|
|
#1
6 Novembre 2008, 02:16
|
|||
|
|||
|
Io non riesco a chiudere iexplore.exe, anche quando non c'è esploratore finestre aperte. Annunci sempre pop-up di volta in volta. Ho anche sentito voci di annunci / rumori in sottofondo. E 'fastidioso e mi sento come le prestazioni del sistema ha rallentato. Please help. Questo è il mio log di HijackThis:
File di log di HijackThis v1.99.1 Scan saved at 4:15:28, on 11/6/2008 Piattaforma: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Processi in esecuzione: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.exe C: \ WINDOWS \ RTHDCPL.EXE C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ ASUS \ AASP \ 1.00.61 \ aaCenter.exe C: \ WINDOWS \ system32 \ RUNDLL32.EXE C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe C: \ PROGRA ~ 1 \ COMUNE ~ 1 \ Nokia \ MPAPI \ MPAPI3s.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ System32 \ PSIService.exe C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Winamp \ winamp.exe C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe C: \ WINDOWS \ system32 \ s1S8Dh6X.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Program Files \ HijackThis \ HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: IE2EMBHO Class - (0A0DDBD3-6641-40B9-873F-BBDD26D6C14E) - C: \ Program Files \ eMule \ modules \ IE2EM.dll O2 - BHO: RealPlayer Download and Record Plugin per Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file) O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName O4 - HKLM \ .. \ Run: [Ai Nap] "C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe" O4 - HKLM \ .. \ Run: [CPU Power Monitor] "C: \ Program Files \ ASUS \ Ai Suite \ AiGear3 \ CpuPowerMonitor.exe" O4 - HKLM \ .. \ Run: [Cpu Level Up aiuto] C: \ Program Files \ ASUS \ Ai Suite \ CpuLevelUpHelp.exe O4 - HKLM \ .. \ Run: [ASUS Risparmio Energetico] "C: \ Program Files \ ASUS \ AI Suite \ risparmio energetico \ PwSave.exe" O4 - HKLM \ .. \ Run: [Ulead AutoDetector v2] C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.exe O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [NSLauncher] C: \ Program Files \ Nokia \ Nokia Software Launcher \ NSLauncher.exe / avvio O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKLM \ .. \ Run: [\ \ MING3 \ EPSON Stylus C120 Series] C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIC ca.exe / FU "C: \ DOCUME ~ 1 \ MKJ \ LOCALS ~ 1 \ Temp \ E_S13.tmp "/ EF" HKCU " O4 - HKCU \ .. \ Run: [PcSync] C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog O8 - Extra contesto voce di menu: Aggiungi a Google Photos Screensa & ver - res: / / C: \ WINDOWS \ system32 \ GPhotos.scr/200 O8 - Extra context menu item: Scarica con eMule - C: \ Program Files \ eMule \ IE2EM.htm O9 - Extra pulsante: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mancanti) O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mancanti) O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø10 - Unknown file in Winsock LSP: c: \ programmi \ bonjour \ mdnsnsp.dll Ø11 - Opzioni di gruppo: [INTERNATIONAL] International * Ø16 - DPF: (0CCA191D-13A6-4E29-B746-314DEE697D83) (Facebook Photo Uploader 5 Control) -- http://upload.facebook.com/controls/...oUploader5.cab Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1224821007296 Ø16 - DPF: (6E32070A-766D-4EE6-879c-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1224825458984 Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab Ø18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL Ø18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL Ø20 - Winlogon Notify: dimsntfy -% SystemRoot% \ System32 \ dimsntfy.dll (file mancanti) Ø20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - Unknown proprietario - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe "/ service (file mancanti) O23 - Service: avast! Web Scanner - Unknown proprietario - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe "/ service (file mancanti) O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe O23 - Service: ProtexisLicensing - Sconosciuto proprietario - C: \ WINDOWS \ System32 \ PSIService.exe O23 - Service: ServiceLayer - Nokia. - C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe |
|
#2
6 Novembre 2008, 09:37
|
|||
|
|||
|
Scaricare CCleaner Slim e salvarlo sul desktop.
Quando il file è stato salvato, vai sul desktop e fare doppio clic sul ccsetupxxx_slim.exe Seguire le istruzioni per installare il programma. Completare l'installazione allora:
---------- Ora installare la nuova versione di HijackThis e posta il log da esso. Scaricare TrendMicro HijackThis.exe (HJT) per il Desktop.
__________________
 |
|
#3
6 Novembre 2008, 16:19
|
|||
|
|||
|
Ho eseguito l'CCleaner e reinstallato la nuova versione di HijackThis.
