[caroleella]

iexplore.exe continua a comparire sul mio Task Manager, nonostante il fatto che io non uso IE. E 'fare il mio computer lento, non ci sei pop-up, a volte non ci sono pop-up, solo una voce che diceva: "Congratulazioni, hai vinto ____" (così freaky), o suona come una finestra di errore che figurano o cliccando qualcosa quando sono non fare nulla e nulla viene visualizzato sullo schermo (in realtà, si tratta di fare il mio computer sound infestato! Haha comunque)

Logfile di Trend Micro HijackThis v2.0.2
Scan saved at 9:12:42, il 9/27/2008
Piattaforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ WINDOWS \ system32 \ LEXBCES.EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ LEXPPS.EXE
C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
C: \ Program Files \ Common Files \ AOL \ TopSpeed \ 2,0 \ aoltsmon.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ WINDOWS \ system32 \ dlcxcoms.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ Program Files \ Dell \ QuickSet \ NICCONFIGSVC.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ WINDOWS \ system32 \ rpcnet.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ spysweeper.exe
C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ commagent.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Dell \ QuickSet \ quickset.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 3.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Viewpoint \ Viewpoint Manager \ ViewMgr.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ WINDOWS \ system32 \ SJv56bM4.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ ErrorSmart \ ErrorSmart.exe
C: \ Programmi \ File comuni \ AOL \ 1155864818 \ ee \ aolsoftware.exe
C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AcroRd32.exe
C: \ Program Files \ America Online 9.0 \ shellmon.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.bridgew.edu/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.bridgew.edu/
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
- O2 BHO: Class soluzione - (99C6D1BB-7555-474C-91DA-D8FB62A9CC75) - C: \ WINDOWS \ system32 \ 58VayB0u.dll
O2 - BHO: Viewpoint Toolbar BHO - (A7327C09-B521-4EDB-8509-7D2660C9EC98) - C: \ Program Files \ Viewpoint \ Viewpoint Toolbar \ 3.8.0 \ ViewBarBHO.dll
O3 - Toolbar: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - (F8AD5AA5-D966-4667-9DAF-2561D68B2012) - C: \ Program Files \ Common Files \ Viewpoint \ Toolbar Runtime \ 3.8.0 \ IEViewBar.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [Dell QuickSet] C: \ Program Files \ Dell \ QuickSet \ quickset.exe
O4 - HKLM \ .. \ Run: [NvMediaCenter] Rundll32.exe NvMCTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 3.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [DLCXCATS] rundll32 C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ e.dll DLCXtim, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [ErrorSmart] C: \ Program Files \ ErrorSmart \ ErrorSmart.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [AOL Fast Start] "C: \ Program Files \ America Online 9.0 \ AOL.EXE"-b
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 -. DEFAULT User Startup: Clean Access Agent.lnk = C: \ Program Files \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe (User 'Default user')
O4 - Startup: Clean Access Agent.lnk = C: \ Program Files \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Pannello di controllo presenti
O8 - Extra contesto voce di menu: & AOL Toolbar ricerca - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / search.html
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in RSS reader di default - C: \ Documents and Settings \ Administrator \ Dati applicazioni \ RSSBandit \ iecontext_subscribefeed.htm
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra pulsante: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra pulsante: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra pulsante: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra pulsante: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra pulsante: PokerStars.net - (FA9B9510-9FCB-4ca0-818C-5D0987B47C4D) - C: \ Program Files \ PokerStars.NET \ PokerStarsUpdate.exe
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O15 - Trusted Zone: *. bridgew.edu
Ø16 - DPF: (01A88BB1-1174-41EC-ACCB-963509EAE56B) (SysProWmi Class) -- http://support.dell.com/systemprofiler/SysPro.CAB
Ø16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: (5e2a3510-4371-11D6-b64c-00c04faedb18) (Oracle JInitiator 1.1.8.18) -- http://frmserv.bridgew.edu/jinitiator/jinit.exe
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1121111428606
Ø16 - DPF: (6E32070A-766D-4EE6-879c-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1121873156643
Ø16 - DPF: (BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19) (CPlayFirstddfotgControl Object) -- http://aolsvc.aol.com/onlinegames/fr...g.1.0.0.33.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc. - C: \ Program Files \ Common Files \ AOL \ TopSpeed \ 2,0 \ aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Hotkey Poller - Ignoto proprietario - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: CSIScanner - Prevx - C: \ Program Files \ PrevxCSI \ prevxcsi.exe
O23 - Service: dlcx_device - - C: \ WINDOWS \ system32 \ dlcxcoms.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C: \ WINDOWS \ system32 \ LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C: \ Program Files \ Dell \ QuickSet \ NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C: \ WINDOWS \ system32 \ rpcnet.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ commagent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ spysweeper.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 10609 bytes

[evilfantasy]

Benvenuti a CJ.

Si prega di stampare queste istruzioni che saranno necessari più tardi, quando l'accesso a Internet non è disponibile.

Scaricare SDFix da AndyManchesta e salvarlo sul desktop.

Quando si utilizza questo strumento, è necessario utilizzare il Amministratore del conto o un account con Diritti amministrativi

• Fare doppio clic SDFix.exe e si estrarre i file in% systemdrive%
• (questa è l'unità che contiene la directory di Windows, di solito C: \ SDFix).
• NON usare solo ancora.

Riavviare il computer in Safe Mode utilizzando il F8 metodo. Per effettuare questa operazione, riavviare il computer e il computer dopo aver sentito suonare una volta durante l'avvio (ma prima di Windows viene visualizzata l'icona), premere ripetutamente il tasto F8. Verrà visualizzato un menu con diverse opzioni. Utilizzare i tasti freccia per navigare e selezionare l'opzione per eseguire Windows in "Modalità provvisoria".

Apri la cartella SDFix e fare doppio clic RunThis.bat per avviare lo script.

• Tipo + + digitare Y per avviare il processo di pulizia.
• Essa consente di eliminare ogni Servizi Trojan o Registry Entries trovato poi chiederà di premere un tasto qualsiasi per riavviare il sistema.
• Premere un tasto qualsiasi e si riavvia il PC.
• Quando il PC viene riavviato, il Fixtool sarà nuovamente e completare il processo di rimozione, quindi, Finito, Premere un tasto qualsiasi per terminare lo script e caricare le icone sul desktop.
• Una volta che il desktop icone caricare il SDFix relazione si aprirà sullo schermo e salvare nella cartella SDFix Report.txt.
• Copia e incolla il contenuto del file di risultati Report.txt nella prossima risposta con un nuovo Log HijackThis.

