exe:tvprunner
"{4E6668FC-2747-490E-BFAD-187338A05600}"= Disabled:TCP:C:\Program Files\Joost\xulrunner\tvprunner.exe:tvprunner

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 VIRAGTLT;VIRAGTLT;C:\Windows\system32\drivers\VIRAGTLT.SYS [2008-09-19 40960]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 RelevantKnowledge;RelevantKnowledge;C:\Program Files\RelevantKnowledge\rlservice.exe [2008-04-24 45056]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-09-19 57344]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-05-11 329728]
R3 phaudlwr;Philips Audio Filter;C:\Windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
R3 SPC1000;USB2.0 PC Camera (SPC1000);C:\Windows\system32\DRIVERS\spc1000.sys [2007-12-04 3033728]
S2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-09-09 355584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - 80avp08.com
\shell\explore\Command - 80avp08.com
\shell\open\Command - 80avp08.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{732a1e32-9987-11db-a3ac-806e6f6e6963}]
\shell\AutoRun\command - E:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a4e8696-2805-11dd-b28a-001d60e068f3}]
\shell\AutoRun\command - L:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3906ce2-1b6b-11dd-9e86-001d60e068f3}]
\shell\AutoRun\command - ntde1ect.com
\shell\explore\Command - ntde1ect.com
\shell\open\Command - ntde1ect.com

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{235B90D6-CB93-40A6-8F1A-AF422ADA9637} - C:\Windows\system32\iifgeDUM.dll
BHO-{DF30EE3F-26AB-0959-FF3A-7FA295CF42E5} - C:\Windows\system32\uuwcngex.dll
ShellExecuteHooks-{235B90D6-CB93-40A6-8F1A-AF422ADA9637} - C:\Windows\system32\iifgeDUM.dll
MSConfigStartUp-ABClose - C:\Program Files\Okoker Shutdown Expert\Okoker Shutdown Expert.exe
MSConfigStartUp-Steam - C:\Program Files\Steam\Steam.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\nano\AppData\Roaming\Mozilla\Firefox\Profiles\gv0wwydg.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 15:42:08
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-09-22 15:42:48
ComboFix-quarantined-files.txt 2008-09-22 13:42:39

Pre-Run: Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
Post-Run: 313,811,865,600 byte disponibili

314 --- E O F --- 2008-08-16 01:36:41
Torna in alto
 
nanomalo
Inviato: Monday, September 22, 2008 3:53:07 PM
Rank: Newbie

Iscritto dal : 9/19/2008
Posts: 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.46.40, on 22/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\hp\KBD\KbdStub.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Qliner Hotkeys\HotKeys.exe
C:\Windows\vspc1000.exe
C:\VEXPLITE\MONLITE.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [00Hotkeys] "C:\Program Files\Qliner Hotkeys\HotKeys.exe"
O4 - HKLM\..\Run: [spc1000] C:\Windows\vspc1000.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldit-it.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD6BDA61-D794-431E-95CA-EB43952B2C50}: NameServer = 151.99.125.2,125.99.125.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: pxdnoo.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 7956 bytes
Torna in alto
 
r16
Inviato: Monday, September 22, 2008 9:33:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Guarda....... con tutte le infezioni che i software ti hanno levato, è un miracolo che il pc non sia scoppiato Anxious
Hai anche un virus in una chiavetta USB.
Per levarlo, leggi bene questo topic:
http://forum.aiutamici.com/Default.aspx?g=posts&t=52446
*********************************************************************************************************
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
ci incolli il codice scritto in rosso, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{732a1e32-9987-11db-a3ac-806e6f6e6963}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a4e8696-2805-11dd-b28a-001d60e068f3}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3906ce2-1b6b-11dd-9e86-001d60e068f3}]

lo chiudi, e "trascinalo" sull'icona di ComboFix

Attendi la fine della scansione, senza toccare nulla, (nemmeno il mouse)
Posta il log aggiornato di combofix
*********************************************************************************************************
Dopo rifai le scansioni con Virit, e Malwarebyte, finchè non rilevano nulla.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Per disistallare Virit,fai :
Start\Tutti Programmi, e trovi il suo Unistall.
Al posto di Virit, installi definitivamente AVG8, lo scarichi da qui:
http://www.aiutaamici.com/software?ID=11537
Lo aggiorni, e fai subito una scansione.
Quando hai fatto tutto questo posta un nuovo log di HijackThis.
Và un pò meglio il pc ?
Torna in alto
 
