log hijackthis - pagine internet che si aprono da sole
3 partecipanti
Pagina 1 di 2
Pagina 1 di 2 • 1, 2
log hijackthis - pagine internet che si aprono da sole
Logfile of HijackThis v1.99.1
Scan saved at 17.30.02, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LSHPRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\franco\Desktop\Programmi e Antivirus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PrinterSecurityLayer] C:\WINDOWS\system32\LSHPRN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SC2.tmp" /EF "HKCU"
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programmi\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programmi\PPLive\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{658DA6AA-B506-4C7F-A120-98EA674CEA7A}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
questo e' il post che mi avevi chiesto
fammi sapere Grazie !!
Scan saved at 17.30.02, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LSHPRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\franco\Desktop\Programmi e Antivirus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PrinterSecurityLayer] C:\WINDOWS\system32\LSHPRN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SC2.tmp" /EF "HKCU"
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programmi\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programmi\PPLive\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{658DA6AA-B506-4C7F-A120-98EA674CEA7A}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
questo e' il post che mi avevi chiesto
fammi sapere Grazie !!
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Re: log hijackthis - pagine internet che si aprono da sole
ciao franz,
il log lo hai fatto con una vecchia versione di hijackthis, anche se già si vedono delle infezioni, sarebbe utile farlo con l'ultima uscita, la 2.0.2
puoi trovarla qui
il log lo hai fatto con una vecchia versione di hijackthis, anche se già si vedono delle infezioni, sarebbe utile farlo con l'ultima uscita, la 2.0.2
puoi trovarla qui
ok steve75
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.19.11, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LSHPRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\franco\Desktop\Programmi e Antivirus\HijackThis.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\franco\IMPOST~1\Temp\Rar$EX00.578\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programmi\Advanced System Optimizer\IEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PrinterSecurityLayer] C:\WINDOWS\system32\LSHPRN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SC2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Programmi\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programmi\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programmi\PPLive\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{658DA6AA-B506-4C7F-A120-98EA674CEA7A}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 11694 bytes
Scan saved at 19.19.11, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LSHPRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\franco\Desktop\Programmi e Antivirus\HijackThis.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\franco\IMPOST~1\Temp\Rar$EX00.578\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programmi\Advanced System Optimizer\IEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PrinterSecurityLayer] C:\WINDOWS\system32\LSHPRN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SC2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Programmi\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programmi\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programmi\PPLive\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{658DA6AA-B506-4C7F-A120-98EA674CEA7A}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 11694 bytes
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Re: log hijackthis - pagine internet che si aprono da sole
ok,
scusami ma hai già fixato qualche voce? te lo chiedo perché in quello di prima vi era una voce che adesso non c'é, piu precisamente questa;
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
fai una cosa, vai su www.virustotal.com e analizza questo file;
C:\WINDOWS\system32\LSHPRN.EXE
PS:.Ho modificato il titolo del post con uno meno generico
scusami ma hai già fixato qualche voce? te lo chiedo perché in quello di prima vi era una voce che adesso non c'é, piu precisamente questa;
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
fai una cosa, vai su www.virustotal.com e analizza questo file;
C:\WINDOWS\system32\LSHPRN.EXE
PS:.Ho modificato il titolo del post con uno meno generico
steve75
no . non ho fixato niente !!
il report
http://www.virustotal.com/it/analisis/0b3efebd237e732142abe6f3bfd58c77
il report
http://www.virustotal.com/it/analisis/0b3efebd237e732142abe6f3bfd58c77
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Re: log hijackthis - pagine internet che si aprono da sole
ah ok..... il file sembra pulito
hai sempre gli stessi problemi? se si fai uno scan con MalwareByte's Antimalware
http://www.majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26
aggiornalo, fai uno scan completo del sistema ed elimina quello che trova
Posta il suo log
hai sempre gli stessi problemi? se si fai uno scan con MalwareByte's Antimalware
http://www.majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26
aggiornalo, fai uno scan completo del sistema ed elimina quello che trova
Posta il suo log
Re: log hijackthis - pagine internet che si aprono da sole
@Steve Il log di malwarebytes sembra non funzionante
@Franz Se anche a te non funziona puoi scaricare malwarebytes da qui http://www.malwarebytes.org/mbam.php
Ricorda di aggiornarlo prima di fare la scansione completa e di postare il log di fine scansione
@Franz Se anche a te non funziona puoi scaricare malwarebytes da qui http://www.malwarebytes.org/mbam.php
Ricorda di aggiornarlo prima di fare la scansione completa e di postare il log di fine scansione
Torukk- Moderatore
- Numero di messaggi : 204
Data d'iscrizione : 06.01.09
Re: log hijackthis - pagine internet che si aprono da sole
Torukk ha scritto:@Steve Il log di malwarebytes sembra non funzionante
@Franz Se anche a te non funziona puoi scaricare malwarebytes da qui http://www.malwarebytes.org/mbam.php
Ricorda di aggiornarlo prima di fare la scansione completa e di postare il log di fine scansione
ciao torukk,
grazie, non me ne ero accorto....
Re: log hijackthis - pagine internet che si aprono da sole
ok stasera la rifaccio, l'ho gia fatta ma ho fatto quella rapida , provero' con la scansione completa
Buona giorata
Buona giorata
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Re: log hijackthis - pagine internet che si aprono da sole
Steve75 ha scritto:
ciao torukk,
grazie, non me ne ero accorto....
Di niente, figurati!!
Cmq secondo te non conviene,nonostante il risultato di virustotal,fixare lo stesso l'avvio automatico di quel file,senza cancellare manualmente il relativo file e vedere se il problema si ripropone? Non sembra nulla di buono....
Torukk- Moderatore
- Numero di messaggi : 204
Data d'iscrizione : 06.01.09
Re: log hijackthis - pagine internet che si aprono da sole
volevo vedere prima come si comporta MBA con quel file.....
Re: log hijackthis - pagine internet che si aprono da sole
Steve75 ha scritto:volevo vedere prima come si comporta MBA con quel file.....
Vero... Aspettiamo il log..
Torukk- Moderatore
- Numero di messaggi : 204
Data d'iscrizione : 06.01.09
Re: log hijackthis - pagine internet che si aprono da sole
Ciao a tutti ragazzi !!!!!!!!!!
Ho fatto la scansione , e posto il log, ovviamente ho corretto il problema che mi segnalava e ho riavviato il pc.... niente le pagine c:\windows\p1.htm.... compaiono ancora
Malwarebytes' Anti-Malware 1.32
Versione del database: 1648
Windows 5.1.2600 Service Pack 3
13/01/2009 20.36.23
mbam-log-2009-01-13 (20-36-18).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 129552
Tempo trascorso: 55 minute(s), 6 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken.
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
Ho fatto la scansione , e posto il log, ovviamente ho corretto il problema che mi segnalava e ho riavviato il pc.... niente le pagine c:\windows\p1.htm.... compaiono ancora
Malwarebytes' Anti-Malware 1.32
Versione del database: 1648
Windows 5.1.2600 Service Pack 3
13/01/2009 20.36.23
mbam-log-2009-01-13 (20-36-18).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 129552
Tempo trascorso: 55 minute(s), 6 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken.
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Re: log hijackthis - pagine internet che si aprono da sole
Ciao! Sicuro di aver corretto il problema? Qui dice
Chiavi di registro infette: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken.
Significa che non hai intrapreso alcuna azione
Rifai la scansione completa con malwarebytes,alla fine della scansione clicca su mostra i risultati..poi da li devi cliccare su rimuovi gli elementi selezionati..infine clicca su salva file di log e posta il nuovo log
Chiavi di registro infette: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken.
Significa che non hai intrapreso alcuna azione
Rifai la scansione completa con malwarebytes,alla fine della scansione clicca su mostra i risultati..poi da li devi cliccare su rimuovi gli elementi selezionati..infine clicca su salva file di log e posta il nuovo log
Torukk- Moderatore
- Numero di messaggi : 204
Data d'iscrizione : 06.01.09
Re: log hijackthis - pagine internet che si aprono da sole
ciao torukk
ho fatto cosi' , solo che per farvelo vedere ho salvato il log prima di correggere. Ma come vi dicevo niente............
ho fatto cosi' , solo che per farvelo vedere ho salvato il log prima di correggere. Ma come vi dicevo niente............
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Re: log hijackthis - pagine internet che si aprono da sole
riposto hijackthis fatto di nuovo adesso
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.27.01, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LSHPRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Programmi\Hp\HP Software Update\hpwuSchd2.exe
C:\Documents and Settings\franco\Desktop\Programmi e Antivirus\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PrinterSecurityLayer] C:\WINDOWS\system32\LSHPRN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SC2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Programmi\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programmi\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programmi\PPLive\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{658DA6AA-B506-4C7F-A120-98EA674CEA7A}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 11138 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.27.01, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LSHPRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Programmi\Hp\HP Software Update\hpwuSchd2.exe
C:\Documents and Settings\franco\Desktop\Programmi e Antivirus\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PrinterSecurityLayer] C:\WINDOWS\system32\LSHPRN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SC2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Programmi\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programmi\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programmi\PPLive\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{658DA6AA-B506-4C7F-A120-98EA674CEA7A}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 11138 bytes
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Re: log hijackthis - pagine internet che si aprono da sole
ciao,
hijackthis ha i suoi limiti, e a questo punto serve a poco, fai girare combofix e posta il suo log cosi vediamo di risolvere
http://www.steven.altervista.org/files/tools.html#tools1
hijackthis ha i suoi limiti, e a questo punto serve a poco, fai girare combofix e posta il suo log cosi vediamo di risolvere
http://www.steven.altervista.org/files/tools.html#tools1
Re: log hijackthis - pagine internet che si aprono da sole
non riesco a postare , mi dice troppo grande
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Re: log hijackthis - pagine internet che si aprono da sole
ComboFix 09-01-13.03 - franco 2009-01-13 21.44.16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.2046.1501 [GMT 1:00]
Eseguito da: c:\documents and settings\franco\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Process.exe
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((( Files Creati Da 2008-12-13 al 2009-01-13 )))))))))))))))))))))))))))))))))))
.