Logfile di Trend Micro HijackThis v2.0.2 Scan saved at 6:18:15, on 11/6/2008 Piattaforma: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Processi in esecuzione: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.exe C: \ WINDOWS \ RTHDCPL.EXE C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ ASUS \ AASP \ 1.00.61 \ aaCenter.exe C: \ WINDOWS \ system32 \ RUNDLL32.EXE C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ System32 \ PSIService.exe C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ s1S8Dh6X.exe C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ AcroRd32.exe C: \ PROGRA ~ 1 \ COMMON ~ 1 \ PCSuite \ DATALA ~ 1 \ DATALA ~ 1.EXE C: \ WINDOWS \ system32 \ conime.exe C: \ Program Files \ CCleaner \ CCleaner.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ WINDOWS \ system32 \ Wuauclt.exe C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: IE2EMBHO Class - (0A0DDBD3-6641-40B9-873F-BBDD26D6C14E) - C: \ Program Files \ eMule \ modules \ IE2EM.dll O2 - BHO: RealPlayer Download and Record Plugin per Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file) O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName O4 - HKLM \ .. \ Run: [Ai Nap] "C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe" O4 - HKLM \ .. \ Run: [CPU Power Monitor] "C: \ Program Files \ ASUS \ Ai Suite \ AiGear3 \ CpuPowerMonitor.exe" O4 - HKLM \ .. \ Run: [Cpu Level Up aiuto] C: \ Program Files \ ASUS \ Ai Suite \ CpuLevelUpHelp.exe O4 - HKLM \ .. \ Run: [ASUS Risparmio Energetico] "C: \ Program Files \ ASUS \ AI Suite \ risparmio energetico \ PwSave.exe" O4 - HKLM \ .. \ Run: [Ulead AutoDetector v2] C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.exe O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [NSLauncher] C: \ Program Files \ Nokia \ Nokia Software Launcher \ NSLauncher.exe / avvio O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKLM \ .. \ Run: [\ \ MING3 \ EPSON Stylus C120 Series] C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIC ca.exe / FU "C: \ DOCUME ~ 1 \ MKJ \ LOCALS ~ 1 \ Temp \ E_S13.tmp "/ EF" HKCU " O4 - HKCU \ .. \ Run: [PcSync] C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog O4 - HKLM \ .. \ Run: [CTFMON.EXE 2009] "C: \ Program Files \ Uniblue \ RegistryBooster \ RegistryBooster.exe / S O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ ctfmon.exe (User 'SERVIZIO LOCALE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ ctfmon.exe (User 'Default user') O8 - Extra contesto voce di menu: Aggiungi a Google Photos Screensa & ver - res: / / C: \ WINDOWS \ system32 \ GPhotos.scr/200 O8 - Extra context menu item: Scarica con eMule - C: \ Program Files \ eMule \ IE2EM.htm O9 - Extra pulsante: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø15 - ESC Trusted Zone: http:// *. update.microsoft.com Ø16 - DPF: (0CCA191D-13A6-4E29-B746-314DEE697D83) (Facebook Photo Uploader 5 Control) -- http://upload.facebook.com/controls/...oUploader5.cab Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1224821007296 Ø16 - DPF: (6E32070A-766D-4EE6-879c-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1224825458984 Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe O23 - Service: ProtexisLicensing - Sconosciuto proprietario - C: \ WINDOWS \ System32 \ PSIService.exe O23 - Service: ServiceLayer - Nokia. - C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe -- End of file - 7422 bytes Qual è il prossimo passo? Grazie per il vostro aiuto. |
|
#4
6 Novembre 2008, 16:53
|
|||
|
|||
|
Per la scansione di file sospetti
Si prega di andare a VirSCAN.org LIBERA scansione on-line di servizi (Se più di un file a scansione esigenze devono essere svolto separatamente e log inviati per ognuno) 1. Copia e incolla il seguente percorso di file in Per la scansione di file sospetti casella sulla parte superiore della pagina. Codice:
C: \ WINDOWS \ system32 \ s1S8Dh6X.exe 3. Stampa Ctrl + V sulla tastiera (sia allo stesso tempo) per incollare il percorso del file nella finestra. 4. Fare clic sul Carica pulsante. Ciò eseguire una scansione su più diversi motori di scansione antivirus. Il file potrebbe essere entrato in una coda che di solito richiede meno di un minuto per cancellare. Importante: Attendere che tutti i motori di scansione per essere completato. 5. Una volta che la scansione è completata scorrere verso il basso e fare clic sul Copia negli Appunti pulsante. Questo copia il link del rapporto nella clipboard. 6. Incolla il contenuto degli Appunti nella prossima risposta.
__________________
|
|
#5
6a novembre 2008, 17:19
|
|||
|
|||
|
Ecco le informazioni appunti per il s1S8Dh6X.exe file.
Nome file Informazioni sui file: Dimensione s1S8Dh6X.exeFile: 62.464 byteFile Tipo: PE32 eseguibile per MS Windows (GUI) Intel 80386 32-bitMD5: 895f4e2eed5a30e317460e66989042d0SHA1: risultati 8d133ba222ce2d511ff28d900586e79041a8b4cfScanner Risultati dello scanner: 8% Scanner (3 / 39) found malware! Time: 2008 / 11/06 19:15:08 (EST)Scanner  Motore VerSig. VerData firmaScan risultatoTempoa-squared4.0.0.232008.11.032008-11-03--1.832AhnLab V32008.11.07.012008.11.072008-11-07-- 0.987AntiVir7.9.0.267.1.0.492008-11-06-- 1.503Antiy2.0.1820081106.15602992008-11-06-- 0.122Arcavir1.0.52008110611442008-11-06-- 1.227Authentium5.1.12008110611422008-11-06-- 1.367AVAST! 3.0.1081106-02008-11-06-- 0.725AVG7.5.52.442270.9.0/17722008-11-06Clicker.TXO 1.691BitDefender7.60825.20709477.217192008-11-07-- 3.401CA (IFP) 9.0.0.14331.6.61952008-11-06-- 7.230ClamAV0.9485842008-11-07-- 0.021Comodo2.112.0.0.6992008-11-06-- 0.422CP Secure1.1.0.7152008.11.062008-11-06-- 6.447Dr.Web4.44.0.91702008.11.062008-11-06-- 3.465ewido4.0.0.22008.11.062008-11-06-- 3.024F-Prot4.4.4.56200811062008-11-06-- 1.293F-Secure5.51.61002008.11.06.112008-11-06-- 3.681Fortinet2.81-3.1179.6922008-11-06-- 0.215GData19.1393/19.94200811072008-11-07-- 2.739IkarusT3.1.01.452008.11.06.718072008-11-06-- 3.517JiangMin11.0.7062008.11.062008-11-06-- 1.312Kaspersky5.5.102008.11.062008-11-06-- 0.034KingSoft2008.9.8.182008.11.6.202008-11-06-- 0.690McAfee5.3.0054262008-11-06-- 2.352Microsoft1.41042008.11.072008-11-07-- 8.785mks_vir2.012008.11.062008-11-06-- 2.720Norman5.93.015.93.002008-11-06-- 5.480nProtect2008-11-06,0023828662008-11-06-- 5.379Panda9.05.012008.11.062008-11-06-- 3.744Quick Heal9.502008.09.122008-09-12-- 2.520Rising20.021.02.32.002008-11-06-- 3.054Sophos2.80.04.352008-11-07Mal / EncPk-CZ 1.881Sunbelt3.1.1783.223742008-11-04-- 1.058Symantec1.3.0.2420081106.0042008-11-06Infostealer 0.046The Hacker6.3.1.1v001432008-11-06-- 0.445Trend Micro8.700-10045.642.172008-11-06-- 0.028VBA323.12.8.920081106.17172008-11-06-- 1.390ViRobot200811052008.11.052008-11-05-- 0.398VirusBuster4.5.11.1010.90.27/6712492008-11-06-- 0.876Thanks |
|
#6
6 Novembre 2008, 17:30
|
|||
|
|||
|
|
|
#7
6 Novembre 2008, 17:39
|
|||
|
|||
|
Scarica ComboFix da success da uno dei link qui sotto. Assicurarsi superiore a salvare la Desktop.