nanomalo
Inviato: Monday, September 22, 2008 9:43:50 PM
Rank: Newbie

Iscritto dal : 9/19/2008
Posts: 0
sìsì va meglio...il cambiamento evidente è stata la rimozione dei popup..comunque mi è rimasto un launcher all avvio che ho cercto con google e ho scoperto essere un ennesimo virus. mi causa un'attesa all'inizio subito dopo il boot. sai come debellarlo? Pray



GRAZIE DAVVERO INFINITE, SEI DAVVERO GENTILE Applause Applause Applause
Torna in alto
 
r16
Inviato: Monday, September 22, 2008 9:49:34 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina questa voce di HijackThis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/it/
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O20 - AppInit_DLLs: pxdnoo.dll
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
Cerca e elimina questo file in rosso:
C:\Program Files\RelevantKnowledge\rlservice.exe
Se non riesci a eliminarli in modalità normale ,prova in Modalità Provvisoria.
Torna in alto
 
nanomalo
Inviato: Tuesday, September 23, 2008 9:29:04 PM
Rank: Newbie

Iscritto dal : 9/19/2008
Posts: 0
ComboFix 08-09-20.05 - nano 2008-09-23 14.17.57.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1040.18.2421 [GMT 2:00]
Eseguito da: C:\Users\nano\Desktop\ComboFix.exe
Command switches used :: C:\Users\nano\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Creati Da 2008-08-23 al 2008-09-23 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 19:15 --------- d-----w C:\Program Files\Mirc
2008-09-22 13:38 --------- d-----w C:\Users\nano\AppData\Roaming\Skype
2008-09-22 13:01 --------- d-----w C:\Users\nano\AppData\Roaming\skypePM
2008-09-19 20:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 20:07 --------- d-----w C:\Users\nano\AppData\Roaming\Malwarebytes
2008-09-19 20:07 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-19 16:45 40,960 ----a-w C:\Windows\system32\drivers\VIRAGTLT.SYS
2008-09-19 15:32 --------- d-----w C:\Program Files\Trend Micro
2008-09-18 21:09 --------- d-----w C:\Program Files\Manage PC Shut Down
2008-09-18 17:40 --------- d-----w C:\Program Files\eMule
2008-09-18 17:28 --------- d-----w C:\Users\nano\AppData\Roaming\uTorrent
2008-09-17 19:52 --------- d-----w C:\Program Files\BearShare
2008-09-17 19:16 --------- d-----w C:\Program Files\Soulseek
2008-09-16 18:57 --------- d-----w C:\ProgramData\DFX
2008-09-16 18:57 --------- d-----w C:\Program Files\DFX
2008-09-16 18:57 --------- d-----w C:\Program Files\Common Files\DFX
2008-09-11 13:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 19:26 --------- d-----w C:\Users\nano\AppData\Roaming\Spore
2008-09-10 19:03 --------- d-----w C:\Program Files\Electronic Arts
2008-09-10 16:05 --------- d-----w C:\Users\nano\AppData\Roaming\Joost
2008-09-10 15:45 --------- d-----w C:\Program Files\RadarSync
2008-09-10 15:39 --------- d-----w C:\Program Files\Joost
2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-09 19:42 --------- d-----w C:\Program Files\MagicISO
2008-09-09 19:29 355,584 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-09-09 19:29 --------- d-----w C:\Users\nano\AppData\Roaming\TuneUp Software
2008-09-09 19:29 --------- d-----w C:\ProgramData\TuneUp Software
2008-09-09 19:29 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-09 19:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-08 13:31 --------- d-----w C:\ProgramData\Skype
2008-09-08 13:31 --------- d-----w C:\Program Files\Skype
2008-09-08 13:31 --------- d-----w C:\Program Files\Common Files\Skype
2008-09-08 13:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-27 16:44 --------- d-----w C:\Program Files\RelevantKnowledge
2008-08-27 11:07 --------- d-----w C:\Program Files\CD Mp3 Extractor
2008-08-27 11:04 --------- d-----w C:\Program Files\Wave 2 Mp3
2008-08-27 10:51 --------- d-----w C:\Program Files\SoftwareClub.ws
2008-08-25 11:45 --------- d-----w C:\Program Files\Halto
2008-08-25 11:35 --------- d-----w C:\ProgramData\Apple Computer
2008-08-25 10:09 --------- d-----w C:\Program Files\Apple Software Update
2008-08-25 10:08 --------- d-----w C:\Users\nano\AppData\Roaming\Apple Computer
2008-08-25 10:07 --------- d-----w C:\Program Files\Bonjour
2008-08-25 10:06 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-23 15:50 --------- d-----w C:\ProgramData\Roxio
2008-08-19 12:53 --------- d-----w C:\Users\nano\AppData\Roaming\Builder
2008-08-19 12:50 --------- d-----w C:\Users\nano\AppData\Roaming\qliner
2008-08-19 12:40 --------- d-----w C:\Program Files\Qliner Hotkeys
2008-08-16 01:36 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-15 15:17 --------- d---a-w C:\ProgramData\TEMP
2008-08-15 13:35 --------- d-----w C:\Users\nano\AppData\Roaming\TeraCopy
2008-08-14 23:10 --------- d-----w C:\Program Files\Mass Effect
2008-08-14 23:05 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-14 23:05 --------- d-----w C:\Program Files\Common Files\BioWare
2008-08-14 10:08 --------- d-----w C:\Program Files\Empire Interactive