2009-01-12 18:47 . 2009-01-12 18:47 <DIR> d-------- c:\documents and settings\franco\Application Data\Uniblue
2009-01-12 18:08 . 2009-01-12 19:41 <DIR> d-------- c:\programmi\Advanced System Optimizer
2009-01-12 18:08 . 2009-01-12 18:08 <DIR> d-------- c:\documents and settings\franco\Application Data\Systweak
2009-01-11 21:12 . 2009-01-12 19:41 <DIR> d-------- c:\programmi\Navilog1
2009-01-11 15:59 . 2009-01-13 21:44 4,299 --a------ c:\windows\p3.htm
2009-01-11 15:57 . 2009-01-13 21:42 4,299 --a------ c:\windows\p2.htm
2009-01-11 15:55 . 2009-01-13 21:46 4,299 --a------ c:\windows\p1.htm
2009-01-11 15:53 . 2009-01-11 15:52 15,377 --a------ c:\windows\system32\LSHPRN.EXE
2009-01-11 14:26 . 2009-01-11 18:02 <DIR> d-------- c:\programmi\Conduit
2009-01-11 12:00 . 2009-01-03 14:37 361,344 --a------ c:\windows\system32\drivers\tcpip.copy
2009-01-11 08:26 . 2009-01-11 18:02 <DIR> d-------- c:\programmi\Maryland_Radio
2009-01-10 21:28 . 2009-01-10 21:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-01-09 21:19 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-09 21:18 . 2009-01-09 21:18 <DIR> d-------- c:\programmi\Windows Live SkyDrive
2009-01-09 21:04 . 2009-01-09 21:04 200 --a------ C:\sqmnoopt17.sqm
2009-01-09 21:04 . 2009-01-09 21:04 200 --a------ C:\sqmdata17.sqm
2009-01-09 13:42 . 2009-01-09 13:41 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-09 13:42 . 2009-01-09 13:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-07 18:08 . 2009-01-07 18:08 200 --a------ C:\sqmnoopt16.sqm
2009-01-07 18:08 . 2009-01-07 18:08 200 --a------ C:\sqmdata16.sqm
2009-01-04 21:43 . 2009-01-04 21:43 200 --a------ C:\sqmnoopt15.sqm
2009-01-04 21:43 . 2009-01-04 21:43 200 --a------ C:\sqmdata15.sqm
2009-01-04 21:11 . 2009-01-04 21:11 <DIR> d-------- c:\documents and settings\franco\Application Data\InstallShield
2009-01-04 21:10 . 2006-12-08 03:04 76,800 --a------ c:\windows\system32\E_FLBCEE.DLL
2009-01-04 21:10 . 2006-04-19 03:00 62,976 --a------ c:\windows\system32\E_FD4BCEE.DLL
2009-01-04 21:10 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-01-04 21:10 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-04 21:10 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2009-01-04 21:06 . 2007-04-18 00:00 67,072 --a------ c:\windows\system32\escwiad.dll
2009-01-04 14:36 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-04 14:35 . 2009-01-04 14:36 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\programmi\Reference Assemblies
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\programmi\MSBuild
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\programmi\CDBurnerXP
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\documents and settings\franco\Application Data\Canneverbe_Limited
2009-01-04 14:34 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-04 14:34 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-04 14:34 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-04 14:34 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-04 14:34 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-04 14:34 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-04 14:34 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-04 14:33 . 2009-01-04 14:34 <DIR> d-------- C:\cb01765a2cb73532609a388b
2009-01-03 21:56 . 2009-01-03 21:56 200 --a------ C:\sqmnoopt14.sqm
2009-01-03 21:56 . 2009-01-03 21:56 200 --a------ C:\sqmdata14.sqm
2009-01-03 14:36 . 2008-06-20 12:51 361,600 --a------ c:\windows\system32\dllcache\tcpip.sys
2009-01-03 14:36 . 2009-01-03 14:36 361,344 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2008-12-31 09:34 . 2008-12-31 09:34 200 --a------ C:\sqmnoopt13.sqm
2008-12-31 09:34 . 2008-12-31 09:34 200 --a------ C:\sqmdata13.sqm
2008-12-31 09:01 . 2008-12-31 09:01 200 --a------ C:\sqmnoopt12.sqm
2008-12-31 09:01 . 2008-12-31 09:01 200 --a------ C:\sqmdata12.sqm
2008-12-30 18:01 . 2008-12-30 18:01 236 --a------ C:\sqmdata11.sqm
2008-12-30 18:01 . 2008-12-30 18:01 200 --a------ C:\sqmnoopt11.sqm
2008-12-30 17:57 . 2008-12-30 17:57 236 --a------ C:\sqmdata10.sqm
2008-12-30 17:57 . 2008-12-30 17:57 200 --a------ C:\sqmnoopt10.sqm
2008-12-30 17:08 . 2007-08-03 12:48 3,974,440 --a------ c:\windows\system\AdvrCntr3.dll
2008-12-30 15:16 . 2008-12-30 15:16 236 --a------ C:\sqmdata09.sqm
2008-12-30 15:16 . 2008-12-30 15:16 120 --a------ C:\sqmnoopt09.sqm
2008-12-30 14:47 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-30 14:47 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-12-30 14:44 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-30 14:44 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys
2008-12-29 13:41 . 2008-12-29 13:41 200 --a------ C:\sqmnoopt08.sqm
2008-12-29 13:41 . 2008-12-29 13:41 200 --a------ C:\sqmdata08.sqm
2008-12-27 23:44 . 2008-12-27 23:44 2,688 --a------ c:\windows\system32\settings.aaw
2008-12-27 23:44 . 2008-12-27 23:44 1,008 --a------ c:\windows\system32\history.aaw
2008-12-27 23:44 . 2008-12-27 23:44 248 --a------ C:\sqmdata07.sqm
2008-12-27 23:44 . 2008-12-27 23:44 120 --a------ C:\sqmnoopt07.sqm
2008-12-27 11:14 . 2008-12-27 11:14 236 --a------ C:\sqmdata06.sqm
2008-12-27 11:14 . 2008-12-27 11:14 200 --a------ C:\sqmnoopt06.sqm
2008-12-26 18:24 . 2008-12-26 18:24 236 --a------ C:\sqmdata05.sqm
2008-12-26 18:24 . 2008-12-26 18:24 200 --a------ C:\sqmnoopt05.sqm
2008-12-26 18:15 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-12-26 18:15 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-12-26 18:15 . 2003-11-04 15:11 159,744 --a------ c:\windows\system32\lfpng13n.dll
2008-12-26 18:15 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-26 10:55 . 2008-12-26 10:55 200 --a------ C:\sqmnoopt04.sqm
2008-12-26 10:55 . 2008-12-26 10:55 200 --a------ C:\sqmdata04.sqm
2008-12-26 10:47 . 2008-12-26 10:47 <DIR> d-------- c:\programmi\DivX
2008-12-26 09:54 . 2008-12-26 10:52 <DIR> d-------- c:\programmi\PPLive
2008-12-26 09:54 . 2008-12-26 09:54 <DIR> d-------- c:\documents and settings\franco\Application Data\PPLive
2008-12-26 09:36 . 2009-01-10 21:16 <DIR> d-------- c:\programmi\uusee
2008-12-26 09:36 . 2008-12-26 09:36 <DIR> d-------- c:\programmi\SopCast
2008-12-26 00:12 . 2008-12-26 00:12 236 --a------ C:\sqmdata03.sqm
2008-12-26 00:12 . 2008-12-26 00:12 120 --a------ C:\sqmnoopt03.sqm
2008-12-25 17:51 . 2008-12-25 18:08 <DIR> d-------- c:\documents and settings\franco\Application Data\U3
2008-12-24 20:15 . 2008-12-24 20:15 200 --a------ C:\sqmnoopt02.sqm
2008-12-24 20:15 . 2008-12-24 20:15 200 --a------ C:\sqmdata02.sqm
2008-12-24 17:55 . 2008-12-24 17:55 236 --a------ C:\sqmdata01.sqm
2008-12-24 17:55 . 2008-12-24 17:55 120 --a------ C:\sqmnoopt01.sqm
2008-12-24 12:08 . 2008-12-24 12:08 272 --a------ C:\sqmdata00.sqm
2008-12-24 12:08 . 2008-12-24 12:08 200 --a------ C:\sqmnoopt00.sqm
2008-12-21 19:41 . 2008-12-21 19:41 1,102 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-12-21 19:40 . 2008-12-21 19:40 <DIR> d-------- c:\documents and settings\franco\Application Data\Leadertech
2008-12-21 19:25 . 2008-12-21 19:25 <DIR> d-------- c:\programmi\EA Sports
2008-12-21 19:23 . 2008-12-21 19:23 <DIR> d-------- c:\documents and settings\franco\Application Data\DAEMON Tools Pro
2008-12-21 19:23 . 2008-12-21 19:23 <DIR> d-------- c:\documents and settings\franco\Application Data\DAEMON Tools
2008-12-21 19:22 . 2008-12-24 09:59 <DIR> d-------- c:\programmi\DAEMON Tools Toolbar
2008-12-21 19:22 . 2008-12-22 11:16 <DIR> d-------- c:\programmi\DAEMON Tools Lite
2008-12-21 19:22 . 2008-12-21 19:24 <DIR> d-------- c:\documents and settings\franco\Application Data\DAEMON Tools Lite
2008-12-21 19:22 . 2008-12-21 19:22 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2008-12-21 18:33 . 2008-12-21 18:33 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-20 22:24 . 2009-01-13 20:38 2,026 --a------ C:\hpqp.ini
2008-12-20 22:24 . 2009-01-13 20:38 40 --a------ C:\XP_TV.ini
2008-12-20 21:23 . 2008-12-20 21:23 <DIR> d-------- c:\programmi\sophos anti rootkit
2008-12-20 18:12 . 2008-12-20 18:12 <DIR> d--hs---- c:\documents and settings\LocalService\Temporary Internet Files
2008-12-20 18:12 . 2008-12-20 18:12 <DIR> d--hs---- c:\documents and settings\LocalService\Cronologia
2008-12-20 10:31 . 2008-04-13 19:45 26,368 --a------ c:\windows\system32\dllcache\usbstor.sys