[caroleella]

SDFix: Version 1,229
Eseguire da Administrator il sab 09/27/2008 alle 10:50

Microsoft Windows XP [Versione 5/1/2600]
Running From: C: \ SDFix

Verifica Servizi :


Ripristino dei valori di default di sicurezza
Ripristino di file Hosts predefinito

Riavvio


Verifica File :

N. Trojan Files Found






Rimozione di file temporanei

ADS Check :



Verifica finale :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 23:14:36
5/1/2600 Windows Service Pack 2 NTFS

scansione processi nascosti ...

la scansione del sistema e nascosto servizi alveare ...

voci di registro nascosti scansione ...

scansione di file nascosti ...

scansione completata con successo
processi nascosti: 0
hidden services: 0
i file nascosti: 0


Rimanendo Servizi :




Autorizzato Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servizi es \ sharedaccess \ parameters \ firewallpolicy \ profilo standard \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ sistema m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ \ Program Files \ \ RSSBandit \ \ RSSBandit.exe" = "C: \ \ Program Files \ \ RSSBandit \ \ RSSBandit.exe: *: Enabled: RSS Bandit"
"E: \ \ CtmWeb27155-48482 \ \ ctmweb.exe" = "E: \ \ CtmWeb27155-48482 \ \ ctmweb.exe: *: Enabled: ctmweb.exe"
"C: \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe: *: Enabled : AOL Application Loader "
"C: \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe" = "C: \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe: *: Enabled : AOL "
"C: \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe" = "C: \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe: *: Enabled : AOL "
"C: \ Program Files \ \ America Online 9.0 \ \ waol.exe" = "C: \ Program Files \ \ America Online 9.0 \ \ waol.exe: *: Enabled: AOL"
"C: \ Program Files \ \ Common Files \ \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltsmon.exe" = "C: \ \ Prog ram Files \ \ Common Files \ \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltsmon.exe: *: Enabled: AOLTsMon "
"C: \ Program Files \ \ Common Files \ \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltpspd.exe" = "C: \ \ Prog ram Files \ \ Common Files \ \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltpspd.exe: *: Enabled: AOLTopSpeed "
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ 1155864818 \ \ EE \ \ AOLServiceHost.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ 1155864818 \ \ EE \ \ AOLServiceHost . exe: *: E BILITATA: AOL "
"C: \ Program Files \ \ Common Files \ \ AOL \ \ System \ \ sinf.exe" = "C: \ Program Files \ \ Common Files \ \ AOL \ \ System \ \ sinf.exe: * : Enabled: AOL "
"C: \ Program Files \ \ Common Files \ \ AOL \ \ AOL Spyware Protection \ \ AOLSP Scheduler.exe" = "C: \ Program Files \ \ Common Files \ \ AOL \ \ AOL Spyware Protection \ \ AOLSP Scheduler . exe: *: Enabled: AOL "
"C: \ Program Files \ \ Common Files \ \ AOL \ \ AOL Spyware Protection \ \ asp.exe" = "C: \ Program Files \ \ Common Files \ \ AOL \ \ AOL Spyware Protection \ \ asp.exe : *: Enabled: AOL "
"C: \ Program Files \ \ Common Files \ \ AolCoach \ \ it_IT \ \ lettore \ \ AOLNySEV.exe" = "C: \ Program Files \ \ Common Files \ \ AolCoach \ \ it_IT \ \ lettore \ \ AOLNySEV . exe: *: Ena dissanguato: AOL "
"C: \ \ Program Files \ \ FTP Commander Pro \ \ cftp.exe" = "C: \ \ Program Files \ \ FTP Commander Pro \ \ cftp.exe: *: Enabled: cftp"
"C: \ \ Program Files \ \ FTP Commander \ \ ftpcomm.exe" = "C: \ \ Program Files \ \ FTP Commander \ \ ftpcomm.exe: *: Enabled: ftpcomm"
"C: \ Program Files \ \ Real \ \ RealPlayer \ \ realplay.exe" = "C: \ Progra m Files \ \ Real \ \ RealPlayer \ \ realplay.exe: *: Enabled: Re alPlayer"
"C: \ \ StubInstaller.exe" = "C: \ \ StubInstaller.exe: *: E nabled: LimeWire sciamato installatore"
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ \ Program Files \ \ SmartFTP Client 2.0 \ \ SmartFTP.exe" = "C: \ \ Program Files \ \ SmartFTP Client 2.0 \ \ SmartFTP.exe: *: Enabled: SmartFTP Client 2.0"
"C: \ \ Program Files \ \ BitTornado \ \ btdownloadgui.exe" = "C: \ \ Program Files \ \ BitTornado \ \ btdownloadgui.exe: *: Enabled: ownloadgui BTD"
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ 1155864818 \ \ EE \ \ aolsoftware.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ 1155864818 \ \ EE \ \ aolsoftware . exe: *: Enab LED: Servizi di AOL "
"C: \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = "C: \ Program Files \ \ Mozilla Firefox \ \ firefox.exe: *: Enabled: Firefox"
"C: \ \ Program Files \ \ Get-Torrent \ \ Get-Torrent.exe" = "C: \ \ Program Files \ \ Get-Torrent \ \ Get-Torrent.exe: *: Enabled: applicazione P2P Torrent"
"C: \ \ Program Files \ \ Restaurant Empire \ \ re.exe" = "C: \ \ Program Files \ \ Restaurant Empire \ \ re.exe: *: Enabled: re"
"C: \ \ Program Files \ \ BitZip \ \ bitzip.exe" = "C: \ \ Program Files \ \ BitZip \ \ bitzip.exe: *: Enabled: BitZip"
"C: \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "C: \ Program Files \ \ uTorrent \ \ uTorrent.exe: *: Enabled: æTorrent"
"C: \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
"C: \ \ WINDOWS \ \ system32 \ \ dlcxcoms.exe" = "C: \ \ WINDOWS \ \ system32 \ \ dlcxcoms.exe: *: Enabled: Dell 926 Server"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servizi es \ sharedaccess \ parameters \ firewallpolicy \ domainpr ofilo \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ sistema m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"E: \ \ CtmWeb27155-48482 \ \ ctmweb.exe" = "E: \ \ CtmWeb27155-48482 \ \ ctmweb.exe: *: Enabled: Installazione Computrace ctmweb / Application Management"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"

File rimanenti :



I file con gli attributi Nascosto :