2008-08-14 09:19 --------- d-----w C:\Program Files\NeroInstall.bak
2008-08-14 09:17 --------- d-----w C:\Users\nano\AppData\Roaming\Nero
2008-08-14 09:15 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-14 09:12 --------- d-----w C:\ProgramData\Nero
2008-08-14 09:12 --------- d-----w C:\Program Files\Nero
2008-08-14 08:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 08:13 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-08-14 07:45 --------- d-----w C:\Program Files\Extension Changer
2008-08-13 21:52 --------- d-----w C:\Users\nano\AppData\Roaming\Microsoft Games
2008-08-06 09:39 --------- d-----w C:\Program Files\CCleaner
2008-08-06 09:08 --------- d-----w C:\Program Files\Mp3 File Editor
2008-08-06 09:04 --------- d-----w C:\Program Files\Game Graphic Studio
2008-08-04 22:28 174 --sha-w C:\Program Files\desktop.ini
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:55 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-07-15 23:53 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-07-15 23:53 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-07-08 22:49 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-03 13:26 22,328 ----a-w C:\Users\nano\AppData\Roaming\PnkBstrK.sys
2008-05-13 15:06 0 ----a-w C:\Users\nano\AppData\Roaming\wklnhst.dat
2008-05-15 18:38 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-09-22_15.42.27.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-24 12:01:59 992,232 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-09-22 18:32:05 1,271,440 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-09-22 13:00:12 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-09-23 12:04:02 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-09-23 12:04:02 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-22 13:00:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-09-23 12:03:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-09-23 12:03:57 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-22 13:00:29 10,918 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-706010174-775629330-2711164088-1001_UserData.bin
+ 2008-09-23 12:04:03 10,918 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-706010174-775629330-2711164088-1001_UserData.bin
- 2008-09-22 13:00:29 66,220 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-23 12:04:03 66,680 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-22 13:00:28 49,524 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-23 12:04:00 49,668 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"00Hotkeys"="C:\Program Files\Qliner Hotkeys\HotKeys.exe" [2006-12-02 45056]
"spc1000"="C:\Windows\vspc1000.exe" [2007-07-12 675840]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-09-22 245760]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pxdnoo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-11-06 20:00 8530464 C:\Windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-06 20:00 81920 C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-11-06 20:00 86016 C:\Windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
--a------ 2007-04-07 02:56 54936 C:\Windows\System32\jureg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 14:36 201728 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"265bb3c3"=rundll32.exe "C:\Windows\system32\idrayhfk.dll",b
"runner1"=C:\Windows\faceback.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-706010174-775629330-2711164088-1001]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{06CA90DE-DFB3-4B43-91D3-1B389F234F16}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{70B69435-A063-4796-96D8-07F97B0BD198}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{E0EE8557-CAB9-47DC-B918-D1C83513B918}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{A9A72485-CFF3-4D61-A690-53C0C5D58487}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{0D9B9856-91E9-477D-BDE7-402B0252F4F7}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{8D4A32BF-3947-4945-8816-75EC9390C8F0}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{68B74467-C34B-408C-B081-4FE0EFFE93AE}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{A4D2ECCE-8EBB-4961-B5C8-80086B09692D}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{273F4132-6DD9-4C8B-AFD7-4137707CBDAE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3710DC32-2022-49A5-8962-2380D17EFE74}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{601984F3-ED3B-4EBF-857B-5CF6722C9ED2}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{EE2A7586-9463-4931-9708-38C6BB66AD75}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{1B268FC8-0D75-4F9A-92FB-674DA61F743B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{D40C0DB1-31C5-4334-9ECB-4419EF0E30EF}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{AEC378CC-15F6-4D11-8236-63F6C7ABA5A9}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{4D8F3937-5FD0-463D-B68C-4BA61CEDC64E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{801F2A47-4F36-4E8F-92B2-5C324E22B6FC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{64787C58-87BD-48E7-811A-0A7CFCFAEB44}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{63C282B8-C9D5-4FD7-A5D9-577A6CCF9C52}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6E5630CF-22EA-4E67-A7C9-C9AE9C1E8180}"= UDP:J:\Call Of Duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{5CFFB5CF-845C-459F-A0A2-FE332897EA8C}"= TCP:J:\Call Of Duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{9D875CA3-885B-4D0D-B6C7-928A4BAF12B3}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC Modified By momo