2008-12-18 19:35 . 2008-12-18 19:35 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\IM
2008-12-18 19:34 . 2008-12-18 19:34 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\IncrediMail
2008-12-16 18:45 . 2008-12-16 18:45 <DIR> dr-h----- C:\MSOCache
2008-12-16 18:45 . 2008-12-19 22:24 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-12-14 21:07 . 2008-12-14 21:07 <DIR> d-------- c:\programmi\Lavasoft
2008-12-14 16:09 . 2009-01-13 19:36 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-14 16:09 . 2008-12-14 16:09 <DIR> d-------- c:\documents and settings\franco\Application Data\Malwarebytes
2008-12-14 16:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 16:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 09:17 . 2008-12-14 09:20 <DIR> d-------- c:\programmi\Unlocker
2008-12-13 13:30 . 2008-12-13 13:30 <DIR> d-------- c:\documents and settings\franco\Application Data\Nero
2008-12-13 12:41 . 2008-12-13 12:46 754 --a------ c:\windows\WORDPAD.INI
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.2046.1501 [GMT 1:00]
Eseguito da: c:\documents and settings\franco\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Process.exe
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((( Files Creati Da 2008-12-13 al 2009-01-13 )))))))))))))))))))))))))))))))))))
.
2009-01-12 18:47 . 2009-01-12 18:47 <DIR> d-------- c:\documents and settings\franco\Application Data\Uniblue
2009-01-12 18:08 . 2009-01-12 19:41 <DIR> d-------- c:\programmi\Advanced System Optimizer
2009-01-12 18:08 . 2009-01-12 18:08 <DIR> d-------- c:\documents and settings\franco\Application Data\Systweak
2009-01-11 21:12 . 2009-01-12 19:41 <DIR> d-------- c:\programmi\Navilog1
2009-01-11 15:59 . 2009-01-13 21:44 4,299 --a------ c:\windows\p3.htm
2009-01-11 15:57 . 2009-01-13 21:42 4,299 --a------ c:\windows\p2.htm
2009-01-11 15:55 . 2009-01-13 21:46 4,299 --a------ c:\windows\p1.htm
2009-01-11 15:53 . 2009-01-11 15:52 15,377 --a------ c:\windows\system32\LSHPRN.EXE
2009-01-11 14:26 . 2009-01-11 18:02 <DIR> d-------- c:\programmi\Conduit
2009-01-11 12:00 . 2009-01-03 14:37 361,344 --a------ c:\windows\system32\drivers\tcpip.copy
2009-01-11 08:26 . 2009-01-11 18:02 <DIR> d-------- c:\programmi\Maryland_Radio
2009-01-10 21:28 . 2009-01-10 21:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-01-09 21:19 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-09 21:18 . 2009-01-09 21:18 <DIR> d-------- c:\programmi\Windows Live SkyDrive
2009-01-09 21:04 . 2009-01-09 21:04 200 --a------ C:\sqmnoopt17.sqm
2009-01-09 21:04 . 2009-01-09 21:04 200 --a------ C:\sqmdata17.sqm
2009-01-09 13:42 . 2009-01-09 13:41 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-09 13:42 . 2009-01-09 13:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-07 18:08 . 2009-01-07 18:08 200 --a------ C:\sqmnoopt16.sqm
2009-01-07 18:08 . 2009-01-07 18:08 200 --a------ C:\sqmdata16.sqm
2009-01-04 21:43 . 2009-01-04 21:43 200 --a------ C:\sqmnoopt15.sqm
2009-01-04 21:43 . 2009-01-04 21:43 200 --a------ C:\sqmdata15.sqm
2009-01-04 21:11 . 2009-01-04 21:11 <DIR> d-------- c:\documents and settings\franco\Application Data\InstallShield
2009-01-04 21:10 . 2006-12-08 03:04 76,800 --a------ c:\windows\system32\E_FLBCEE.DLL
2009-01-04 21:10 . 2006-04-19 03:00 62,976 --a------ c:\windows\system32\E_FD4BCEE.DLL
2009-01-04 21:10 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-01-04 21:10 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-04 21:10 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2009-01-04 21:06 . 2007-04-18 00:00 67,072 --a------ c:\windows\system32\escwiad.dll
2009-01-04 14:36 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-04 14:35 . 2009-01-04 14:36 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\programmi\Reference Assemblies
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\programmi\MSBuild
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\programmi\CDBurnerXP
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\documents and settings\franco\Application Data\Canneverbe_Limited
2009-01-04 14:34 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-04 14:34 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-04 14:34 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-04 14:34 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-04 14:34 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-04 14:34 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-04 14:34 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-04 14:33 . 2009-01-04 14:34 <DIR> d-------- C:\cb01765a2cb73532609a388b
2009-01-03 21:56 . 2009-01-03 21:56 200 --a------ C:\sqmnoopt14.sqm
2009-01-03 21:56 . 2009-01-03 21:56 200 --a------ C:\sqmdata14.sqm
2009-01-03 14:36 . 2008-06-20 12:51 361,600 --a------ c:\windows\system32\dllcache\tcpip.sys
2009-01-03 14:36 . 2009-01-03 14:36 361,344 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2008-12-31 09:34 . 2008-12-31 09:34 200 --a------ C:\sqmnoopt13.sqm
2008-12-31 09:34 . 2008-12-31 09:34 200 --a------ C:\sqmdata13.sqm
2008-12-31 09:01 . 2008-12-31 09:01 200 --a------ C:\sqmnoopt12.sqm
2008-12-31 09:01 . 2008-12-31 09:01 200 --a------ C:\sqmdata12.sqm
2008-12-30 18:01 . 2008-12-30 18:01 236 --a------ C:\sqmdata11.sqm
2008-12-30 18:01 . 2008-12-30 18:01 200 --a------ C:\sqmnoopt11.sqm
2008-12-30 17:57 . 2008-12-30 17:57 236 --a------ C:\sqmdata10.sqm
2008-12-30 17:57 . 2008-12-30 17:57 200 --a------ C:\sqmnoopt10.sqm
2008-12-30 17:08 . 2007-08-03 12:48 3,974,440 --a------ c:\windows\system\AdvrCntr3.dll
2008-12-30 15:16 . 2008-12-30 15:16 236 --a------ C:\sqmdata09.sqm
2008-12-30 15:16 . 2008-12-30 15:16 120 --a------ C:\sqmnoopt09.sqm
2008-12-30 14:47 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-30 14:47 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-12-30 14:44 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-30 14:44 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys
2008-12-29 13:41 . 2008-12-29 13:41 200 --a------ C:\sqmnoopt08.sqm
2008-12-29 13:41 . 2008-12-29 13:41 200 --a------ C:\sqmdata08.sqm
2008-12-27 23:44 . 2008-12-27 23:44 2,688 --a------ c:\windows\system32\settings.aaw
2008-12-27 23:44 . 2008-12-27 23:44 1,008 --a------ c:\windows\system32\history.aaw
2008-12-27 23:44 . 2008-12-27 23:44 248 --a------ C:\sqmdata07.sqm
2008-12-27 23:44 . 2008-12-27 23:44 120 --a------ C:\sqmnoopt07.sqm
2008-12-27 11:14 . 2008-12-27 11:14 236 --a------ C:\sqmdata06.sqm
2008-12-27 11:14 . 2008-12-27 11:14 200 --a------ C:\sqmnoopt06.sqm
2008-12-26 18:24 . 2008-12-26 18:24 236 --a------ C:\sqmdata05.sqm
2008-12-26 18:24 . 2008-12-26 18:24 200 --a------ C:\sqmnoopt05.sqm
2008-12-26 18:15 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-12-26 18:15 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-12-26 18:15 . 2003-11-04 15:11 159,744 --a------ c:\windows\system32\lfpng13n.dll
2008-12-26 18:15 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-26 10:55 . 2008-12-26 10:55 200 --a------ C:\sqmnoopt04.sqm
2008-12-26 10:55 . 2008-12-26 10:55 200 --a------ C:\sqmdata04.sqm
2008-12-26 10:47 . 2008-12-26 10:47 <DIR> d-------- c:\programmi\DivX
2008-12-26 09:54 . 2008-12-26 10:52 <DIR> d-------- c:\programmi\PPLive
2008-12-26 09:54 . 2008-12-26 09:54 <DIR> d-------- c:\documents and settings\franco\Application Data\PPLive
2008-12-26 09:36 . 2009-01-10 21:16 <DIR> d-------- c:\programmi\uusee
2008-12-26 09:36 . 2008-12-26 09:36 <DIR> d-------- c:\programmi\SopCast
2008-12-26 00:12 . 2008-12-26 00:12 236 --a------ C:\sqmdata03.sqm
2008-12-26 00:12 . 2008-12-26 00:12 120 --a------ C:\sqmnoopt03.sqm
2008-12-25 17:51 . 2008-12-25 18:08 <DIR> d-------- c:\documents and settings\franco\Application Data\U3
2008-12-24 20:15 . 2008-12-24 20:15 200 --a------ C:\sqmnoopt02.sqm
2008-12-24 20:15 . 2008-12-24 20:15 200 --a------ C:\sqmdata02.sqm
2008-12-24 17:55 . 2008-12-24 17:55 236 --a------ C:\sqmdata01.sqm
2008-12-24 17:55 . 2008-12-24 17:55 120 --a------ C:\sqmnoopt01.sqm
2008-12-24 12:08 . 2008-12-24 12:08 272 --a------ C:\sqmdata00.sqm
2008-12-24 12:08 . 2008-12-24 12:08 200 --a------ C:\sqmnoopt00.sqm
2008-12-21 19:41 . 2008-12-21 19:41 1,102 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-12-21 19:40 . 2008-12-21 19:40 <DIR> d-------- c:\documents and settings\franco\Application Data\Leadertech
2008-12-21 19:25 . 2008-12-21 19:25 <DIR> d-------- c:\programmi\EA Sports