Mar 12 luglio 2005 54.872 A.. H. --- "C: \ Program Files \ America Online 9.0 \ AOLphx.exe"
Mar 12 luglio 2005 31.832 A.. H. --- "C: \ Program Files \ America Online 9.0 \ rbm.exe"
Mer 13 ottobre 2004 1.694.208 A.. H. --- "C: \ Program Files \ Messenger \ msmsgs.exe"
Mer 17 Set 2008 162 A.. H. --- "C: \ Documents and Settings \ Administrator \ Documenti \ ~ $ RL3917.tmp"
Ven 23 novembre 2007 4.840.960 ... H. --- "C: \ Documents and Settings \ Administrator \ Documenti \ ~ WRL3917.tmp"
Dom 1 aprile 2007 247 A.. H. --- "C: \ Program Files \ InterActual \ Player InterActual \ itiC9F.tmp"
Dom 1 Lug 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Lun 14 gennaio 2008 3.459 ... HR --- "C: \ Documents and Settings \ Administrator \ Application Data \ SecuROM \ UserData \ securom_v7_01.bak"
Sab 27 settembre 2008 4.750 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS00643642-9444-46D7-A0F8-98BCEC733FED.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS02319C6A-A321-4C8D-9995-820B7395AC0C.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS025EABA1-CC11-4560-8E12-630DDF3DA7B2.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS045F4367-E293-4856-99B6-A55965765747.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS068F3C9C-D92F-41e5-AF3C-3917DFD07FFB.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS0ABE791D-AAB6-45AE-94C0-81FF065FB64C.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ SSCS0B798094 Temp \-B44A-427a-B9DC-654E158521EB.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS0C1801B8-619C-45EF-A0A9-6FDF58378626.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS0DC230DD-648D-4C7A-A46F-125E3BBCACF0.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS0FD1D4A0-7A3B-4426-BF06-CBE8A10161D9.tmp"
Sab 27 settembre 2008 12.540 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS12E3E01D-D993-4077-84CD-270FC7998D10.tmp"
Sab 27 settembre 2008 5.616 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS1558A464-A8A5-4699-8AD4-1FD636BA73F0.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS16C4CA8E-B45E-4C74-A16A-C6547AC6862A.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS171F971D-9918-4BF8-934E-9F971CE3A62E.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS18482343-5AA4-4A75-B35E-1DE367BE8DF8.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS1F408231-9AD4-4F3A-8F71-E4D1A885E2D9.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS22C553D7-9E17-42E7-9BAC-FD08E49F2DA7.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS29899F67-1A0A-49C1-BF8C-969C56BFE72D.tmp"
Sab 27 settembre 2008 40.408 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS2CE2DD8D-1B89-4236-8CEB-8AE2092F011D.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS2DE8E664-10D0-4BC0-B385-C28929E5600F.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS35CD56A6-869F-4E8D-9744-F5243F94B4B1.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS3A52BAF2-C6D8-48c5-A517-8F08AFB8035A.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS3EC9B69D-3F89-4FC5-B941-1463F3BD2234.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS3EADD09D-E99C-4EDA-87E8-14DD31C5A1CA.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS3EDF6917-B0B7-4164-BAA8-7013E06D5FCA.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS3FF4AFC6-0025-4047-AEFB-7C34313D972F.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS4031D191-1F75-49F0-8272-A12ACD39C269.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS416C7484-2AC6-4BFE-8364-B3DC9640EB90.tmp"
Sab 27 settembre 2008 27.677 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS42B72C22-0C5B-4053-87A4-D8EB671C2029.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS4C83367A-C322-4725-A861-182E13107846.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS4DB48154-31C5-424F-B7EB-6337D7279415.tmp"
Sab 27 settembre 2008 3.393 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS4EAE423C-33F9-4D19-AD00-4127948E7F39.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS4FE7BDE5-631a-4BEE-BA59-2A86CECDA9DA.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS50B44EC6-2F2E-4D16-AC0C-376383467A7C.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS56CA220B-41A4-4EBA-B217-FF3A496AA590.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS5AF7C2DD-39F4-4B22-8F5A-11FC428681E1.tmp"
Sab 27 settembre 2008 101.080 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS5DCC2C2E-7275-4CC4-9192-B113F353FB5F.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS5D528DF5-B79E-4EE1-9D6C-1EC565BBBC62.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS6011FD6D-D50D-43A0-AE81-A050DD789327.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS62CC7F66-91D7-40E6-9C86-9E1A90363BBD.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS6548601C-9BB6-472c-aa53-447B881C2428.tmp"
Sab 27 settembre 2008 6.247.755 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS6946DC39-11B6-4B93-A005-7F3C9D123F87.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS69A2BD78-4F53-4EBE-A0E3-D640854156D9.tmp"
Sab 27 settembre 2008 198.358 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS6927849A-B300-4980-AAEB-7DBA1C6E4164.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS6945CE07-04BF-439f-987F-028637985DF0.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ SSCS6FE21A12 Temp \-C11B-4E43-99E2-FA8F960870E1.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS700D83FE-2571-4AE3-89BC-6DD584F68699.tmp"
Sab 27 settembre 2008 3.195.852 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ SSCS713A2772 Temp \-B7C7-4A87-BAEB-E92C67ED4580.tmp"
Sab 27 settembre 2008 143.110 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS71EC4FAD-E45A-4E20-AE13-D864D8CA24A1.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS716E87B1-65B4-4487-B09B-19A89B9F5C97.tmp"
Sab 27 settembre 2008 1.909.332 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ SSCS7366E027 Temp \-AE32-4BC8-9360-699C2C95BEB0.tmp"
Sab 27 settembre 2008 270.314 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS75371617-A509-4e33-9F16-118AA8AC2918.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS767A458F-F431-46EB-A2DA-88FB1A7E3E7D.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS7A70C6B2-5850-4473-9585-E0C43F090F27.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS7B30F8F2-8A4F-42B9-B9F8-625709173611.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ SSCS7C1354E8 Temp \-D74C-4AC8-BE8F-7167A5076F4A.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS7CBB22C6-4E66-4720-995F-1C2ADC632A9B.tmp"
Sab 27 settembre 2008 642 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS7E1AA5E0-4CF4-2F18-B64E-8EB8F378DF31.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS7FEECAB9-C6A6-4302-9AA6-F69FA542ED3D.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS840E4E3A-C733-4DC5-A8F3-B248CC83075B.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS8716D8FB-A364-4288-8B00-55605E1EF6C0.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS89FE094B-45FA-4923-87F1-139238C4F97B.tmp"
Sab 27 settembre 2008 610 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS8A4D2B50-2BB9-4DC6-9E5E-3CB11929C3D2.tmp"
Sab 27 settembre 2008 4.532 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS8E7D97AA-E673-4952-AA06-A468A9C52A7C.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS8FB3E905-99BA-4D9E-9C2A-B17FB19F5132.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS92FF4DE9-51A7-4FEA-9F94-4984E35FDB14.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS94946861-C52C-4360-B5D7-0BAA075D88BB.tmp"
Sab 27 settembre 2008 674 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS9766DA24-0126-49B8-821D-0BBD42716F70.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ SSCS9CF76AA8 Temp \-C8DD-426D-8974-7952EA0782D3.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS9DE19017-8F84-45F0-8707-3157A64B6CEA.tmp"
Sab 27 settembre 2008 1.190.410 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCS9F48133A-1109-42EB-93AA-A3CB3CACBCBF.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSABDB0578-02AF-4BA8-A501-9A8992ED7BDB.tmp"
Sab 27 settembre 2008 2.736 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSAD28D6FF-3940-4F08-A657-2E61F69B5449.tmp"
Sab 27 settembre 2008 75.790 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSB18333D4-60E0-438D-B085-7DB36F72F77D.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSB74C069F-C392-4F81-8670-212FC280E95D.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSB76C1894-7B69-4834-97D3-B402FE20935A.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSB73D6FFC-0E8C-41B9-84D3-8810EC6D9228.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSB9036DEB-8242-4521-A54E-139AF6A9A190.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSBAE9F5F5-FA44-4E05-9A1D-A462CE8AF520.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ SSCSBBCD6D72 Temp \-A069-40 ss-9AF2-916180E0A88E.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSBBCBA3E5-E607-436E-B3EE-A1DEAC925872.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSBEC0CEEC-C42B-4B06-A604-EAAD26CE6255.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSC5D01365-2009-400C-A9A3-5F990CF4A80D.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSC9E0B767-5A0A-47B9-A439-227E2B94F887.tmp"
Sab 27 settembre 2008 134.148 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSD2617AFF-BC61-4BFE-B8E6-6CC988A0F275.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSD21BE94F-9EE4-475B-B0A2-24C81FFF173F.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSD4AA62E4-9D9E-4B7B-9CD0-686A2C05AEF7.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSD729F3FB-EE09-459B-A678-BD9132629FDF.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSD8157780-DB4C-464E-B192-D31296C412A8.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSD97D795A-5F39-4FDD-A7EF-691DEBB65005.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSDA1F438F-BCAF-4452-A79A-167408950654.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSDA218F7C-D867-4690-96E2-789F80A7D3E0.tmp"
Sab 27 settembre 2008 20.968 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSDBBDCE8F-1CB9-456D-9A48-B332BFDD4DA3.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSDC4DE87E-7FB7-4AAF-9341-074C383E5277.tmp"
Sab 27 settembre 2008 2.168.120 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSDC4805C4-09F4-44DF-953F-40714AC7B32D.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSDC54187B-23EE-4C63-A3C1-F95DD71DC749.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSE542CE01-559A-4B52-B46E-3ABA034CB806.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSE76031B3-69B7-40CD-98AA-1FBADCFD80F9.tmp"
Sab 27 settembre 2008 538 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSE89A2A1E-7243-491e-8713-779584114914.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSE9F327DF-50B6-42E2-B361-B1279BCFE655.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSEAF8FCDA-0414-40ED-8AC7-F6E8BA990710.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSEC43267D-076B-42D7-838C-4A46B1619D44.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSED7CFB5E-591C-4B3A-BB59-99AC6B355CE9.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSF03658AA-EBC4-437C-8F4E-338B053BBCC5.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSF1EE7C84-96F2-4922-8549-E4F727B9B3A5.tmp"
Sab 27 Set 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSF5708FAD-F162-475a-BBD8-590D8EED1563.tmp"
Sab 27 settembre 2008 1.609.542 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSF60C8606-1E32-4C46-9DD9-9591141A47D3.tmp"
Sab 27 settembre 2008 29.084 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSF7DCFFB4-3037-49B4-8FAF-FB62C2892816.tmp"
Sab 27 settembre 2008 16.965 A.. H. --- "C: \ Documents and Settings \ LocalService \ Dati applicazioni \ Webroot \ Spy Sweeper \ Temp \ SSCSFABFD6CE-CC5D-4B27-9BE0-5CE94D2BE9C9.tmp"