"UDP Query User{EA868FAA-BD0B-4702-8C0B-63D62ECAD105}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC Modified By momo
"{992C7955-D431-4192-A49A-2057FB9AB92B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5F41B3CD-928D-49CF-B64F-6DC5B7576F73}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9A4CA484-94F0-473B-93C1-6B0B56CE0366}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AF88BD36-EAED-4B29-BEC7-3FBFC4778512}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BCD8C334-C070-4561-9FE5-1494DE78B45C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{CE3260F3-6B8D-4677-B63C-56D305185556}K:\\pc games\\call of duty 4\\iw3mp.exe"= UDP:K:\pc games\call of duty 4\iw3mp.exe:iw3mp
"UDP Query User{FF4D29D4-80E0-4466-AF1D-EBFD1DD9D4DE}K:\\pc games\\call of duty 4\\iw3mp.exe"= TCP:K:\pc games\call of duty 4\iw3mp.exe:iw3mp
"{4AF0EDFA-051F-4B8E-9058-F33346348614}"= UDP:K:\PC Games\Assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{B1C0276E-FC80-47B1-8521-EEF666DC1D72}"= TCP:K:\PC Games\Assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{ED214AD5-0908-41D1-855D-4C23CB27A70F}"= UDP:K:\PC Games\Assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{E479653C-C880-452B-9C98-7A1076AD934A}"= TCP:K:\PC Games\Assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{937E1C34-3E26-46F3-99C6-AEC9B2C0AA8B}"= UDP:K:\PC Games\Assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{6F1BF479-8EF7-4AD0-8C92-4E48F8C162AC}"= TCP:K:\PC Games\Assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{3117FF2F-4959-4E7C-A0D1-AE55FFE86DE9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5A4B6363-8FE8-4ED4-AE7A-99663E583735}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{CD160638-AC91-45B5-84C3-5F1B0FFA2F5D}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{C4A2A781-C6E9-4E49-BDE7-D488F3ACD510}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek
"{133C210F-FAC4-4EEC-9DAF-EEED67503B8B}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D35BED55-E1F2-4600-94FD-870926213ECD}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{3142A81D-7B54-435D-8127-7C804DE6FC5A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{8D654DEF-6FC0-4063-864C-5DC8E311DB3D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{DA06289E-E574-4FB2-B0D1-8CCCD3016C8D}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{59971F91-9B73-4089-AB16-D787A99714BF}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{089BAB57-7050-4589-9D91-2764A3DD72D5}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{CD758429-19AC-4C0C-930F-AE886EBF66BE}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{ED852766-F7F8-46C6-90F3-DB3FDFC84142}"= UDP:C:\Program Files\Codemasters\GRID\GRID.exe:GRID
"{30CCF783-7C0E-40AA-B4CD-16B38E8ACBFD}"= TCP:C:\Program Files\Codemasters\GRID\GRID.exe:GRID
"{F933E3CA-46AC-4EED-A561-2932FBCE262D}"= UDP:C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"{9F2DB86E-FD73-47D4-B695-419910759C26}"= TCP:C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"{E3FEB3A4-9ABC-4E82-98D2-BB37A86F7BE1}"= UDP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{EE66E242-44B3-4B6B-94A5-5B577A41578C}"= TCP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{646AA354-DC50-4D8C-B830-D7A9B03A32B7}"= UDP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{B68FB2B4-BD11-4B78-B8B9-C7752A5A5EDF}"= TCP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{293F0C05-A92D-4022-8109-477BA51C1695}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{20E19FF6-41E7-400B-9F6C-EB7BB7491D5C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4F479F5E-52C8-4906-BD69-03E4BD4413BF}"= UDP:C:\Windows\Temp\~os4663.tmp\ossproxy.exe:ossproxy.exe
"{A018893C-1CD2-4F88-B69C-60BDF9801018}"= UDP:C:\Program Files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{014CF23C-C320-4E45-A76A-7E46A4E7B3B5}"= TCP:C:\Program Files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{2FA5F7F4-6AE9-467C-92EA-AB0C22F2CA1B}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{EA59BD23-EE3E-415F-82C4-5D7F155ADE30}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{807911C6-1296-4F20-87D0-C74458D007E6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{064E2CE2-7AD2-466E-BF48-D304AED3C1F4}"= Disabled:UDP:C:\Program Files\Joost\xulrunner\tvprunner.exe:tvprunner
"{4E6668FC-2747-490E-BFAD-187338A05600}"= Disabled:TCP:C:\Program Files\Joost\xulrunner\tvprunner.exe:tvprunner