Link # 1 Link # 2 ** Nota: E 'importante che si è salvato direttamente sul tuo desktop Chiudere tutti i browser Web aperto. (Firefox, Internet Explorer, etc) prima di iniziare ComboFix. Temporaneamente disattivare tuo antivirus, E qualsiasi antispyware protezione in tempo reale prima eseguire una scansione. Fare clic sul pulsante questo link per visualizzare un elenco di programmi di sicurezza che dovrebbero essere disattivati e come disattivarli. Fare doppio clic su combofix.exe e segui le istruzioni. Per Windows XP Sistemi di installare la Console di ripristino di emergenza: - Se si utilizza Windows XP e non hanno già installato la Console di ripristino di emergenza, si prega di garantire la connessione a Internet è attiva (se possibile) e fare clic su Sì. - Se per qualche ragione il vostro Internet non funziona fare clic No. -- Se non si utilizza Windows XP, non verrà richiesto. - Quando viene richiesto di accettare l'EULA clic OK. - Accetta di Microsoft EULA (Fare clic su Sì). - Quando si è detto che la RC è installato correttamente fare clic SÌ per continuare la scansione di malware. Una volta terminato ComboFix produrrà un log per voi. Posta la ComboFix log nella prossima risposta. Importante: Non clic ComboFix della finestra, mentre è in esecuzione. Che potrebbero indurlo a stalla. Ricorda di riattivare l'antivirus e antispyware quando ComboFix protezione è completa.
__________________
|
|
#8
6 Novembre 2008, 17:57
|
|||
|
|||
|
ComboFix Entra
ComboFix 08-11-05.02 - MKJ 2008-11-06 19:51:34.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3144 [GMT -5:00] Eseguito da: C: \ Documents and Settings \ MKJ \ Desktop \ ComboFix.exe . ((((((((((((((((((((((((( Files Creati dal 2008/10/07 al 2008/11/07 ))))))))))) )))))))))))))))))))) . 2008-11-06 18:15. 2008-11-06 18:15 <DIR> d -------- C: \ Program Files \ CCleaner 2008-11-06 03:51. 2008-11-06 03:51 <DIR> d -------- C: \ Program Files \ Trend Micro 2008-11-06 03:22. 2008-11-06 03:22 <DIR> d -------- C: \ Program Files \ Alwil Software 2008-11-06 02:10. 2008-11-06 02:10 <DIR> d -------- C: \ Program Files \ assembly di riferimento 2008-11-06 02:07. 2008-11-06 02:07 <DIR> dr-h ----- C: \ AHCache 2008-11-05 23:11. 2008-11-06 02:12 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ Uniblue 2008-11-05 22:05. 2008-11-05 22:05 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Malwarebytes 2008-11-05 22:04. 2008-11-05 22:04 <DIR> d -------- C: \ Documents and Settings \ Administrator 2008-11-05 16:34. 2008-11-05 16:34 <DIR> d -------- C: \ Program Files \ Xanga Uploader 2008-11-05 16:34. 2008-11-05 16:34 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \. Xuploader 2008-11-05 16:08. 2008-11-05 16:08 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware 2008-11-05 16:08. 2008-11-05 16:08 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ Malwarebytes 2008-11-05 16:08. 2008-11-05 16:08 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Malwarebytes 2008-11-05 16:08. 2008-10-22 16:10 38.496 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008-11-05 16:08. 2008-10-22 16:10 15.504 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008-11-05 15:38. 2008-11-05 15:38 62.464 - a ------ C: \ windows \ system32 \ s1S8Dh6X.exe 2008-11-01 16:18. 2008-11-01 16:18 <DIR> d -------- C: \ WINDOWS \ system32 \ IOSUBSYS 2008-11-01 16:18. 2008-11-01 16:18 <DIR> d -------- C: \ Program Files \ Google 2008-10-28 02:00. 2008-10-28 02:00 <DIR> d -------- C: \ Program Files \ MSXML 4.0 2008-10-28 01:19. 2008-10-28 01:19 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Application Data \ Nokia 2008-10-28 01:19. 2008-10-28 01:19 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ DataLayer 2008-10-28 01:18. 2008-10-30 05:43 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Phone Browser 2008-10-28 00:55. 2008-10-28 00:55 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Application Data \ DivX 2008-10-28 00:54. 2008-10-28 00:54 <DIR> d -------- C: \ Program Files \ Windows Media Components 2008-10-28 00:54. 2005-06-10 09:43 73.728 - a ------ C: \ windows \ system32 \ ISUSPM.cpl 2008-10-28 00:50. 2008-10-28 00:50 <DIR> d -------- C: \ Program Files \ DIFX 2008-10-28 00:50. 2008-10-28 00:50 <DIR> d -------- C: \ Program Files \ Common Files \ Nokia 2008-10-28 00:50. 2008-10-28 00:58 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ PC Suite 2008-10-28 00:50. 2008-10-28 00:58 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ PC Suite 2008-10-28 00:50. 2008-10-28 00:50 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Downloaded Installations 2008-10-28 00:50. 2006-05-29 07:26 127.488 - a ------ C: \ WINDOWS \ system32 \ drivers \ nmwcd.sys 2008-10-28 00:50. 2006-05-29 07:26 50.688 - a ------ C: \ windows \ system32 \ nmwcdcls.dll 2008-10-28 00:50. 2006-05-29 07:26 30.720 - a ------ C: \ windows \ system32 \ nmwcdcocls.dll 2008-10-28 00:50. 2006-05-29 07:26 13.312 - a ------ C: \ WINDOWS \ system32 \ drivers \ nmwcdcm.sys 2008-10-28 00:50. 2006-05-29 07:26 13.312 - a ------ C: \ WINDOWS \ system32 \ drivers \ nmwcdcj.sys 2008-10-28 00:50. 2006-05-29 07:26 8.704 - a ------ C: \ WINDOWS \ system32 \ drivers \ nmwcdc.sys 2008-10-28 00:50. 2006-05-29 07:26 4.608 - a ------ C: \ windows \ system32 \ nmwcdlog.dll 2008-10-28 00:49. 2008-10-28 00:49 <DIR> d -------- C: \ WINDOWS \ Downloaded Installations 2008-10-28 00:49. 2008-10-28 00:51 <DIR> d -------- C: \ Program Files \ Nokia 2008-10-28 00:49. 2008-10-28 00:50 <DIR> d -------- C: \ Program Files \ Common Files \ PCSuite 2008-10-27 23:54. 2008-10-27 23:54 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ EPSON 2008-10-27 21:55. 2008-10-27 21:55 <DIR> d -------- C: \ Program Files \ Ventrilo 2008-10-27 21:55. 2008-10-27 21:55 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008-10-27 21:55. 