2008-12-21 19:23 . 2008-12-21 19:23 <DIR> d-------- c:\documents and settings\franco\Application Data\DAEMON Tools Pro
2008-12-21 19:23 . 2008-12-21 19:23 <DIR> d-------- c:\documents and settings\franco\Application Data\DAEMON Tools
2008-12-21 19:22 . 2008-12-24 09:59 <DIR> d-------- c:\programmi\DAEMON Tools Toolbar
2008-12-21 19:22 . 2008-12-22 11:16 <DIR> d-------- c:\programmi\DAEMON Tools Lite
2008-12-21 19:22 . 2008-12-21 19:24 <DIR> d-------- c:\documents and settings\franco\Application Data\DAEMON Tools Lite
2008-12-21 19:22 . 2008-12-21 19:22 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2008-12-21 18:33 . 2008-12-21 18:33 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-20 22:24 . 2009-01-13 20:38 2,026 --a------ C:\hpqp.ini
2008-12-20 22:24 . 2009-01-13 20:38 40 --a------ C:\XP_TV.ini
2008-12-20 21:23 . 2008-12-20 21:23 <DIR> d-------- c:\programmi\sophos anti rootkit
2008-12-20 18:12 . 2008-12-20 18:12 <DIR> d--hs---- c:\documents and settings\LocalService\Temporary Internet Files
2008-12-20 18:12 . 2008-12-20 18:12 <DIR> d--hs---- c:\documents and settings\LocalService\Cronologia
2008-12-20 10:31 . 2008-04-13 19:45 26,368 --a------ c:\windows\system32\dllcache\usbstor.sys
2008-12-18 19:35 . 2008-12-18 19:35 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\IM
2008-12-18 19:34 . 2008-12-18 19:34 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\IncrediMail
2008-12-16 18:45 . 2008-12-16 18:45 <DIR> dr-h----- C:\MSOCache
2008-12-16 18:45 . 2008-12-19 22:24 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-12-14 21:07 . 2008-12-14 21:07 <DIR> d-------- c:\programmi\Lavasoft
2008-12-14 16:09 . 2009-01-13 19:36 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-14 16:09 . 2008-12-14 16:09 <DIR> d-------- c:\documents and settings\franco\Application Data\Malwarebytes
2008-12-14 16:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 16:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 09:17 . 2008-12-14 09:20 <DIR> d-------- c:\programmi\Unlocker
2008-12-13 13:30 . 2008-12-13 13:30 <DIR> d-------- c:\documents and settings\franco\Application Data\Nero
2008-12-13 12:41 . 2008-12-13 12:46 754 --a------ c:\windows\WORDPAD.INI
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Re: log hijackthis - pagine internet che si aprono da sole
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 20:10 --------- d-----w c:\programmi\Hp
2009-01-13 20:10 --------- d-----w c:\programmi\Hewlett-Packard
2009-01-13 18:57 --------- d-----w c:\programmi\eMule
2009-01-12 04:55 --------- d-----w c:\documents and settings\franco\Application Data\uTorrent
2009-01-11 18:39 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-11 09:22 --------- d-----w c:\programmi\NOS
2009-01-11 09:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NOS
2009-01-10 12:12 --------- d-----w c:\documents and settings\franco\Application Data\AdobeUM
2009-01-06 15:12 --------- d-----w c:\documents and settings\franco\Application Data\HP
2009-01-05 11:39 --------- d-----w c:\documents and settings\franco\Application Data\dvdcss
2009-01-04 20:17 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\UDL
2009-01-04 20:14 --------- d-----w c:\programmi\ABBYY FineReader 6.0 Sprint
2009-01-04 20:12 --------- d-----w c:\programmi\epson
2008-12-23 16:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Bluetooth
2008-12-21 09:29 --------- d-----w c:\programmi\Google
2008-12-16 17:47 --------- d-----w c:\programmi\Microsoft Works
2008-12-14 08:41 --------- d-----w c:\programmi\File comuni\Nero
2008-12-13 21:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2008-12-13 06:36 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 21:23 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-12 21:23 --------- d-----w c:\programmi\Avira GmbH
2008-12-12 21:19 --------- d-----w c:\programmi\Avira
2008-12-12 21:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2008-12-12 20:54 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-12 16:53 --------- d-----w c:\programmi\uTorrent
2008-12-12 00:02 --------- d-----w c:\programmi\Servizi in linea
2008-12-12 00:01 --------- d-----w c:\programmi\NetWaiting
2008-12-11 23:59 --------- d-----w c:\programmi\File comuni\SureThing Shared
2008-12-11 23:59 --------- d-----w c:\programmi\File comuni\Sonic Shared
2008-12-11 23:58 --------- d-----w c:\programmi\File comuni\LightScribe
2008-12-11 23:58 --------- d-----w c:\programmi\CONEXANT
2008-12-11 23:55 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sonic
2008-12-11 18:28 --------- d-----w c:\programmi\Windows Live
2008-12-11 18:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-12-11 17:38 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-12-11 17:38 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-12-11 17:37 --------- d-----w c:\documents and settings\franco\Application Data\vlc
2008-12-11 17:27 --------- d-----w c:\documents and settings\franco\Application Data\Vso
2008-12-11 15:27 1,749 --sha-r c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv5000 (RG956EA#ABZ)_YN_0Pavi_QCND6321M18_E413900062_46_I30A7_SHP_V56.47_BF.22_T061211_WXH2_L410_M2047_J120_7Intel_8T2050_91.6_#081211_N80861092_(RG956EA#ABZ)_XMOBILE_CN10_Z_2F.22_G10DE01D8.MRK
2008-12-11 15:22 --------- d-----w c:\programmi\HPQ
2008-12-09 16:27 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2008-12-08 16:51 --------- d-----w c:\programmi\Messenger Plus! Live
2008-12-06 19:58 --------- d-----w c:\programmi\Mindscape
2008-12-05 12:53 --------- d-----w c:\programmi\Memory Loops
2008-12-05 12:53 --------- d-----w c:\programmi\File comuni\Audio
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-30 14:04 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avg8
2008-11-29 17:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\McAfee
2008-11-29 13:25 --------- d-----w c:\programmi\File comuni\AVSMedia
2008-11-29 12:12 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-20 14:22 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-20 14:21 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-20 07:22 --------- d-----w c:\programmi\File comuni\xing shared
2008-11-20 07:22 --------- d-----w c:\programmi\File comuni\Real
2008-11-15 07:36 19,561 ----a-w c:\windows\amuzidyfi.scr
2008-11-15 07:36 19,181 ----a-w c:\windows\okot.bin
2008-11-15 07:36 12,482 ----a-w c:\documents and settings\All Users\Dati applicazioni\ladano.bat
2008-11-15 07:36 12,347 ----a-w c:\documents and settings\All Users\Dati applicazioni\zyjolimuv.com
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:36 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-14 68856]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"EPSON Stylus DX8400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-15 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-15 86016]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-11-20 185872]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"fssui"="c:\programmi\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PrinterSecurityLayer"="c:\windows\system32\LSHPRN.EXE" [2009-01-11 15377]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nwiz"="nwiz.exe" [2006-04-15 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 c:\windows\system32\CHDAudPropShortcut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
BlueSoleil.lnk - c:\programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-09-30 691720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
"Debugger"=0
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"=0
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Documents and Settings\\franco\\Desktop\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\uusee\\UUSeePlayer.exe"=
"c:\\Programmi\\PPLive\\PPLive.exe"=
"c:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-14 38496]
R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-09 55136]
R4 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R4 Start BT in service;Start BT in service;c:\programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-09-30 51816]
S1 a792f4dc;a792f4dc;c:\windows\system32\drivers\a792f4dc.sys --> c:\windows\system32\drivers\a792f4dc.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBAMSWISSARMY
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\programmi\Uniblue\RegistryBooster\RegistryBooster.exe
.