Finito!






Logfile di Trend Micro HijackThis v2.0.2
Scan saved at 11:22:30, il 9/27/2008
Piattaforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ WINDOWS \ system32 \ LEXBCES.EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ LEXPPS.EXE
C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
C: \ Program Files \ Common Files \ AOL \ TopSpeed \ 2,0 \ aoltsmon.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ WINDOWS \ system32 \ dlcxcoms.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ Program Files \ Dell \ QuickSet \ NICCONFIGSVC.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ WINDOWS \ system32 \ rpcnet.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ spysweeper.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ commagent.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Viewpoint \ Viewpoint Manager \ ViewMgr.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Program Files \ Dell \ QuickSet \ quickset.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 3.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Program Files \ ErrorSmart \ ErrorSmart.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ America Online 9.0 \ waol.exe
C: \ Program Files \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ America Online 9.0 \ shellmon.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.bridgew.edu/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.bridgew.edu/
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - (A7327C09-B521-4EDB-8509-7D2660C9EC98) - C: \ Program Files \ Viewpoint \ Viewpoint Toolbar \ 3.8.0 \ ViewBarBHO.dll
O3 - Toolbar: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - (F8AD5AA5-D966-4667-9DAF-2561D68B2012) - C: \ Program Files \ Common Files \ Viewpoint \ Toolbar Runtime \ 3.8.0 \ IEViewBar.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [Dell QuickSet] C: \ Program Files \ Dell \ QuickSet \ quickset.exe
O4 - HKLM \ .. \ Run: [NvMediaCenter] Rundll32.exe NvMCTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 3.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [DLCXCATS] rundll32 C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ e.dll DLCXtim, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [ErrorSmart] C: \ Program Files \ ErrorSmart \ ErrorSmart.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [AOL Fast Start] "C: \ Program Files \ America Online 9.0 \ AOL.EXE"-b
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 -. DEFAULT User Startup: Clean Access Agent.lnk = C: \ Program Files \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe (User 'Default user')
O4 - Startup: Clean Access Agent.lnk = C: \ Program Files \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Pannello di controllo presenti
O8 - Extra contesto voce di menu: & AOL Toolbar ricerca - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / search.html
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in RSS reader di default - C: \ Documents and Settings \ Administrator \ Dati applicazioni \ RSSBandit \ iecontext_subscribefeed.htm
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra pulsante: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra pulsante: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra pulsante: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra pulsante: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra pulsante: PokerStars.net - (FA9B9510-9FCB-4ca0-818C-5D0987B47C4D) - C: \ Program Files \ PokerStars.NET \ PokerStarsUpdate.exe
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O15 - Trusted Zone: *. bridgew.edu
Ø16 - DPF: (01A88BB1-1174-41EC-ACCB-963509EAE56B) (SysProWmi Class) -- http://support.dell.com/systemprofiler/SysPro.CAB
Ø16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: (5e2a3510-4371-11D6-b64c-00c04faedb18) (Oracle JInitiator 1.1.8.18) -- http://frmserv.bridgew.edu/jinitiator/jinit.exe
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1121111428606
Ø16 - DPF: (6E32070A-766D-4EE6-879c-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1121873156643
Ø16 - DPF: (BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19) (CPlayFirstddfotgControl Object) -- http://aolsvc.aol.com/onlinegames/fr...g.1.0.0.33.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc. - C: \ Program Files \ Common Files \ AOL \ TopSpeed \ 2,0 \ aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Hotkey Poller - Ignoto proprietario - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: CSIScanner - Prevx - C: \ Program Files \ PrevxCSI \ prevxcsi.exe
O23 - Service: dlcx_device - - C: \ WINDOWS \ system32 \ dlcxcoms.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C: \ WINDOWS \ system32 \ LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C: \ Program Files \ Dell \ QuickSet \ NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C: \ WINDOWS \ system32 \ rpcnet.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ commagent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ spysweeper.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 10298 bytes

[evilfantasy]

Disattiva Spysweeper

È possibile riattivarla dopo sei pulito.