2008-10-27 21:56 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ Ventrilo 2008-10-27 21:13. 2008-11-06 19:50 160.100 - a ------ C: \ windows \ system32 \ nvapps.xml 2008-10-27 21:05. 2008-11-05 16:09 da <DIR> ------ C: \ Documents and Settings \ All Users \ Dati applicazioni \ TEMP 2008-10-26 23:48. 2008-11-06 05:29 <DIR> d -------- C: \ Program Files \ easyMule 2008-10-26 13:53. 2008-10-26 13:53 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ Viewpoint 2008-10-25 19:37. 2008-10-25 19:37 <DIR> d -------- C: \ Program Files \ iPod 2008-10-25 19:37. 2008-10-25 19:37 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ Apple Computer 2008-10-25 19:37. 2008-04-17 12:12 107.368 - a ------ C: \ windows \ system32 \ GEARAspi.dll 2008-10-25 19:37. 2008-04-17 12:12 15.464 - a ------ C: \ WINDOWS \ system32 \ drivers \ GEARAspiWDM.sys 2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- C: \ Program Files \ QuickTime 2008-10-25 19:36. 2008-10-25 19:37 <DIR> d -------- C: \ Program Files \ iTunes 2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- C: \ Program Files \ Bonjour 2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- C: \ Program Files \ Apple Software Update 2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple Computer 2008-10-25 19:36. 2008-10-25 19:37 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ () 3276BE95_AF08_429F_A64F_CA64CB79BCF6 2008-10-25 19:35. 2008-10-25 19:36 <DIR> d -------- C: \ Program Files \ Common Files \ Apple 2008-10-25 19:35. 2008-10-25 19:35 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple 2008-10-24 18:11. 2007-07-30 18:19 271.224 - a ------ C: \ windows \ system32 \ mucltui.dll 2008-10-24 18:11. 2007-07-30 18:19 30.072 - a ------ C: \ windows \ system32 \ mucltui.dll.mui 2008-10-24 15:39. 2008-10-24 15:39 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Blizzard 2008-10-24 14:24. 2008-10-24 14:24 <DIR> d -------- C: \ Program Files \ Real 2008-10-24 14:24. 2008-10-24 14:24 <DIR> d -------- C: \ Program Files \ Common Files \ xing condivisa 2008-10-24 14:24. 2008-10-24 14:24 <DIR> d -------- C: \ Program Files \ Common Files \ Real 2008-10-24 14:07. 2008-10-24 14:07 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Logs 2008-10-24 13:59. 2008-10-24 13:59 <DIR> d -------- C: \ Logs 2008-10-24 10:05. 2008-10-27 21:15 <DIR> d -------- C: \ WINDOWS \ nView 2008-10-24 10:05. 2008-01-10 01:30 442.368-ra ------ C: \ WINDOWS \ system32 \ nvusmb.exe 2008-10-24 10:05. 2008-03-06 15:23 442.368 - a ------ C: \ windows \ system32 \ NVUNINST.EXE 2008-10-24 10:05. 2008-03-19 04:04 442.368 - a ------ C: \ windows \ system32 \ nvudisp.exe 2008-10-24 10:05. 2007-09-27 22:32 356.352-ra ------ C: \ WINDOWS \ system32 \ nvusmu.exe 2008-10-24 10:05. 2008-01-03 17:26 17.737 - a ------ C: \ windows \ system32 \ nvdisp.nvu 2008-10-24 10:05. 2007-10-12 03:53 13.312-ra ------ C: \ WINDOWS \ system32 \ drivers \ nvsmu.sys 2008-10-24 10:05. 2007-12-07 03:12 5.836 - a ------ C: \ windows \ system32 \ nvnrm.nvu 2008-10-24 10:05. 2008-01-16 17:17 3.948-ra ------ C: \ WINDOWS \ system32 \ drivers \ nvphy.bin 2008-10-24 10:05. 2007-12-07 01:34 2.016-ra ------ C: \ WINDOWS \ system32 \ nvsmb.nvu 2008-10-24 10:05. 2007-09-12 01:14 659-ra ------ C: \ WINDOWS \ system32 \ nvsmu.nvu 2008-10-24 10:04. 2008-10-23 22:44 35.647 - a ------ C: \ WINDOWS \ Ascd_log.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-11-06 10:37 --------- d ----- bagni: \ Program Files \ AIMTunes 2008-11-04 21:36 --------- d ----- bagni: \ Program Files \ World of Warcraft 2008-10-28 05:55 --------- d ----- bagni: \ Program Files \ Common Files \ Ulead Systems 2008-10-28 05:55 --------- d ----- bagni: \ Documents and Settings \ MKJ \ Dati applicazioni \ Ulead Systems 2008-10-28 05:54 --------- d ----- bagni: \ Program Files \ Ulead Systems 2008-10-28 05:54 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ Ulead Systems 2008-10-28 05:53 --------- d - h - WC: \ Program Files \ InstallShield Installation Information 2008-10-28 05:02 --------- d ----- bagni: \ Program Files \ Common Files \ Adobe 2008-10-24 19:24 499.712 ---- aw C: \ windows \ system32 \ msvcp71.dll 2008-10-24 19:24 348.160 ---- aw C: \ windows \ system32 \ msvcr71.dll 2008-10-24 14:51 --------- d ----- bagni: \ Program Files \ Microsoft FrontPage 2008-10-24 07:55 --------- d ----- bagni: \ Program Files \ MSN Messenger 2008-10-24 06:09 --------- d ----- bagni: \ Program Files \ Microsoft CAPICOM 2.1.0.2 2008-10-24 05:44 --------- d ----- bagni: \ Program Files \ Winamp 2008-10-24 05:44 --------- d ----- bagni: \ Documents and Settings \ MKJ \ Dati applicazioni \ Winamp 2008-10-24 05:40 --------- d ----- bagni: \ Documents and Settings \ MKJ \ Dati applicazioni \ acccore 2008-10-24 05:39 --------- d ----- bagni: \ Program Files \ AIM6 2008-10-24 05:39 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ Download AOL 2008-10-24 05:38 --------- d ----- bagni: \ Program Files \ Viewpoint 2008-10-24 05:38 --------- d ----- bagni: \ Program Files \ Common Files \ AOL 2008-10-24 05:38 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ Viewpoint 2008-10-24 05:38 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ AOL OCP 2008-10-24 05:38 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ AOL 2008-10-24 05:38 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ acccore 2008-10-24 05:32 --------- d ----- bagni: \ Program Files \ Common Files \ Blizzard Entertainment 2008-10-24 05:20 --------- d ----- bagni: \ Program Files \ Windows Media Connect 2 2008-10-24 05:10 --------- d ----- bagni: \ Program Files \ DivX 2008-10-24 05:08 --------- d ----- bagni: \ Program Files \ DefilerPak 2008-10-24 04:37 --------- d ----- bagni: \ Program Files \ Realtek 2008-10-24 04:33 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ Symantec 2008-10-24 04:18 --------- d ----- bagni: \ Program Files \ Common Files \ Symantec