.
2009-01-13 20:10 --------- d-----w c:\programmi\Hp
2009-01-13 20:10 --------- d-----w c:\programmi\Hewlett-Packard
2009-01-13 18:57 --------- d-----w c:\programmi\eMule
2009-01-12 04:55 --------- d-----w c:\documents and settings\franco\Application Data\uTorrent
2009-01-11 18:39 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-11 09:22 --------- d-----w c:\programmi\NOS
2009-01-11 09:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NOS
2009-01-10 12:12 --------- d-----w c:\documents and settings\franco\Application Data\AdobeUM
2009-01-06 15:12 --------- d-----w c:\documents and settings\franco\Application Data\HP
2009-01-05 11:39 --------- d-----w c:\documents and settings\franco\Application Data\dvdcss
2009-01-04 20:17 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\UDL
2009-01-04 20:14 --------- d-----w c:\programmi\ABBYY FineReader 6.0 Sprint
2009-01-04 20:12 --------- d-----w c:\programmi\epson
2008-12-23 16:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Bluetooth
2008-12-21 09:29 --------- d-----w c:\programmi\Google
2008-12-16 17:47 --------- d-----w c:\programmi\Microsoft Works
2008-12-14 08:41 --------- d-----w c:\programmi\File comuni\Nero
2008-12-13 21:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2008-12-13 06:36 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 21:23 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-12 21:23 --------- d-----w c:\programmi\Avira GmbH
2008-12-12 21:19 --------- d-----w c:\programmi\Avira
2008-12-12 21:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2008-12-12 20:54 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-12 16:53 --------- d-----w c:\programmi\uTorrent
2008-12-12 00:02 --------- d-----w c:\programmi\Servizi in linea
2008-12-12 00:01 --------- d-----w c:\programmi\NetWaiting
2008-12-11 23:59 --------- d-----w c:\programmi\File comuni\SureThing Shared
2008-12-11 23:59 --------- d-----w c:\programmi\File comuni\Sonic Shared
2008-12-11 23:58 --------- d-----w c:\programmi\File comuni\LightScribe
2008-12-11 23:58 --------- d-----w c:\programmi\CONEXANT
2008-12-11 23:55 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sonic
2008-12-11 18:28 --------- d-----w c:\programmi\Windows Live
2008-12-11 18:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-12-11 17:38 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-12-11 17:38 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-12-11 17:37 --------- d-----w c:\documents and settings\franco\Application Data\vlc
2008-12-11 17:27 --------- d-----w c:\documents and settings\franco\Application Data\Vso
2008-12-11 15:27 1,749 --sha-r c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv5000 (RG956EA#ABZ)_YN_0Pavi_QCND6321M18_E413900062_46_I30A7_SHP_V56.47_BF.22_T061211_WXH2_L410_M2047_J120_7Intel_8T2050_91.6_#081211_N80861092_(RG956EA#ABZ)_XMOBILE_CN10_Z_2F.22_G10DE01D8.MRK
2008-12-11 15:22 --------- d-----w c:\programmi\HPQ
2008-12-09 16:27 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2008-12-08 16:51 --------- d-----w c:\programmi\Messenger Plus! Live
2008-12-06 19:58 --------- d-----w c:\programmi\Mindscape
2008-12-05 12:53 --------- d-----w c:\programmi\Memory Loops
2008-12-05 12:53 --------- d-----w c:\programmi\File comuni\Audio
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-30 14:04 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avg8
2008-11-29 17:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\McAfee
2008-11-29 13:25 --------- d-----w c:\programmi\File comuni\AVSMedia
2008-11-29 12:12 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-20 14:22 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-20 14:21 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-20 07:22 --------- d-----w c:\programmi\File comuni\xing shared
2008-11-20 07:22 --------- d-----w c:\programmi\File comuni\Real
2008-11-15 07:36 19,561 ----a-w c:\windows\amuzidyfi.scr
2008-11-15 07:36 19,181 ----a-w c:\windows\okot.bin
2008-11-15 07:36 12,482 ----a-w c:\documents and settings\All Users\Dati applicazioni\ladano.bat
2008-11-15 07:36 12,347 ----a-w c:\documents and settings\All Users\Dati applicazioni\zyjolimuv.com
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:36 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-14 68856]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"EPSON Stylus DX8400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-15 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-15 86016]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-11-20 185872]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"fssui"="c:\programmi\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PrinterSecurityLayer"="c:\windows\system32\LSHPRN.EXE" [2009-01-11 15377]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nwiz"="nwiz.exe" [2006-04-15 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 c:\windows\system32\CHDAudPropShortcut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
BlueSoleil.lnk - c:\programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-09-30 691720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
"Debugger"=0
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"=0
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Documents and Settings\\franco\\Desktop\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\uusee\\UUSeePlayer.exe"=
"c:\\Programmi\\PPLive\\PPLive.exe"=
"c:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-14 38496]
R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-09 55136]
R4 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R4 Start BT in service;Start BT in service;c:\programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-09-30 51816]
S1 a792f4dc;a792f4dc;c:\windows\system32\drivers\a792f4dc.sys --> c:\windows\system32\drivers\a792f4dc.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBAMSWISSARMY
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\programmi\Uniblue\RegistryBooster\RegistryBooster.exe
.
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Re: log hijackthis - pagine internet che si aprono da sole
------- Supplementare di scansione -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://virgilio.alice.it/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {658DA6AA-B506-4C7F-A120-98EA674CEA7A} = 192.168.0.1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 21:48:00
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe?????????? ???@???????????????@??????]??????(?@???????@
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1838406240-2437167716-3095067128-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Collegamenti]
@DACL=(02 0000)
@SACL=
"Order"=hex:08,00,00,00,02,00,00,00,8e,02,00,00,01,00,00,00,06,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,32,00,71,00,00,00,51,36,21,56,20,00,48,4f,54,4d,41,\
[HKEY_LOCAL_MACHINE\software\Classes\.dat\ShellEx]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\.DIVX\ShellEx]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\.m1v\ShellEx]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\.M2V\ShellEx]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\.mpe\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\Previous]
@DACL=(02 0000)
@SACL=
@="{c5a40261-cd64-4ccf-84cb-c394da41d590}"
[HKEY_LOCAL_MACHINE\software\Classes\.mpeg\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\Previous]
@DACL=(02 0000)
@SACL=
@="{c5a40261-cd64-4ccf-84cb-c394da41d590}"
[HKEY_LOCAL_MACHINE\software\Classes\.mpg\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\Previous]
@DACL=(02 0000)
@SACL=
@="{c5a40261-cd64-4ccf-84cb-c394da41d590}"
[HKEY_LOCAL_MACHINE\software\Classes\.VOB\ShellEx]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\ProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.ProgressBar.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\Programmable]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{2EF6BE52-B729-4C3A-9588-7807DECDF3DF}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.ProgressBar"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\ProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.Destroy.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\Programmable]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{2EF6BE52-B729-4C3A-9588-7807DECDF3DF}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.Destroy"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\ProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.MultipleIconToaster.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\Programmable]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{2EF6BE52-B729-4C3A-9588-7807DECDF3DF}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.MultipleIconToaster"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D754B6-C211-4920-92EA-FD714A13246B}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D754B6-C211-4920-92EA-FD714A13246B}\ProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.Toaster.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D754B6-C211-4920-92EA-FD714A13246B}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{2EF6BE52-B729-4C3A-9588-7807DECDF3DF}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D754B6-C211-4920-92EA-FD714A13246B}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.Toaster"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C523F390-9C83-11D3-9094-00104BD0D535}\2.0]
@DACL=(02 0000)
@SACL=
@="Acrobat Access 2.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
@DACL=(02 0000)
@SACL=
"ProgID"="MsScp.SCPTRANS.1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
@DACL=(02 0000)
@SACL=
"ProgID"="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
@DACL=(02 0000)
@SACL=
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"
[HKEY_LOCAL_MACHINE\software\SoftThinks\HP Taipei PC Recovery - Release 1.85.4 (6.0E1.62)]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Symantec\CCPD-LC]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Symantec\Shared Technology]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Symantec\SharedUsage]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\UIU\INSTALL_HISTORY]
@DACL=(02 0000)
@SACL=
.