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 VIRAGTLT;VIRAGTLT;C:\Windows\system32\drivers\VIRAGTLT.SYS [2008-09-19 40960]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 RelevantKnowledge;RelevantKnowledge;C:\Program Files\RelevantKnowledge\rlservice.exe [2008-04-24 45056]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-09-22 57344]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-05-11 329728]
R3 phaudlwr;Philips Audio Filter;C:\Windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
R3 SPC1000;USB2.0 PC Camera (SPC1000);C:\Windows\system32\DRIVERS\spc1000.sys [2007-12-04 3033728]
S2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-09-09 355584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - 80avp08.com
\shell\explore\Command - 80avp08.com
\shell\open\Command - 80avp08.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{732a1e32-9987-11db-a3ac-806e6f6e6963}]
\shell\AutoRun\command - E:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a4e8696-2805-11dd-b28a-001d60e068f3}]
\shell\AutoRun\command - L:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3906ce2-1b6b-11dd-9e86-001d60e068f3}]
\shell\AutoRun\command - ntde1ect.com
\shell\explore\Command - ntde1ect.com
\shell\open\Command - ntde1ect.com
.
Contenuto della cartella 'Scheduled Tasks'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 14:20:02
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-09-23 14:20:45
ComboFix-quarantined-files.txt 2008-09-23 12:20:37
ComboFix2.txt 2008-09-22 13:42:48