Shared 2008-10-24 03:58 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ InstallShield 2008-10-24 03:57 --------- d ----- bagni: \ Program Files \ Common Files \ InstallShield 2008-10-24 03:54 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ Corel 2008-10-24 03:33 --------- d ----- bagni: \ Program Files \ ASUS 2008-10-24 03:08 315.392 ---- aw C: \ WINDOWS \ HideWin.exe 2008-10-24 03:08 --------- d ----- bagni: \ Program Files \ profilo 2008-10-24 00:18 2.302.017 ---- aw C: \ windows \ system32 \ GPhotos.scr 2008-09-23 22:46 245.408 ---- aw C: \ windows \ system32 \ unicows.dll 2008-09-15 12:12 1.846.400 ---- aw c: \ windows \ system32 \ win32k.sys 2008-09-08 10:41 333.824 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys 2008-08-29 14:18 87.336 ---- aw C: \ windows \ system32 \ dns-sd.exe 2008-08-29 13:53 61.440 ---- aw C: \ windows \ system32 \ dnssd.dll 2008-08-26 07:24 826.368 ---- aw c: \ windows \ system32 \ wininet.dll 2008-08-14 10:09 2.145.280 ---- aw C: \ WINDOWS \ system32 \ ntoskrnl.exe 2008-08-14 09:33 2.023.936 ---- aw C: \ windows \ system32 \ Ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * vuoto voci & legit default voci non vengono visualizzate REGEDIT4 [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (0A0DDBD3-6641-40B9-873F-BBDD26D6C14E)] 2008-10-23 02:37 147928 - a ------ C: \ Program Files \ eMule \ modules \ IE2EM.dll [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ windows \ system32 \ ctfmon.exe" [2008-04-13 15360] "\ \ MING3 \ EPSON Stylus C120 Series "=" C: \ Windows \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATICCA.EXE "[2007-03-12 182272] "PcSync" = "C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe" [2006-06-27 1449984] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "PHIME2002ASync" = "C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe" [2004-08-04 455168] "PHIME2002A" = "C: \ Windows \ System32 \ IME \ PINTLGNT \ TIN TSETP.EXE" [2004-08-04 455168] "Ai Nap" = "C: \ Program Files \ ASUS \ AI Suite \ AiNap \ AiNap.exe" [2008-01-28 1413120] "CPU Power Monitor" = "C: \ Program Files \ ASUS \ AI Suite \ AiGear3 \ CpuPowerMonitor.exe" [2008-01-09 627200] "CPU Level Up Help" = "C: \ Program Files \ ASUS \ AI Suite \ CpuLevelUpHelp.exe" [2007-11-30 881152] "ASUS Energy Saving" = "C: \ Program Files \ ASUS \ AI Suite \ risparmio energetico \ PwSave.exe" [2008-01-28 1352704] "Ulead AutoDetector v2" = "C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.zip" [2006-11-29 90112] "Google Desktop Search" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-10-24 185872] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-10-01 289576] "NvCplDaemon" = "C: \ windows \ system32 \ NvMcTray.dll" [2008-01-03 13508608] "NvCplDaemon" = "C: \ windows \ system32 \ NvMcTray. Dll" [2008-01-03 86016] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792] "NSLauncher" = "C: \ Program Files \ Nokia \ Nokia Software Launcher \ NSLauncher.exe" [2006-11-28 2658304] "avast!" = "C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2008-07-19 78008] "NeroFilterCheck" = "VTTimer.exe" [2008/05/07 c: \ windows \ VTTimer.exe] "nwiz" = "RTHDCPL.EXE" [2008/01/03 c: \ windows \ system32 \ mobsync.exe] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32] "msacm.dvacm" = C: \ PROGRA ~ 1 \ COMUNE ~ 1 \ ULEADS ~ 1 \ Vio \ Dvacm.acm "msacm.divxa32" = DivXa32.acm "msacm.ulmp3acm" = C: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ MPEG \ ulmp3acm.acm "msacm.mpegacm" = C: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ MPEG \ mpegacm.acm [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnet3.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnet3 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnet3 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx30SP1setup.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx30SP1setup [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx30SP1setup [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx35.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx35setup.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx35setup [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx35setup [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx35 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx35 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3setup.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3setup [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3setup [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3_ia64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3_ia64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3_ia64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3_x64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3_x64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3_x64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_ia64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_ia64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_ia64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_x64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_x64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_x64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_x86.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_x86 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_x86 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_ia64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_ia64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_ia64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_x64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_x64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_x64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_x86.