Per disattivare Spysweeper:

Aperto Spysweeper clicca> Opzioni oltre a sinistra poi> Programma Opzioni > Deseleziona "caricare all'avvio di Windows"

Oltre a sinistra fare clic su "scudi" e Deseleziona tutto là.

Deseleziona "home page scudo"

Deseleziona "automaticamente il ripristino di default senza notifica"

Dopo tutte le correzioni sono completi è molto importante che si attiva la protezione in tempo reale di nuovo.

----------

Disattivare Windows Defender

Abbiamo bisogno di disattivare il Windows Defender la protezione in tempo reale in quanto possono interferire con le correzioni che abbiamo bisogno di fare.

• Aperto Windows Defender
• Fare clic su Strumenti, Impostazioni generali
• Scorrere verso il basso e deseleziona Attiva protezione in tempo reale (consigliato)
• Dopo Deselezionando questa operazione, fare clic sul Salvare pulsante e chiudere Windows Defender.

Dopo tutte le correzioni sono completi è molto importante che si attiva la protezione in tempo reale di nuovo.

----------

Abbiamo bisogno di rimuovere ErrorSmart. Questo è considerato un programma rouge perché è inaffidabile e spesso installati senza il consenso degli utenti.

Vai a Aggiungi / Rimuovi Programmi e disinstallare ErrorSmart (se c'è)

----------

Apri HijackThis e selezionare Non solo un sistema di scansione.

Mettere un segno di spunta accanto alle seguenti voci: (se esiste)

• O4 - HKLM \ .. \ Run: [ErrorSmart] C: \ Program Files \ ErrorSmart \ ErrorSmart.exe

Importante: Chiudere tutte le finestre, ad eccezione di HijackThis e quindi fare clic su Fix controllati.

Uscita HijackThis.

----------

Nota: le istruzioni qui di seguito sono stati creati appositamente per questo utente. Se non siete l'utente, NON seguire queste istruzioni in quanto potrebbero danneggiare il funzionamento del sistema

Vai a Start> Esegui e il tipo notepad.exe quindi fare clic su OK

Copia e incolla il sottostante nel Blocco note e salvarlo come fixme.reg a Vostra Desktop

Codice:

REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] "ErrorSmart" =-

Individuare fixme.reg sul desktop e fare doppio clic su di esso. Risposta Sì quando viene chiesto di fondersi con il registro.

Assicurarsi che mi dite se si riceve un messaggio di conferma circa l'aggiunta di quanto sopra
al Registro di sistema. Se non si riceve un messaggio di successo, non ha funzionato.

Eliminare il fixme.reg dal desktop.

----------

Scaricare CCleaner Slim e salvarlo sul desktop.
Quando il file è stato salvato, vai sul desktop e fare doppio clic sul ccsetupxxx_slim.exe
Seguire le istruzioni per installare il programma.
Completare l'installazione allora:

• Fare doppio clic sull'icona CCleaner collegamento sul desktop per avviare il programma.
• Fare clic sul Opzioni blocco a sinistra, quindi scegliere Cookie.
  • Sotto Elimina i cookie per, Evidenziare i cookie che si desidera mantenere in modo permanente
  • Fare clic sulla freccia destra > per passare alla Cookie per mantenere finestra.
• Andate in Opzioni > Avanzata uncontrollo Solo eliminare i file in Windows Temp cartelle di età superiore a 48 ore
• Fare clic sul pulsante Cleaner sulla sinistra e poi Esegui Cleaner sulla destra per eseguire il programma.
• Importante: Assicurarsi che TUTTI sono chiuse le finestre del browser prima di selezionare Esegui Cleaner
• Attenzione: Non è consigliabile utilizzare il 'Registro' funzione a meno che non si sono molto familiare con il Registro di sistema.
• Esci CCleaner dopo che ha completato il suo processo.

Riavviare il computer ed eseguire Mbam poi inserisci il registro.

----------

Scaricare Malwarebytes' Anti-Malware (MBAM)

• Fare doppio clic su mbam-setup.exe e seguire le istruzioni per installare il programma.
• Alla fine, essere sicuro è un segno di spunta accanto al seguente:
  • Aggiorna Malwarebytes' Anti-Malware
  • Lancio Malwarebytes' Anti-Malware
• Quindi, fare clic su Fine.
• Se viene trovato un aggiornamento, si scarica e installa l'ultima versione.
• Una volta che il programma ha caricato, selezionare Eseguire la scansione rapida, Quindi fare clic su Scan.
• Quando la scansione è completata, fare clic OK, Quindi Mostra i risultati per visualizzare i risultati.
• Essere sicuri che tutto è controllato, e fare clic su Rimuovi selezionati.
• Quando la disinfezione sarà completata, verrà aperto un registro nel Blocco note e può essere richiesto di riavviare. (Vedi Nota Extra)
• Il log viene salvato automaticamente dal MBAM e possono essere visualizzati cliccando i log nella scheda MBAM.
• Copia e incolla l'intero rapporto con il prossimo risposta.

Ulteriori Note: Se MBAM incontra un file che è difficile da rimuovere, verrà presentato con 1 di 2 istruzioni, fare clic su OK per lasciare che sia MBAM e procedere con il processo di disinfezione, se richiesto di riavviare il computer, si prega di farlo immediatamente.

[caroleella]

Ho ricevuto un messaggio di successo dal Registro di sistema.





Malwarebytes' Anti-Malware 1,28
Versione del database: 1216
5/1/2600 Windows Service Pack 2

9/28/2008 12:45:51
mbam-log-2008-09-28 (00-45-51). txt

Tipo di scansione: Quick Scan
Scansione di oggetti: 59.369
Tempo trascorso: 10 minuti (s), 46 secondi (s)

Processi di memoria infetti: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori del registro infetti: 0
I dati del Registro di oggetti infetti: 0
Cartelle infette: 0
File infetti: 1

Processi di memoria infetti:
(N. oggetti dannosi individuati)

Moduli di memoria infetti:
(N. oggetti dannosi individuati)

Chiavi di registro infette:
(N. oggetti dannosi individuati)

Valori del registro infetti:
(N. oggetti dannosi individuati)

I dati del Registro di oggetti infetti:
(N. oggetti dannosi individuati)

Cartelle infette:
(N. oggetti dannosi individuati)

I file infetti:
C: \ WINDOWS \ system32 \ SJv56bM4.exe.a_a (Trojan.Agent) -> No action taken.

[evilfantasy]

Tutte le modifiche?

[caroleella]

No, ancora lì

[evilfantasy]

Non ti preoccupare lo troveremo.

Scarica ComboFix da success da uno dei link qui sotto. Assicurarsi superiore a salvare la Desktop.