Ora fine scansione: 2009-01-13 21.50.05
ComboFix-quarantined-files.txt 2009-01-13 20:50:03
Pre-Run: 32.812.089.344 byte disponibili
Post-Run: 32,973,561,856 byte disponibili
504 --- E O F --- 2009-01-13 18:28:08
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://virgilio.alice.it/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {658DA6AA-B506-4C7F-A120-98EA674CEA7A} = 192.168.0.1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 21:48:00
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe?????????? ???@???????????????@??????]??????(?@???????@
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1838406240-2437167716-3095067128-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Collegamenti]
@DACL=(02 0000)
@SACL=
"Order"=hex:08,00,00,00,02,00,00,00,8e,02,00,00,01,00,00,00,06,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,32,00,71,00,00,00,51,36,21,56,20,00,48,4f,54,4d,41,\
[HKEY_LOCAL_MACHINE\software\Classes\.dat\ShellEx]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\.DIVX\ShellEx]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\.m1v\ShellEx]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\.M2V\ShellEx]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\.mpe\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\Previous]
@DACL=(02 0000)
@SACL=
@="{c5a40261-cd64-4ccf-84cb-c394da41d590}"
[HKEY_LOCAL_MACHINE\software\Classes\.mpeg\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\Previous]
@DACL=(02 0000)
@SACL=
@="{c5a40261-cd64-4ccf-84cb-c394da41d590}"
[HKEY_LOCAL_MACHINE\software\Classes\.mpg\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\Previous]
@DACL=(02 0000)
@SACL=
@="{c5a40261-cd64-4ccf-84cb-c394da41d590}"
[HKEY_LOCAL_MACHINE\software\Classes\.VOB\ShellEx]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\ProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.ProgressBar.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\Programmable]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{2EF6BE52-B729-4C3A-9588-7807DECDF3DF}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.ProgressBar"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\ProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.Destroy.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\Programmable]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{2EF6BE52-B729-4C3A-9588-7807DECDF3DF}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.Destroy"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\ProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.MultipleIconToaster.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\Programmable]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{2EF6BE52-B729-4C3A-9588-7807DECDF3DF}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.MultipleIconToaster"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D754B6-C211-4920-92EA-FD714A13246B}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D754B6-C211-4920-92EA-FD714A13246B}\ProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.Toaster.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D754B6-C211-4920-92EA-FD714A13246B}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{2EF6BE52-B729-4C3A-9588-7807DECDF3DF}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D754B6-C211-4920-92EA-FD714A13246B}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.Toaster"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C523F390-9C83-11D3-9094-00104BD0D535}\2.0]
@DACL=(02 0000)
@SACL=
@="Acrobat Access 2.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
@DACL=(02 0000)
@SACL=
"ProgID"="MsScp.SCPTRANS.1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
@DACL=(02 0000)
@SACL=
"ProgID"="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
@DACL=(02 0000)
@SACL=
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"
[HKEY_LOCAL_MACHINE\software\SoftThinks\HP Taipei PC Recovery - Release 1.85.4 (6.0E1.62)]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Symantec\CCPD-LC]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Symantec\Shared Technology]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Symantec\SharedUsage]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\UIU\INSTALL_HISTORY]
@DACL=(02 0000)
@SACL=
.
Ora fine scansione: 2009-01-13 21.50.05
ComboFix-quarantined-files.txt 2009-01-13 20:50:03
Pre-Run: 32.812.089.344 byte disponibili
Post-Run: 32,973,561,856 byte disponibili
504 --- E O F --- 2009-01-13 18:28:08
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Re: log hijackthis - pagine internet che si aprono da sole
ok l' ho diviso in 3 !!
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Re: log hijackthis - pagine internet che si aprono da sole
ok, fai cosi;
apri una pagina del blocco note di windows e copiaci quanto segue:
Salva la pagina chiamandola obligatoriamente CFScript.txt
Ora trascina e lascia il file CFSript.txt sull'icona di combofix
lascialo lavorare
apri una pagina del blocco note di windows e copiaci quanto segue:
registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
file::
c:\windows\amuzidyfi.scr
c:\windows\okot.bin
c:\documents and settings\All Users\Dati applicazioni\ladano.bat
c:\documents and settings\All Users\Dati applicazioni\zyjolimuv.com
c:\windows\system32\drivers\a792f4dc.sys
c:\windows\p3.htm
c:\windows\p2.htm
c:\windows\p1.htm
Salva la pagina chiamandola obligatoriamente CFScript.txt
Ora trascina e lascia il file CFSript.txt sull'icona di combofix
lascialo lavorare
Re: log hijackthis - pagine internet che si aprono da sole
ok .... grazie a stasera
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Re: log hijackthis - pagine internet che si aprono da sole
mboFix 09-01-13.04 - franco 2009-01-14 21.22.33.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.2046.1580 [GMT 1:00]
Eseguito da: c:\documents and settings\franco\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\franco\Documenti\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
FILE ::
c:\documents and settings\All Users\Dati applicazioni\ladano.bat
c:\documents and settings\All Users\Dati applicazioni\zyjolimuv.com
c:\windows\amuzidyfi.scr
c:\windows\okot.bin
c:\windows\p1.htm
c:\windows\p2.htm
c:\windows\p3.htm
c:\windows\system32\drivers\a792f4dc.sys
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\p1.htm
c:\windows\p2.htm
c:\windows\p3.htm
.
((((((((((((((((((((((((( Files Creati Da 2008-12-14 al 2009-01-14 )))))))))))))))))))))))))))))))))))
.
2009-01-13 21:58 . 2009-01-13 21:58 7,229 --a------ C:\ComboFix.rar
2009-01-13 19:28 . 2009-01-13 19:28 1,374 --a------ c:\windows\imsins.BAK
2009-01-12 18:47 . 2009-01-12 18:47 <DIR> d-------- c:\documents and settings\franco\Application Data\Uniblue
2009-01-12 18:08 . 2009-01-12 19:41 <DIR> d-------- c:\programmi\Advanced System Optimizer
2009-01-12 18:08 . 2009-01-12 18:08 <DIR> d-------- c:\documents and settings\franco\Application Data\Systweak
2009-01-11 21:12 . 2009-01-12 19:41 <DIR> d-------- c:\programmi\Navilog1
2009-01-11 15:53 . 2009-01-11 15:52 15,377 --a------ c:\windows\system32\LSHPRN.EXE
2009-01-11 14:26 . 2009-01-11 18:02 <DIR> d-------- c:\programmi\Conduit
2009-01-11 12:00 . 2009-01-03 14:37 361,344 --a------ c:\windows\system32\drivers\tcpip.copy
2009-01-11 08:26 . 2009-01-11 18:02 <DIR> d-------- c:\programmi\Maryland_Radio
2009-01-10 21:28 . 2009-01-10 21:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-01-09 21:19 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-09 21:18 . 2009-01-09 21:18 <DIR> d-------- c:\programmi\Windows Live SkyDrive
2009-01-09 21:04 . 2009-01-09 21:04 200 --a------ C:\sqmnoopt17.sqm
2009-01-09 21:04 . 2009-01-09 21:04 200 --a------ C:\sqmdata17.sqm
2009-01-09 13:42 . 2009-01-09 13:41 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-09 13:42 . 2009-01-09 13:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-07 18:08 . 2009-01-07 18:08 200 --a------ C:\sqmnoopt16.sqm
2009-01-07 18:08 . 2009-01-07 18:08 200 --a------ C:\sqmdata16.sqm
2009-01-04 21:43 . 2009-01-04 21:43 200 --a------ C:\sqmnoopt15.sqm
2009-01-04 21:43 . 2009-01-04 21:43 200 --a------ C:\sqmdata15.sqm