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_x86 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_x86 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx30SP1_x64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx30SP1_x64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx30SP1_x64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx30SP1_x86.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx30SP1_x86 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx30SP1_x86 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_ia64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_ia64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_ia64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_x64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_x64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_x64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_x86.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_x86 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_x86 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "C: \ Program Files \ \ World of Warcraft \ \ WoW-2.3.0-enUS-downloader.exe" = "c: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "c: \ \ Program Files \ \ MSN Messenger \ \ livecall.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ \ Programmi \ \ eMule \ \ emule.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "3724: TCP" = 3724: TCP: Blizzard Downloader: 3724 "12178: TCP" = 12178: TCP: BitComet 12178 TCP "12178: UDP" = 12178: UDP: BitComet 12178 UDP R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [2008-07-19 78416] R2 aswFsBlk; aswFsBlk c: \ windows \ system32 \ DRIVERS \ aswF sBlk.sys [2008-07-19 20560] R2 Viewpoint Manager Service; Viewpoint Manager Service C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2007-01-04 24652] R3 NVHDA; Servizio per driver NVIDIA High Definition Audio, c: \ windows \ system32 \ drivers \ nvhda32.sys [2008-05-04 38560] . Indice dell ' "Operazioni pianificate' cartella 2008/11/01 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 11:34] 2008/11/06 C: \ WINDOWS \ Tasks \ At1.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At10.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At11.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At12.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At13.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At14.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At15.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At16.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At17.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At18.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At19.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At2.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/07 C: \ WINDOWS \ Tasks \ At20.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At21.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At22.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At23.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At24.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At3.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At4.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At5.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At6.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At7.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At8.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] 2008/11/06 C: \ WINDOWS \ Tasks \ At9.job - C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38] . - - - - ORFANI REMOVED - - - -- HKCU-Run-CTFMON.EXE 2009 - c: \ Program Files \ Uniblue \ RegistryBooster \ RegistryBooster.exe MSConfigStartUp-CTFMON.EXE 2009 - c: \ Program Files \ Uniblue \ RegistryBooster \ RegistryBooster.exe . ------- ------- Supplementari Scan . R0 -: HKCU-Main, Start Page = circa: bianco R1 -: HKCU-Internet Settings, ProxyOverride = *. locali O8 -: Aggiungi a Google Photos Screensa & ver - c: \ windows \ system32 \ GPhotos.scr/200 O8 -: Scarica da eMule - c: \ Program Files \ eMule \ IE2EM.htm . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-06 19:54:20 5/1/2600 Windows Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... scansione di file nascosti ... scansione completata con successo i file nascosti: 0 ************************************************** ************************ . Ora fine: 2008-11-06 19:54:45 ComboFix-quarantined-files.txt 2008-11-07 00:54:42 Pre-Run: 41621639168 bytes free Post-Run: 41699291136 bytes free 396 --- EOF --- 2008-10-28 07:00:21 |
|
#9
6 Novembre 2008, 18:28
|
|||
|
|||
|
Nota: le istruzioni qui di seguito sono stati creati appositamente per questo utente. Se non siete l'utente, NON seguire queste istruzioni in quanto potrebbero danneggiare il funzionamento del sistema
Elimina i file / cartelle, come segue: 1. Vai a Inizio > Correre > Tipo Notepad.exe e fare clic su OK per aprire il Blocco note. Esso dovere essere il Blocco note, non Wordpad. 2. Copia il testo nella casella qui sotto il codice evidenziando tutto il testo e premendo Ctrl + C Codice:
Killall:: File:: c: \ windows \ system32 \ s1S8Dh6X.exe c: \ windows \ Tasks \ At1.job c: \ windows \ Tasks \ At10.job C: \ WINDOWS \ Tasks \ At11.job C: \ WINDOWS \ Tasks \ At12.job C: \ WINDOWS \ Tasks \ At13.job C: \ WINDOWS \ Tasks \ At14.job C: \ WINDOWS \ Tasks \ At15.job C: \ WINDOWS \ Tasks \ At16.job C: \ WINDOWS \ Tasks \ At17.job C: \ WINDOWS \ Tasks \ At18.job C: \ WINDOWS \ Tasks \ At19.job C: \ WINDOWS \ Tasks \ At2.job C: \ WINDOWS \ Tasks \ At20.job C: \ WINDOWS \ Tasks \ At21.job C: \ WINDOWS \ Tasks \ At22.job C: \ WINDOWS \ Tasks \ At23.job C: \ WINDOWS \ Tasks \ At24.job C: \ WINDOWS \ Tasks \ At3.job c: \ windows \ Tasks \ At4.job c: \ windows \ Tasks \ At5.job c: \ windows \ Tasks \ At6.job c: \ windows \ Tasks \ At7.job c: \ windows \ Tasks \ At8.job c: \ windows \ Tasks \ At9.job 4. Quindi, fare clic su File > Salvare 5. Nome del file CFScript.txt - Salva il file sul tuo desktop 6. Quindi, trascinare il CFScript (tenere premuto il tasto sinistro del mouse mentre si trascina il file) e rilasciarlo (rilasciare il tasto sinistro del mouse) in ComboFix.exe come potete vedere nella schermata qui sotto. Importante: Eseguire questa attentamente le istruzioni!  ComboFix inizierà a eseguire, basta seguire le istruzioni. Dopo il reboot (nel caso in cui si chiede di riavviare), che produrrà un log per voi. Post che log (Combofix.txt) nella prossima risposta. Nota: Non clic ComboFix della finestra, mentre è in esecuzione. Questo può causare il sistema per congelare