Link # 1
Link # 2

** Nota: E 'importante che si è salvato direttamente sul tuo desktop

Chiudere tutti i browser Web aperto. (Firefox, Internet Explorer, etc) prima di iniziare ComboFix.

Temporaneamente disattivare tuo antivirus, E qualsiasi antispyware protezione in tempo reale prima eseguire una scansione. Fare clic sul pulsante questo link per visualizzare un elenco di programmi di sicurezza che dovrebbero essere disattivati e come disattivarli.

Fare doppio clic su combofix.exe e segui le istruzioni.
Una volta terminato ComboFix produrrà un log per voi.
Posta la ComboFix log nella prossima risposta.

Importante: Non clic ComboFix della finestra, mentre è in esecuzione. Che potrebbero indurlo a stalla.

Ricorda di riattivare l'antivirus e antispyware quando ComboFix protezione è completa.

[caroleella]

ComboFix 08-09-27.05 - Administrator 2008-09-28 11:44:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.615 [GMT -4:00]
Running da: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
* Creato un nuovo punto di ripristino

AVVERTENZA-Questa macchina NON HANNO IL RECUPERO CONSOLE INSTALLED!
.

Altri ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Documents and Settings \ NetworkService \ Cookies \ system @ trafficmp [1]. Txt
C: \ WINDOWS \ system32 \ drivers \ fad.sys

.
((((((((((((((((((((((((( I file creati dal 2008/08/28 al 2008/09/28 ))))))))))) ))))))))))))))))))))
.

2008-09-28 01:46. 2008-09-28 01:46 0 - a ------ C: \ WINDOWS \ system32 \ SJv56bM4.exe.a_a
2008-09-27 22:45. 2008-09-27 22:45 <DIR> d -------- C: \ WINDOWS \ ERUNT
2008-09-27 22:20. 2008-09-27 23:19 <DIR> d -------- C: \ SDFix
2008-09-27 21:03. 2008-09-27 21:03 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-09-27 20:48. 2008-09-27 20:48 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Dati applicazioni \ AdobeUM
2008-09-27 20:36. 2008-09-27 20:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ ErrorSmart
2008-09-27 19:38. 2008-09-27 19:38 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware
2008-09-27 19:38. 2008-09-27 19:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Malwarebytes
2008-09-27 19:38. 2008-09-27 19:38 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Malwarebytes
2008-09-27 19:38. 2008-09-10 00:04 38.528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-27 19:38. 2008-09-10 00:03 17.200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-27 15:20. 2008-09-27 15:20 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-09-27 15:20. 2008-09-27 15:20 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-09-27 15:20. 2008-09-27 15:20 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ SUPERAntiSpyware.com
2008-09-27 15:20. 2008-09-27 15:20 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ SUPERAntiSpyware.com
2008-09-27 15:13. 2008-09-27 15:13 <DIR> d -------- C: \ Program Files \ CCleaner
2008-09-27 12:35. 2008-09-27 12:35 <DIR> d -------- C: \ Program Files \ PrevxCSI
2008-09-27 12:35. 2008-09-28 11:36 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ PrevxCSI
2008-09-27 12:35. 2008-09-27 12:35 17.408 - a ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys
2008-09-27 00:48. 2008-09-27 00:47 102.664 - un ------ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys
2008-09-27 00:47. 2008-09-27 00:48 <DIR> d -------- C: \ Documents and Settings \ Administrator \. Housecall6.6
2008-09-26 23:23. 2008/09/26 23:22 30272 - a ------ C: \ WINDOWS \ system32 \0vx55IOc.exe
2008-09-23 19:04. 2008-09-23 22:56 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak
2008-09-21 00:19. 2008-09-21 00:19 <DIR> d -------- C: \ Program Files \ Windows Defender
2008-09-12 13:32. 2004-03-29 16:23 90.112 - a ------ C: \ WINDOWS \ unvise32.exe
2008-09-11 12:41. 2008/09/28 11:36 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2008-09-11 12:41. 2008-09-11 12:41 1.409 - un ------ C: \ WINDOWS \ QTFont.for
2008-09-09 15:33. 2008-09-09 15:56 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ FarmFrenzy2
2008-09-04 13:39. 2008-09-04 13:39 <DIR> d -------- C: \ Program Files \ Atari
2008-09-03 23:06. 2008-06-10 02:32 73.728 - a ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2008-09-01 20:34. 2008-09-01 20:34 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Eyeblaster
2008-08-28 23:11. 2004-08-04 00:56 159.232 - un ------ C: \ WINDOWS \ system32 \ ptpusd.dll
2008-08-28 23:11. 2001-08-17 22:36 5.632 - un ------ C: \ WINDOWS \ system32 \ ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/09/28 15:35 31.232 ---- aw C: \ WINDOWS \ system32 \ rpcnet.dll
2008/09/28 15:35 17.408 ---- aw C: \ WINDOWS \ system32 \ Rpcnetp.exe
2008-09-28 03:10 17.408 ---- aw C: \ WINDOWS \ system32 \ rpcnetp.dll
2008-09-28 00:20 --------- d ----- w C: \ Program Files \ RealArcade
2008-09-25 21:30 --------- d ----- w C: \ Program Files \ FTP Commander
2008-09-21 04:33 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2008-09-11 16:36 --------- d ----- w C: \ Documents and Settings \ Administrator \ Dati applicazioni \ uTorrent
2008-09-05 18:19 98.304 ---- aw C: \ WINDOWS \ system32 \ CmdLineExt.dll
2008-09-04 17:39 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2008-09-04 03:06 --------- d ----- w C: \ Program Files \ Java
2008-08-30 00:32 --------- d ----- w C: \ Program Files \ dl_Cats
2008-08-24 21:28 --------- d ----- w C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Move Networks
2008-08-24 21:07 --------- d ----- w C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Gamelab
2008-07-30 01:59 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ FreshGames
2008-07-19 02:10 94.920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll
2008-07-19 02:10 53.448 ---- aw C: \ WINDOWS \ system32 \ Wuauclt.exe
2008-07-19 02:10 45.768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
2008-07-19 02:10 36.552 ---- aw C: \ WINDOWS \ system32 \ wups.dll
2008-07-19 02:09 563.912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll
2008-07-19 02:09 325.832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll
2008-07-19 02:09 205.000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll
2008-07-19 02:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ Wuaueng.dll
2008-07-19 02:07 270.880 ---- aw C: \ WINDOWS \ system32 \ mucltui.dll
2008-07-19 02:07 210.976 ---- aw C: \ WINDOWS \ system32 \ muweb.dll
2008-07-07 20:32 253.952 ---- aw C: \ WINDOWS \ system32 \ es.dll
2007-10-02 01:01 60.968 ---- aw C: \ Documents and Settings \ Administrator \ GoToAssistDownloadHelper.ex e
2007-01-13 12:49 774.144 ---- aw C: \ Program Files \ RngInterstitial.dll
2007-08-10 19:03 6.275.816 ---- aw C: \ Program Files \ Mozilla Firefox \ plugins \ ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * vuoto voci & legit default voci non vengono visualizzate
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 15360]
"AOL Fast Start" = "C: \ Program Files \ America Online 9.0 \ AOL.EXE" [2005-07-12 50776]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-04-28 8429568]
"Dell QuickSet" = "C: \ Program Files \ Dell \ QuickSet \ quickset.exe" [2007-07-20 1228800]
"HPDJ Taskbar Utility" = "C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb03.exe" [2001-06-12 200704]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-01-10 385024]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-01-15 267048]
"DLCXCATS" = "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X 86 \ 3 \ DLCXtime.dll" [2006-10-16 106496]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"NvMediaCenter" = "NvMCTray.dll" [2007/04/28 C: \ WINDOWS \ system32 \ nvmctray.dll]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce]
"RunNarrator" = "Narrator.exe" [2004/08/04 C: \ WINDOWS \ system32 \ narrator.exe]