2009-01-04 21:11 . 2009-01-04 21:11 <DIR> d-------- c:\documents and settings\franco\Application Data\InstallShield
2009-01-04 21:10 . 2006-12-08 03:04 76,800 --a------ c:\windows\system32\E_FLBCEE.DLL
2009-01-04 21:10 . 2006-04-19 03:00 62,976 --a------ c:\windows\system32\E_FD4BCEE.DLL
2009-01-04 21:10 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-01-04 21:10 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-04 21:10 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2009-01-04 21:06 . 2007-04-18 00:00 67,072 --a------ c:\windows\system32\escwiad.dll
2009-01-04 14:36 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-04 14:35 . 2009-01-04 14:36 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\programmi\Reference Assemblies
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\programmi\MSBuild
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\programmi\CDBurnerXP
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\documents and settings\franco\Application Data\Canneverbe_Limited
2009-01-04 14:34 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-04 14:34 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-04 14:34 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-04 14:34 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-04 14:34 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-04 14:34 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-04 14:34 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-04 14:33 . 2009-01-04 14:34 <DIR> d-------- C:\cb01765a2cb73532609a388b
2009-01-03 21:56 . 2009-01-03 21:56 200 --a------ C:\sqmnoopt14.sqm
2009-01-03 21:56 . 2009-01-03 21:56 200 --a------ C:\sqmdata14.sqm
2009-01-03 14:36 . 2008-06-20 12:51 361,600 --a------ c:\windows\system32\dllcache\tcpip.sys
2009-01-03 14:36 . 2009-01-03 14:36 361,344 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2008-12-31 09:34 . 2008-12-31 09:34 200 --a------ C:\sqmnoopt13.sqm
2008-12-31 09:34 . 2008-12-31 09:34 200 --a------ C:\sqmdata13.sqm
2008-12-31 09:01 . 2008-12-31 09:01 200 --a------ C:\sqmnoopt12.sqm
2008-12-31 09:01 . 2008-12-31 09:01 200 --a------ C:\sqmdata12.sqm
2008-12-30 18:01 . 2008-12-30 18:01 236 --a------ C:\sqmdata11.sqm
2008-12-30 18:01 . 2008-12-30 18:01 200 --a------ C:\sqmnoopt11.sqm
2008-12-30 17:57 . 2008-12-30 17:57 236 --a------ C:\sqmdata10.sqm
2008-12-30 17:57 . 2008-12-30 17:57 200 --a------ C:\sqmnoopt10.sqm
2008-12-30 17:08 . 2007-08-03 12:48 3,974,440 --a------ c:\windows\system\AdvrCntr3.dll
2008-12-30 15:16 . 2008-12-30 15:16 236 --a------ C:\sqmdata09.sqm
2008-12-30 15:16 . 2008-12-30 15:16 120 --a------ C:\sqmnoopt09.sqm
2008-12-30 14:47 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-30 14:47 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-12-30 14:44 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-30 14:44 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys
2008-12-29 13:41 . 2008-12-29 13:41 200 --a------ C:\sqmnoopt08.sqm
2008-12-29 13:41 . 2008-12-29 13:41 200 --a------ C:\sqmdata08.sqm
2008-12-27 23:44 . 2008-12-27 23:44 2,688 --a------ c:\windows\system32\settings.aaw
2008-12-27 23:44 . 2008-12-27 23:44 1,008 --a------ c:\windows\system32\history.aaw
2008-12-27 23:44 . 2008-12-27 23:44 248 --a------ C:\sqmdata07.sqm
2008-12-27 23:44 . 2008-12-27 23:44 120 --a------ C:\sqmnoopt07.sqm
2008-12-27 11:14 . 2008-12-27 11:14 236 --a------ C:\sqmdata06.sqm
2008-12-27 11:14 . 2008-12-27 11:14 200 --a------ C:\sqmnoopt06.sqm
2008-12-26 18:24 . 2008-12-26 18:24 236 --a------ C:\sqmdata05.sqm
2008-12-26 18:24 . 2008-12-26 18:24 200 --a------ C:\sqmnoopt05.sqm
2008-12-26 18:15 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-12-26 18:15 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-12-26 18:15 . 2003-11-04 15:11 159,744 --a------ c:\windows\system32\lfpng13n.dll
2008-12-26 18:15 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-26 10:55 . 2008-12-26 10:55 200 --a------ C:\sqmnoopt04.sqm
2008-12-26 10:55 . 2008-12-26 10:55 200 --a------ C:\sqmdata04.sqm
2008-12-26 10:47 . 2008-12-26 10:47 <DIR> d-------- c:\programmi\DivX
2008-12-26 09:54 . 2008-12-26 10:52 <DIR> d-------- c:\programmi\PPLive
2008-12-26 09:54 . 2008-12-26 09:54 <DIR> d-------- c:\documents and settings\franco\Application Data\PPLive
2008-12-26 09:36 . 2009-01-10 21:16 <DIR> d-------- c:\programmi\uusee
2008-12-26 09:36 . 2008-12-26 09:36 <DIR> d-------- c:\programmi\SopCast
2008-12-26 00:12 . 2008-12-26 00:12 236 --a------ C:\sqmdata03.sqm
2008-12-26 00:12 . 2008-12-26 00:12 120 --a------ C:\sqmnoopt03.sqm
2008-12-25 17:51 . 2008-12-25 18:08 <DIR> d-------- c:\documents and settings\franco\Application Data\U3
2008-12-24 20:15 . 2008-12-24 20:15 200 --a------ C:\sqmnoopt02.sqm
2008-12-24 20:15 . 2008-12-24 20:15 200 --a------ C:\sqmdata02.sqm
2008-12-24 17:55 . 2008-12-24 17:55 236 --a------ C:\sqmdata01.sqm
2008-12-24 17:55 . 2008-12-24 17:55 120 --a------ C:\sqmnoopt01.sqm
2008-12-24 12:08 . 2008-12-24 12:08 272 --a------ C:\sqmdata00.sqm
2008-12-24 12:08 . 2008-12-24 12:08 200 --a------ C:\sqmnoopt00.sqm
2008-12-21 19:41 . 2008-12-21 19:41 1,102 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-12-21 19:40 . 2008-12-21 19:40 <DIR> d-------- c:\documents and settings\franco\Application Data\Leadertech
2008-12-21 19:25 . 2008-12-21 19:25 <DIR> d-------- c:\programmi\EA Sports
2008-12-21 19:23 . 2008-12-21 19:23 <DIR> d-------- c:\documents and settings\franco\Application Data\DAEMON Tools Pro
2008-12-21 19:23 . 2008-12-21 19:23 <DIR> d-------- c:\documents and settings\franco\Application Data\DAEMON Tools
2008-12-21 19:22 . 2008-12-24 09:59 <DIR> d-------- c:\programmi\DAEMON Tools Toolbar
2008-12-21 19:22 . 2008-12-22 11:16 <DIR> d-------- c:\programmi\DAEMON Tools Lite
2008-12-21 19:22 . 2008-12-21 19:24 <DIR> d-------- c:\documents and settings\franco\Application Data\DAEMON Tools Lite
2008-12-21 19:22 . 2008-12-21 19:22 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2008-12-21 18:33 . 2008-12-21 18:33 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-20 22:24 . 2009-01-14 21:15 2,026 --a------ C:\hpqp.ini
2008-12-20 22:24 . 2009-01-14 19:03 40 --a------ C:\XP_TV.ini
2008-12-20 21:23 . 2008-12-20 21:23 <DIR> d-------- c:\programmi\sophos anti rootkit
2008-12-20 18:12 . 2008-12-20 18:12 <DIR> d--hs---- c:\documents and settings\LocalService\Temporary Internet Files
2008-12-20 18:12 . 2008-12-20 18:12 <DIR> d--hs---- c:\documents and settings\LocalService\Cronologia
2008-12-20 10:31 . 2008-04-13 19:45 26,368 --a------ c:\windows\system32\dllcache\usbstor.sys
2008-12-18 19:35 . 2008-12-18 19:35 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\IM
2008-12-18 19:34 . 2008-12-18 19:34 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\IncrediMail
2008-12-16 18:45 . 2008-12-16 18:45 <DIR> dr-h----- C:\MSOCache
2008-12-16 18:45 . 2008-12-19 22:24 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-12-14 21:07 . 2008-12-14 21:07 <DIR> d-------- c:\programmi\Lavasoft
2008-12-14 16:09 . 2009-01-13 19:36 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-14 16:09 . 2008-12-14 16:09 <DIR> d-------- c:\documents and settings\franco\Application Data\Malwarebytes
2008-12-14 16:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 16:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 09:17 . 2008-12-14 09:20 <DIR> d-------- c:\programmi\Unlocker
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.2046.1580 [GMT 1:00]
Eseguito da: c:\documents and settings\franco\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\franco\Documenti\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
FILE ::
c:\documents and settings\All Users\Dati applicazioni\ladano.bat
c:\documents and settings\All Users\Dati applicazioni\zyjolimuv.com
c:\windows\amuzidyfi.scr
c:\windows\okot.bin
c:\windows\p1.htm
c:\windows\p2.htm
c:\windows\p3.htm
c:\windows\system32\drivers\a792f4dc.sys
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\p1.htm
c:\windows\p2.htm
c:\windows\p3.htm
.
((((((((((((((((((((((((( Files Creati Da 2008-12-14 al 2009-01-14 )))))))))))))))))))))))))))))))))))
.