__________________
|
|
#10
6 Novembre 2008, 18:37
|
|||
|
|||
|
ComboFix Entra
ComboFix 08-11-05.02 - MKJ 2008-11-06 20:31:01.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2458 [GMT -5:00] Eseguito da: C: \ Documents and Settings \ MKJ \ Desktop \ ComboFix.exe Interruttori di comando utilizzati:: C: \ Documents and Settings \ MKJ \ Desktop \ CFScript.txt * Creato un nuovo punto di ripristino FILE:: c: \ windows \ system32 \ s1S8Dh6X.exe c: \ windows \ Tasks \ At1.job c: \ windows \ Tasks \ At10.job c: \ windows \ Tasks \ At11.job c: \ windows \ Tasks \ At12.job c: \ windows \ Tasks \ At13.job c: \ windows \ Tasks \ At14.job c: \ windows \ Tasks \ At15.job c: \ windows \ Tasks \ At16.job c: \ windows \ Tasks \ At17.job c: \ windows \ Tasks \ At18.job c: \ windows \ Tasks \ At19.job c: \ windows \ Tasks \ At2.job c: \ windows \ Tasks \ At20.job c: \ windows \ Tasks \ At21.job c: \ windows \ Tasks \ At22.job c: \ windows \ Tasks \ At23.job c: \ windows \ Tasks \ At24.job c: \ windows \ Tasks \ At3.job c: \ windows \ Tasks \ At4.job c: \ windows \ Tasks \ At5.job c: \ windows \ Tasks \ At6.job c: \ windows \ Tasks \ At7.job c: \ windows \ Tasks \ At8.job c: \ windows \ Tasks \ At9.job . Altri ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ s1S8Dh6X.exe c: \ windows \ Tasks \ At1.job c: \ windows \ Tasks \ At10.job c: \ windows \ Tasks \ At11.job c: \ windows \ Tasks \ At12.job c: \ windows \ Tasks \ At13.job c: \ windows \ Tasks \ At14.job c: \ windows \ Tasks \ At15.job c: \ windows \ Tasks \ At16.job c: \ windows \ Tasks \ At17.job c: \ windows \ Tasks \ At18.job c: \ windows \ Tasks \ At19.job c: \ windows \ Tasks \ At2.job c: \ windows \ Tasks \ At20.job c: \ windows \ Tasks \ At21.job c: \ windows \ Tasks \ At22.job c: \ windows \ Tasks \ At23.job c: \ windows \ Tasks \ At24.job c: \ windows \ Tasks \ At3.job c: \ windows \ Tasks \ At4.job c: \ windows \ Tasks \ At5.job c: \ windows \ Tasks \ At6.job c: \ windows \ Tasks \ At7.job c: \ windows \ Tasks \ At8.job c: \ windows \ Tasks \ At9.job . ((((((((((((((((((((((((( Files Creati dal 2008/10/07 al 2008/11/07 ))))))))))) )))))))))))))))))))) . 2008-11-06 18:15. 2008-11-06 18:15 <DIR> d -------- C: \ Program Files \ CCleaner 2008-11-06 03:51. 2008-11-06 03:51 <DIR> d -------- C: \ Program Files \ Trend Micro 2008-11-06 03:22. 2008-11-06 03:22 <DIR> d -------- C: \ Program Files \ Alwil Software 2008-11-06 02:10. 2008-11-06 02:10 <DIR> d -------- C: \ Program Files \ assembly di riferimento 2008-11-06 02:07. 2008-11-06 02:07 <DIR> dr-h ----- C: \ AHCache 2008-11-05 23:11. 2008-11-06 02:12 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ Uniblue 2008-11-05 22:05. 2008-11-05 22:05 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Malwarebytes 2008-11-05 22:04. 2008-11-05 22:04 <DIR> d -------- C: \ Documents and Settings \ Administrator 2008-11-05 16:34. 2008-11-05 16:34 <DIR> d -------- C: \ Program Files \ Xanga Uploader 2008-11-05 16:34. 2008-11-05 16:34 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \. Xuploader 2008-11-05 16:08. 2008-11-05 16:08 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware 2008-11-05 16:08. 2008-11-05 16:08 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ Malwarebytes 2008-11-05 16:08. 2008-11-05 16:08 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Malwarebytes 2008-11-05 16:08. 2008-10-22 16:10 38.496 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008-11-05 16:08. 2008-10-22 16:10 15.504 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008-11-01 16:18. 2008-11-01 16:18 <DIR> d -------- C: \ WINDOWS \ system32 \ IOSUBSYS 2008-11-01 16:18. 2008-11-01 16:18 <DIR> d -------- C: \ Program Files \ Google 2008-10-28 02:00. 2008-10-28 02:00 <DIR> d -------- C: \ Program Files \ MSXML 4.0 2008-10-28 01:19. 2008-10-28 01:19 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Application Data \ Nokia 2008-10-28 01:19. 2008-10-28 01:19 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ DataLayer 2008-10-28 01:18. 2008-10-30 05:43 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Phone Browser 2008-10-28 00:55. 2008-10-28 00:55 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Application Data \ DivX 2008-10-28 00:54. 2008-10-28 00:54 <DIR> d -------- C: \ Program Files \ Windows Media Components 2008-10-28 00:54. 2005-06-10 09:43 73.728 - a ------ C: \ windows \ system32 \ ISUSPM.cpl 2008-10-28 00:50. 2008-10-28 00:50 <DIR> d -------- C: \ Program Files \ DIFX 2008-10-28 00:50. 2008-10-28 00:50 <DIR> d -------- C: \ Program Files \ Common Files \ Nokia 2008-10-28 00:50. 2008-10-28 00:58 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ PC Suite 2008-10-28 00:50. 2008-10-28 00:58 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ PC Suite 2008-10-28 00:50. 2008-10-28 00:50 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Downloaded Installations 2008-10-28 00:50. 2006-05-29 07:26 127.488 - a ------ C: \ WINDOWS \ system32 \ drivers \ nmwcd.sys 2008-10-28 00:50. 2006-05-29 07:26 50.688 - a ------ C: \ windows \ system32 \ nmwcdcls.dll 2008-10-28 00:50. 2006-05-29 07:26 30.720 - a ------ C: \ windows \ system32 \ nmwcdcocls.dll 2008-10-28 00:50. 