C: \ Documents and Settings \ Administrator \ Menu Avvio \ Programmi \ Startup \
Pulizia Accesso Agent.lnk - C: \ Program Files \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe [2007-06-28 2056266]

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ Policies \ Explorer]
"NoSMBalloonTip" = 1 (0x1)
"NoAutoTrayNotify" = 1 (0x1)

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ corr rentversion \ Policies \ Explorer]
"NoActiveDesktopChanges" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2008-07-23 16:28 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings amministratore ^ ^ Menu Avvio ^ Programmi ^ ^ avvio Adobe Gamma.lnk]
path = C: \ Documents and Settings \ Administrator \ Menu Avvio \ Programmi \ Esecuzione automatica \ Adobe Gamma.lnk
backup = C: \ WINDOWS \ pss \ Adobe Gamma.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Avvio ^ Programmi ^ ^ avvio di Adobe Reader Speed Launch.lnk]
path = C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Startup \ Adobe Reader Speed Launch.lnk
backup = C: \ WINDOWS \ pss \ Adobe Reader Speed Launch.lnkCommon di avvio

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ AOLDialer]
-ra ------ 2006-10-23 08:50 71216 C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Apoint]
- un ------ 2003-08-20 20:24 151552 C: \ Program Files \ Apoint \ Apoint.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ctfmon.exe]
- un ------ 2004-08-04 00:56 15360 C: \ WINDOWS \ system32 \ ctfmon.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ HostManager]
- un ------ 2006-09-25 20:52 50736 C: \ Program Files \ Common Files \ AOL \ 1155864818 \ EE \ aolsoftware.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxhkcmd]
- un ------ 2006-07-14 18:04 77824 C: \ WINDOWS \ system32 \ hkcmd.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxpers]
- un ------ 2006-07-14 18:08 118784 C: \ WINDOWS \ system32 \ igfxpers.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxtray]
- un ------ 2006-07-14 18:07 94208 C: \ WINDOWS \ system32 \ igfxtray.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ IntelWireless]
- un ------ 2006-08-02 01:32 696320 C: \ Program Files \ Intel \ Wireless \ Bin \ iFrmewrk.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ IntelZeroConfig]
- un ------ 2006-08-02 01:38 802816 C: \ Program Files \ Intel \ Wireless \ Bin \ ZCfgSvc.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper]
- un ------ 2008-01-15 04:22 267048 C: \ Program Files \ iTunes \ iTunesHelper.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ MSMSGS]
- ah ----- 2004-10-13 12:24 1694208 C: \ Program Files \ Messenger \ msmsgs.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NvCplDaemon]
- un ------ 2007-04-28 19:05 8429568 C: \ WINDOWS \ system32 \ nvcpl.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NvMediaCenter]
- un ------ 2007-04-28 19:05 81920 C: \ WINDOWS \ system32 \ nvmctray.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task]
- un ------ 2008-01-10 16:27 385024 C: \ Program Files \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RealTray]
- un ------ 2006-08-17 21:34 26112 C: \ Program Files \ Real \ RealPlayer \ realplay.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunJavaUpdateSched]
- un ------ 2006-12-15 04:23 75520 C: \ Program Files \ Java \ jre1.5.0_11 \ bin \ jusched.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WMPNSCFG]
--------- 2006-10-18 20:05 204288 C: \ Program Files \ Windows Media Player \ wmpnscfg.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NVHotkey]
- un ------ 2007-04-28 19:05 67584 C: \ WINDOWS \ system32 \ nvhotkey.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ nwiz]
- un ------ 2007-04-28 19:05 1626112 C: \ WINDOWS \ system32 \ nwiz.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SigmatelSysTrayApp]
- a - c --- 2005-11-16 15:35 397312 C: \ WINDOWS \ stsystra.exe

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ Program Files \ \ RssBandit \ \ RSSBandit.exe" =
"C: \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe" =
"C: \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe" =
"C: \ Program Files \ \ America Online 9.0 \ \ waol.exe" =
"C: \ Program Files \ \ Common Files \ \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltsmon.exe" =
"C: \ Program Files \ \ Common Files \ \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltpspd.exe" =
"C: \ Program Files \ \ Common Files \ \ AOL \ \ 1155864818 \ \ EE \ \ AOLServiceHost.exe" =
"C: \ Program Files \ \ Common Files \ \ AOL \ \ System \ \ sinf.exe" =
"C: \ Program Files \ \ Common Files \ \ AOL \ \ AOL Spyware Protection \ \ AOLSP Scheduler.exe" =
"C: \ Program Files \ \ Common Files \ \ AOL \ \ AOL Spyware Protection \ \ asp.exe" =
"C: \ Program Files \ \ Common Files \ \ AolCoach \ \ it_IT \ \ lettore \ \ AOLNySEV.exe" =
"C: \ Program Files \ \ FTP Commander \ \ ftpcomm.exe" =
"C: \ Program Files \ \ Real \ \ RealPlayer \ \ realplay.exe" =
"C: \ \ StubInstaller.exe" =
"C: \ Program Files \ \ SmartFTP Client 2.0 \ \ SmartFTP.exe" =
"C: \ Program Files \ \ BitTornado \ \ btdownloadgui.exe" =
"C: \ Program Files \ \ Common Files \ \ AOL \ \ 1155864818 \ \ EE \ \ aolsoftware.exe" =
"C: \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" =
"C: \ Program Files \ \ BitZip \ \ bitzip.exe" =
"C: \ Program Files \ \ uTorrent \ \ uTorrent.exe" =
"C: \ Program Files \ \ iTunes \ \ iTunes.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ WINDOWS \ \ system32 \ \ dlcxcoms.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"50001: TCP" = 50001: TCP: webroots
"50002: TCP" = 50002: TCP: webroots2
"3389: TCP" = 3389: TCP: @ Xpsp2res.dll, -22009

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ IcmpSettings]
"AllowInboundEchoRequest" = 1 (0x1)