2009-01-13 21:58 . 2009-01-13 21:58 7,229 --a------ C:\ComboFix.rar
2009-01-13 19:28 . 2009-01-13 19:28 1,374 --a------ c:\windows\imsins.BAK
2009-01-12 18:47 . 2009-01-12 18:47 <DIR> d-------- c:\documents and settings\franco\Application Data\Uniblue
2009-01-12 18:08 . 2009-01-12 19:41 <DIR> d-------- c:\programmi\Advanced System Optimizer
2009-01-12 18:08 . 2009-01-12 18:08 <DIR> d-------- c:\documents and settings\franco\Application Data\Systweak
2009-01-11 21:12 . 2009-01-12 19:41 <DIR> d-------- c:\programmi\Navilog1
2009-01-11 15:53 . 2009-01-11 15:52 15,377 --a------ c:\windows\system32\LSHPRN.EXE
2009-01-11 14:26 . 2009-01-11 18:02 <DIR> d-------- c:\programmi\Conduit
2009-01-11 12:00 . 2009-01-03 14:37 361,344 --a------ c:\windows\system32\drivers\tcpip.copy
2009-01-11 08:26 . 2009-01-11 18:02 <DIR> d-------- c:\programmi\Maryland_Radio
2009-01-10 21:28 . 2009-01-10 21:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-01-09 21:19 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-09 21:18 . 2009-01-09 21:18 <DIR> d-------- c:\programmi\Windows Live SkyDrive
2009-01-09 21:04 . 2009-01-09 21:04 200 --a------ C:\sqmnoopt17.sqm
2009-01-09 21:04 . 2009-01-09 21:04 200 --a------ C:\sqmdata17.sqm
2009-01-09 13:42 . 2009-01-09 13:41 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-09 13:42 . 2009-01-09 13:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-07 18:08 . 2009-01-07 18:08 200 --a------ C:\sqmnoopt16.sqm
2009-01-07 18:08 . 2009-01-07 18:08 200 --a------ C:\sqmdata16.sqm
2009-01-04 21:43 . 2009-01-04 21:43 200 --a------ C:\sqmnoopt15.sqm
2009-01-04 21:43 . 2009-01-04 21:43 200 --a------ C:\sqmdata15.sqm
2009-01-04 21:11 . 2009-01-04 21:11 <DIR> d-------- c:\documents and settings\franco\Application Data\InstallShield
2009-01-04 21:10 . 2006-12-08 03:04 76,800 --a------ c:\windows\system32\E_FLBCEE.DLL
2009-01-04 21:10 . 2006-04-19 03:00 62,976 --a------ c:\windows\system32\E_FD4BCEE.DLL
2009-01-04 21:10 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-01-04 21:10 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-04 21:10 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2009-01-04 21:06 . 2007-04-18 00:00 67,072 --a------ c:\windows\system32\escwiad.dll
2009-01-04 14:36 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-04 14:35 . 2009-01-04 14:36 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\programmi\Reference Assemblies
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\programmi\MSBuild
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\programmi\CDBurnerXP
2009-01-04 14:34 . 2009-01-04 14:34 <DIR> d-------- c:\documents and settings\franco\Application Data\Canneverbe_Limited
2009-01-04 14:34 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-04 14:34 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-04 14:34 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-04 14:34 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-04 14:34 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-04 14:34 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-04 14:34 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-04 14:33 . 2009-01-04 14:34 <DIR> d-------- C:\cb01765a2cb73532609a388b
2009-01-03 21:56 . 2009-01-03 21:56 200 --a------ C:\sqmnoopt14.sqm
2009-01-03 21:56 . 2009-01-03 21:56 200 --a------ C:\sqmdata14.sqm
2009-01-03 14:36 . 2008-06-20 12:51 361,600 --a------ c:\windows\system32\dllcache\tcpip.sys
2009-01-03 14:36 . 2009-01-03 14:36 361,344 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2008-12-31 09:34 . 2008-12-31 09:34 200 --a------ C:\sqmnoopt13.sqm
2008-12-31 09:34 . 2008-12-31 09:34 200 --a------ C:\sqmdata13.sqm
2008-12-31 09:01 . 2008-12-31 09:01 200 --a------ C:\sqmnoopt12.sqm
2008-12-31 09:01 . 2008-12-31 09:01 200 --a------ C:\sqmdata12.sqm
2008-12-30 18:01 . 2008-12-30 18:01 236 --a------ C:\sqmdata11.sqm
2008-12-30 18:01 . 2008-12-30 18:01 200 --a------ C:\sqmnoopt11.sqm
2008-12-30 17:57 . 2008-12-30 17:57 236 --a------ C:\sqmdata10.sqm
2008-12-30 17:57 . 2008-12-30 17:57 200 --a------ C:\sqmnoopt10.sqm
2008-12-30 17:08 . 2007-08-03 12:48 3,974,440 --a------ c:\windows\system\AdvrCntr3.dll
2008-12-30 15:16 . 2008-12-30 15:16 236 --a------ C:\sqmdata09.sqm
2008-12-30 15:16 . 2008-12-30 15:16 120 --a------ C:\sqmnoopt09.sqm
2008-12-30 14:47 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-30 14:47 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-12-30 14:44 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-30 14:44 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys
2008-12-29 13:41 . 2008-12-29 13:41 200 --a------ C:\sqmnoopt08.sqm
2008-12-29 13:41 . 2008-12-29 13:41 200 --a------ C:\sqmdata08.sqm
2008-12-27 23:44 . 2008-12-27 23:44 2,688 --a------ c:\windows\system32\settings.aaw
2008-12-27 23:44 . 2008-12-27 23:44 1,008 --a------ c:\windows\system32\history.aaw
2008-12-27 23:44 . 2008-12-27 23:44 248 --a------ C:\sqmdata07.sqm
2008-12-27 23:44 . 2008-12-27 23:44 120 --a------ C:\sqmnoopt07.sqm
2008-12-27 11:14 . 2008-12-27 11:14 236 --a------ C:\sqmdata06.sqm
2008-12-27 11:14 . 2008-12-27 11:14 200 --a------ C:\sqmnoopt06.sqm
2008-12-26 18:24 . 2008-12-26 18:24 236 --a------ C:\sqmdata05.sqm
2008-12-26 18:24 . 2008-12-26 18:24 200 --a------ C:\sqmnoopt05.sqm
2008-12-26 18:15 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-12-26 18:15 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-12-26 18:15 . 2003-11-04 15:11 159,744 --a------ c:\windows\system32\lfpng13n.dll
2008-12-26 18:15 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-26 18:15 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-26 10:55 . 2008-12-26 10:55 200 --a------ C:\sqmnoopt04.sqm
2008-12-26 10:55 . 2008-12-26 10:55 200 --a------ C:\sqmdata04.sqm
2008-12-26 10:47 . 2008-12-26 10:47 <DIR> d-------- c:\programmi\DivX
2008-12-26 09:54 . 2008-12-26 10:52 <DIR> d-------- c:\programmi\PPLive
2008-12-26 09:54 . 2008-12-26 09:54 <DIR> d-------- c:\documents and settings\franco\Application Data\PPLive
2008-12-26 09:36 . 2009-01-10 21:16 <DIR> d-------- c:\programmi\uusee
2008-12-26 09:36 . 2008-12-26 09:36 <DIR> d-------- c:\programmi\SopCast
2008-12-26 00:12 . 2008-12-26 00:12 236 --a------ C:\sqmdata03.sqm
2008-12-26 00:12 . 2008-12-26 00:12 120 --a------ C:\sqmnoopt03.sqm
2008-12-25 17:51 . 2008-12-25 18:08 <DIR> d-------- c:\documents and settings\franco\Application Data\U3
2008-12-24 20:15 . 2008-12-24 20:15 200 --a------ C:\sqmnoopt02.sqm
2008-12-24 20:15 . 2008-12-24 20:15 200 --a------ C:\sqmdata02.sqm
2008-12-24 17:55 . 2008-12-24 17:55 236 --a------ C:\sqmdata01.sqm
2008-12-24 17:55 . 2008-12-24 17:55 120 --a------ C:\sqmnoopt01.sqm
2008-12-24 12:08 . 2008-12-24 12:08 272 --a------ C:\sqmdata00.sqm
2008-12-24 12:08 . 2008-12-24 12:08 200 --a------ C:\sqmnoopt00.sqm
2008-12-21 19:41 . 2008-12-21 19:41 1,102 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-12-21 19:40 . 2008-12-21 19:40 <DIR> d-------- c:\documents and settings\franco\Application Data\Leadertech
2008-12-21 19:25 . 2008-12-21 19:25 <DIR> d-------- c:\programmi\EA Sports
2008-12-21 19:23 . 2008-12-21 19:23 <DIR> d-------- c:\documents and settings\franco\Application Data\DAEMON Tools Pro
2008-12-21 19:23 . 2008-12-21 19:23 <DIR> d-------- c:\documents and settings\franco\Application Data\DAEMON Tools
2008-12-21 19:22 . 2008-12-24 09:59 <DIR> d-------- c:\programmi\DAEMON Tools Toolbar
2008-12-21 19:22 . 2008-12-22 11:16 <DIR> d-------- c:\programmi\DAEMON Tools Lite
2008-12-21 19:22 . 2008-12-21 19:24 <DIR> d-------- c:\documents and settings\franco\Application Data\DAEMON Tools Lite
2008-12-21 19:22 . 2008-12-21 19:22 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2008-12-21 18:33 . 2008-12-21 18:33 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-20 22:24 . 2009-01-14 21:15 2,026 --a------ C:\hpqp.ini
2008-12-20 22:24 . 2009-01-14 19:03 40 --a------ C:\XP_TV.ini
2008-12-20 21:23 . 2008-12-20 21:23 <DIR> d-------- c:\programmi\sophos anti rootkit
2008-12-20 18:12 . 2008-12-20 18:12 <DIR> d--hs---- c:\documents and settings\LocalService\Temporary Internet Files
2008-12-20 18:12 . 2008-12-20 18:12 <DIR> d--hs---- c:\documents and settings\LocalService\Cronologia
2008-12-20 10:31 . 2008-04-13 19:45 26,368 --a------ c:\windows\system32\dllcache\usbstor.sys
2008-12-18 19:35 . 2008-12-18 19:35 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\IM
2008-12-18 19:34 . 2008-12-18 19:34 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\IncrediMail
2008-12-16 18:45 . 2008-12-16 18:45 <DIR> dr-h----- C:\MSOCache
2008-12-16 18:45 . 2008-12-19 22:24 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-12-14 21:07 . 2008-12-14 21:07 <DIR> d-------- c:\programmi\Lavasoft
2008-12-14 16:09 . 2009-01-13 19:36 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-14 16:09 . 2008-12-14 16:09 <DIR> d-------- c:\documents and settings\franco\Application Data\Malwarebytes
2008-12-14 16:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 16:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 09:17 . 2008-12-14 09:20 <DIR> d-------- c:\programmi\Unlocker
franz- Numero di messaggi : 22
Data d'iscrizione : 12.01.09
Pagina 1 di 2 • 1, 2
Argomenti simili
» Ancora pagine internet non richieste
» lentezza nel caricamento di pagine di internet explorer
» MOZILLA e EXPLORER non si aprono...sono infetto???
» Ativirus 2009 e invasione di pagine publicitarie
» lentezza nel caricamento di pagine di internet explorer
» MOZILLA e EXPLORER non si aprono...sono infetto???
» Ativirus 2009 e invasione di pagine publicitarie
Pagina 1 di 2
Permessi in questa sezione del forum:
Non puoi rispondere agli argomenti in questo forum.