Pre-Run: Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
Post-Run: 313,362,796,544 byte disponibili

300 --- E O F --- 2008-08-16 01:36:41
Torna in alto
 
nanomalo
Inviato: Tuesday, September 23, 2008 9:29:40 PM
Rank: Newbie

Iscritto dal : 9/19/2008
Posts: 0
VirIT eXplorer Lite Log

23/09/2008 - 15:39:46

[SCANSIONE DEL REGISTRO]
[SCANSIONE DELLA MEMORIA]
OK
23/09/2008 - 16:06:11

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[E:]


[F:]
BOOT SECTOR: OK


[G:]
BOOT SECTOR: OK


[H:]
BOOT SECTOR: OK


[I:]
BOOT SECTOR: OK


[L:]


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 230060.
Files Totali: 230060.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
23/09/2008 - 21:24:52

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

[SCANSIONE DELLA MEMORIA]
OK
Torna in alto
 
nanomalo
Inviato: Tuesday, September 23, 2008 9:30:15 PM
Rank: Newbie

Iscritto dal : 9/19/2008
Posts: 0
Malwarebytes' Anti-Malware 1.28
Versione del database: 1177
Windows 6.0.6000

23/09/2008 21.12.47
mbam-log-2008-09-23 (21-12-47).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 239467
Tempo trascorso: 1 hour(s), 16 minute(s), 27 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\QooBox\Quarantine\C\Users\nano\AppData\Roaming\PPPATC~1\mmc.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
Torna in alto
 
nanomalo
Inviato: Tuesday, September 23, 2008 9:30:45 PM
Rank: Newbie

Iscritto dal : 9/19/2008
Posts: 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.19.22, on 23/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Qliner Hotkeys\HotKeys.exe
C:\Windows\vspc1000.exe
C:\VEXPLITE\MONLITE.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [00Hotkeys] "C:\Program Files\Qliner Hotkeys\HotKeys.exe"
O4 - HKLM\..\Run: [spc1000] C:\Windows\vspc1000.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldit-it.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD6BDA61-D794-431E-95CA-EB43952B2C50}: NameServer = 151.99.125.2,125.99.125.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: pxdnoo.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 7956 bytes
Torna in alto
 
r16
Inviato: Tuesday, September 23, 2008 9:35:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ma non hai eliminato le voci di HijackThis .
Torna in alto
 
nanomalo
Inviato: Tuesday, September 23, 2008 9:37:37 PM
Rank: Newbie

Iscritto dal : 9/19/2008
Posts: 0
Grazie mille per le dritte. l'eliminazione del file [ C:\Program Files\RelevantKnowledge\rlservice.exe ] eseguito in modalità provvisoria (cestinato ed eliminato) non ha comportato l'eiminazione delle voci nel log di hijackthis. ti riporto qui il suddetto log.

Grazie mille davvero!!!

Riguardo ai programmi antivirus, ho notato che me ne hai consigliato uno gratuito, è perchè è uno tra i migliori in assoluto o perchè è uno tra i migliori freeware? Nel caso in cui fosse la seconda potresti consigliarmene uno che consideri il migliore in assoluto?...non ho problemi ad acquistarlo dal momento in cui ho realizzato che è uno strumento fondamentaleAnxious d'oh! d'oh!

Grazie per tutti i cnsigli che mi hai dato Applause Applause Applause Applause
Torna in alto
 
nanomalo
Inviato: Tuesday, September 23, 2008 9:38:13 PM
Rank: Newbie

Iscritto dal : 9/19/2008
Posts: 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.24.30, on 23/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\hp\KBD\KbdStub.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Qliner Hotkeys\HotKeys.exe
C:\Windows\vspc1000.exe
C:\VEXPLITE\MONLITE.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [00Hotkeys] "C:\Program Files\Qliner Hotkeys\HotKeys.exe"
O4 - HKLM\..\Run: [spc1000] C:\Windows\vspc1000.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldit-it.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD6BDA61-D794-431E-95CA-EB43952B2C50}: NameServer = 151.99.125.2,125.99.125.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: pxdnoo.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 7972 bytes
===================================================

Purtroppo è rimasto Think
Torna in alto
 
r16
Inviato: Tuesday, September 23, 2008 9:40:18 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Kaspersky, è molto buono. (a pagamento)
Naturalmente nessun antivirus è perfetto......
Torna in alto
 
r16
Inviato: Tuesday, September 23, 2008 9:45:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica Questo Antispyware:
http://www.aiutaamici.com/software?ID=11397
E fai una scansione. Mi posti il log.
E anche uno di HijackThis (log)
Elimina questa voce di HijackThis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/it/
Le voci di HijackThis, prova a eliminarle in Modalità Provvisoria.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Potreste controllarmi il log? Grazie


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.