R0 a320raid; a320raid; C: \ WINDOWS \ system32 \ drivers \ A320 raid.sys [2006-04-04 251578]
R0 pxark; pxark; C: \ WINDOWS \ system32 \ drivers \ pxark.sys [2008-09-27 17408]
R1 SAVOnAccess controllo; SAVOnAccess controllo; C: \ WINDOWS \ system32 \ drivers \ savonaccesscon trol.sys [2006-04-14 80128]
R1 SAVOnAccess filtro; SAVOnAccess filtro; C: \ WINDOWS \ system32 \ drivers \ savonaccessfilt er.sys [2006-04-14 24064]
R2 CSIScanner; CSIScanner; C: \ Program Files \ PrevxCSI \ prevxcsi.exe [2008-09-27 618040]
R2 dlcx_device; dlcx_device; C: \ WINDOWS \ system32 \ dlcxco ms.exe [2006-11-03 537480]
R2 Viewpoint Manager Service; Viewpoint Manager Service; C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2007-01-04 24652]
S2 ousbehci; NEC da PCI a USB Enhanced Host Controller; C: \ WINDOWS \ system32 \ drivers \ ousbehci.sy s [2003-08-01 41600]
S3 GTIPCI21; GTIPCI21; C: \ WINDOWS \ system32 \ drivers \ gtip ci21.sys [2004-05-03 80384]
S3 NWADI; NWADI Bus Enumerator; C: \ WINDOWS \ system32 \ drivers \ NWADIenum.s ys [2005-12-09 67840]
S3 ousb2hub; OrangeWare USB 2.0 Root Hub Support; C: \ WINDOWS \ system32 \ drivers \ ousb2hub.sys [2003-08-01 55552]
S3 whfltr2k; WheelMouse USB Bassa driver filtro; C: \ WINDOWS \ system32 \ drivers \ whfltr2k.sys [2007-01-25 6784]
S3 whmice2k; avanzata Wheel Mouse Driver filtro Superiore; C: \ WINDOWS \ system32 \ drivers \ whmice2k.sys [2004-04-25 6885]

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ D]
\ Shell \ AutoRun \ command - D: \ autorun.exe

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (64d8acf2-11dB-5f84-b756-00038a000015)]
\ Shell \ AutoRun \ command - E: \ Installer.exe

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (7aebf132-2e3f-11dB-b6e0-0015c547091a)]
\ Shell \ AutoRun \ command - E: \ wd_windows_tools \ setup.exe

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (c4f3f4e1-2c11-11d9-8305-806d6172696f)]
\ Shell \ AutoRun \ command - D: \ Programmi \ nu2menu \ nu2menu.exe

* * Servizio di nuova costituzione - PROCEXP90
.
Indice dell ' "Operazioni pianificate' cartella
.
- - - - ORFANI REMOVED - - - --

MSConfigStartUp-! AVG Anti-Spyware - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
MSConfigStartUp-DVDLauncher - C: \ Program Files \ CyberLink \ PowerDVD \ SynTPEnh.exe
MSConfigStartUp-SpySweeperEnterprise - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ \ spysweeperui.exe
MSConfigStartUp-SpysweeperUI - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ spysweeperui.exe
MSConfigStartUp-SunJavaUpdateSched - C: \ Programmi \ File comuni \ Sonic \ Update Manager \ sgtray.exe


.
------- ------- Supplementari Scan
.
FireFox -: Profile - C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Mozilla \ Firefox \ Profiles \ dlc1hobz.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / www.broadway.com/
FF -: plugin - C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Mozilla \ Firefox \ Profiles \ dlc1hobz.default \ ensions ext \ npmozax@real.com \ plugins \ npmozax.dll
FF -: plugin - C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ browser \ nppdf32.dll
FF -: plugin - C: \ Program Files \ iTunes \ Mozilla Plugins \ npitunes.dll
FF -: plugin - C: \ Program Files \ Mozilla Firefox \ plugins \ npagent.dll
FF -: plugin - C: \ Program Files \ Mozilla Firefox \ plugins \ npmozax.dll
FF -: plugin - C: \ Program Files \ Mozilla Firefox \ plugins \ npmusicn.dll
FF -: plugin - C: \ Program Files \ Mozilla Firefox \ plugins \ npracplug.dll
FF -: plugin - C: \ Program Files \ Mozilla Firefox \ plugins \ nptgeqplugin.dll
FF -: plugin - C: \ Program Files \ Mozilla Firefox \ plugins \ npunagi2.dll
FF -: plugin - C: \ Program Files \ Real \ RealArcade \ Plugins \ Mozilla \ l npracplug.dl
FF -: plugin - C: \ Programmi \ Viewpoint \ Viewpoint Experience Technology \ npViewpoint.dll
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 11:48:43
5/1/2600 Windows Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
DLCXCATS = rundll32 C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ e.dll DLCXtim, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scansione di file nascosti ...

scansione completata con successo
i file nascosti: 0

************************************************** ************************
.
--------------------- DLLs Loaded Sotto i processi in esecuzione ---------------------

PROCESSO: C: \ WINDOWS \ system32 \ winlogon.exe
-> C: \ WINDOWS \ system32 \ Ati2evxx.dll
.
Ora fine: 2008-09-28 11:50:56
ComboFix-quarantined-files.txt 2008-09-28 15:50:52

Pre-Run: 25918537728 bytes free
Post-Run: 25986658304 bytes free

255 --- EOF --- 2008-09-26 12:22:29

[evilfantasy]

Nota: le istruzioni qui di seguito sono stati creati appositamente per questo utente. Se non siete l'utente, NON seguire queste istruzioni in quanto potrebbero danneggiare il funzionamento del sistema

Elimina i file / cartelle, come segue:

1. Vai a Inizio > Correre > Tipo Notepad.exe e fare clic su OK per aprire il Blocco note.
Esso dovere essere il Blocco note, non Wordpad.
2. Copia il testo nella casella qui sotto il codice evidenziando tutto il testo e premendo Ctrl + C

Codice:

Killall:: File:: C: \ WINDOWS \ system32 \ SJv56bM4.exe.a_a C: \ WINDOWS \ system32 \ Folder 0vx55IOc.exe:: C: \ Documents and Settings \ Administrator \ Dati applicazioni \ ErrorSmart

3. Vai alla finestra e fare clic su Blocco note Modifica > Incolla
4. Quindi, fare clic su File > Salvare
5. Nome del file CFScript.txt - Salva il file sul tuo desktop
6. Quindi, trascinare il CFScript (tenere premuto il tasto sinistro del mouse mentre si trascina il file) e rilasciarlo (rilasciare il tasto sinistro del mouse) in ComboFix.exe come potete vedere nella schermata qui sotto. Importante: Eseguire questa attentamente le istruzioni!



ComboFix inizierà a eseguire, basta seguire le istruzioni.
Dopo il reboot (nel caso in cui si chiede di riavviare), che produrrà un log per voi.
Post che log (Combofix.txt) nella prossima risposta.

Nota: Non clic ComboFix della finestra, mentre è in esecuzione. Questo può causare il sistema per congelare