2006-05-29 07:26 13.312 - a ------ C: \ WINDOWS \ system32 \ drivers \ nmwcdcm.sys 2008-10-28 00:50. 2006-05-29 07:26 13.312 - a ------ C: \ WINDOWS \ system32 \ drivers \ nmwcdcj.sys 2008-10-28 00:50. 2006-05-29 07:26 8.704 - a ------ C: \ WINDOWS \ system32 \ drivers \ nmwcdc.sys 2008-10-28 00:50. 2006-05-29 07:26 4.608 - a ------ C: \ windows \ system32 \ nmwcdlog.dll 2008-10-28 00:49. 2008-10-28 00:49 <DIR> d -------- C: \ WINDOWS \ Downloaded Installations 2008-10-28 00:49. 2008-10-28 00:51 <DIR> d -------- C: \ Program Files \ Nokia 2008-10-28 00:49. 2008-10-28 00:50 <DIR> d -------- C: \ Program Files \ Common Files \ PCSuite 2008-10-27 23:54. 2008-10-27 23:54 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ EPSON 2008-10-27 21:55. 2008-10-27 21:55 <DIR> d -------- C: \ Program Files \ Ventrilo 2008-10-27 21:55. 2008-10-27 21:55 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008-10-27 21:55. 2008-10-27 21:56 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ Ventrilo 2008-10-27 21:13. 2008-11-06 20:34 160.100 - a ------ C: \ windows \ system32 \ nvapps.xml 2008-10-27 21:05. 2008-11-05 16:09 da <DIR> ------ C: \ Documents and Settings \ All Users \ Dati applicazioni \ TEMP 2008-10-26 23:48. 2008-11-06 05:29 <DIR> d -------- C: \ Program Files \ easyMule 2008-10-26 13:53. 2008-10-26 13:53 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ Viewpoint 2008-10-25 19:37. 2008-10-25 19:37 <DIR> d -------- C: \ Program Files \ iPod 2008-10-25 19:37. 2008-10-25 19:37 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Dati applicazioni \ Apple Computer 2008-10-25 19:37. 2008-04-17 12:12 107.368 - a ------ C: \ windows \ system32 \ GEARAspi.dll 2008-10-25 19:37. 2008-04-17 12:12 15.464 - a ------ C: \ WINDOWS \ system32 \ drivers \ GEARAspiWDM.sys 2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- C: \ Program Files \ QuickTime 2008-10-25 19:36. 2008-10-25 19:37 <DIR> d -------- C: \ Program Files \ iTunes 2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- C: \ Program Files \ Bonjour 2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- C: \ Program Files \ Apple Software Update 2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple Computer 2008-10-25 19:36. 2008-10-25 19:37 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ () 3276BE95_AF08_429F_A64F_CA64CB79BCF6 2008-10-25 19:35. 2008-10-25 19:36 <DIR> d -------- C: \ Program Files \ Common Files \ Apple 2008-10-25 19:35. 2008-10-25 19:35 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple 2008-10-24 18:11. 2007-07-30 18:19 271.224 - a ------ C: \ windows \ system32 \ mucltui.dll 2008-10-24 18:11. 2007-07-30 18:19 30.072 - a ------ C: \ windows \ system32 \ mucltui.dll.mui 2008-10-24 15:39. 2008-10-24 15:39 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Blizzard 2008-10-24 14:24. 2008-10-24 14:24 <DIR> d -------- C: \ Program Files \ Real 2008-10-24 14:24. 2008-10-24 14:24 <DIR> d -------- C: \ Program Files \ Common Files \ xing condivisa 2008-10-24 14:24. 2008-10-24 14:24 <DIR> d -------- C: \ Program Files \ Common Files \ Real 2008-10-24 14:07. 2008-10-24 14:07 <DIR> d -------- C: \ Documents and Settings \ MKJ \ Logs 2008-10-24 13:59. 2008-10-24 13:59 <DIR> d -------- C: \ Logs 2008-10-24 10:05. 2008-10-27 21:15 <DIR> d -------- C: \ WINDOWS \ nView 2008-10-24 10:05. 2008-01-10 01:30 442.368-ra ------ C: \ WINDOWS \ system32 \ nvusmb.exe 2008-10-24 10:05. 2008-03-06 15:23 442.368 - a ------ C: \ windows \ system32 \ NVUNINST.EXE 2008-10-24 10:05. 2008-03-19 04:04 442.368 - a ------ C: \ windows \ system32 \ nvudisp.exe 2008-10-24 10:05. 2007-09-27 22:32 356.352-ra ------ C: \ WINDOWS \ system32 \ nvusmu.exe 2008-10-24 10:05. 2008-01-03 17:26 17.737 - a ------ C: \ windows \ system32 \ nvdisp.nvu 2008-10-24 10:05. 2007-10-12 03:53 13.312-ra ------ C: \ WINDOWS \ system32 \ drivers \ nvsmu.sys 2008-10-24 10:05. 2007-12-07 03:12 5.836 - a ------ C: \ windows \ system32 \ nvnrm.nvu 2008-10-24 10:05. 2008-01-16 17:17 3.948-ra ------ C: \ WINDOWS \ system32 \ drivers \ nvphy.bin 2008-10-24 10:05. 2007-12-07 01:34 2.016-ra ------ C: \ WINDOWS \ system32 \ nvsmb.nvu 2008-10-24 10:05. 2007-09-12 01:14 659-ra ------ C: \ WINDOWS \ system32 \ nvsmu.nvu 2008-10-24 10:04. 2008-10-23 22:44 35.647 - a ------ C: \ WINDOWS \ Ascd_log.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-11-06 10:37 --------- d ----- bagni: \ Program Files \ AIMTunes 2008-11-04 21:36 --------- d ----- bagni: \ Program Files \ World of Warcraft 2008-10-28 05:55 --------- d ----- bagni: \ Program Files \ Common Files \ Ulead Systems 2008-10-28 05:55 --------- d ----- bagni: \ Documents and Settings \ MKJ \ Dati applicazioni \ Ulead Systems 2008-10-28 05:54 --------- d ----- bagni: \ Program Files \ Ulead Systems 2008-10-28 05:54 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ Ulead Systems 2008-10-28 05:53 --------- d - h - WC: \ Program Files \ InstallShield Installation Information 2008-10-28 05:02 --------- d ----- bagni: \ Program Files \ Common Files \ Adobe 2008-10-24 19:24 499.712 ---- aw C: \ windows \ system32 \ msvcp71.dll 2008-10-24 19:24 348.160 ---- aw C: \ windows \ system32 \ msvcr71.dll 2008-10-24 14:51 --------- d ----- bagni: \ Program Files \ Microsoft FrontPage 2008-10-24 07:55 --------- d ----- bagni: \ Program Files \ MSN Messenger 2008-10-24 06:09 --------- d ----- bagni: \ Program Files \ Microsoft CAPICOM 2.1.0.2 2008-10-24 05:44 --------- d ----- bagni: \ Program Files \ Winamp 2008-10-24 05:44 --------- d ----- bagni: \ Documents and Settings \ MKJ \ Dati applicazioni \ Winamp 2008-10-24 05:40 --------- d ----- bagni: \ Documents and Settings \ MKJ \ Dati applicazioni \ acccore 2008-10-24 05:39 --------- d ----- bagni: \ Program Files \ AIM6 2008-10-24 05:39 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ Download AOL 2008-10-24 05:38 --------- d ----- bagni: \ Program Files \ Viewpoint 2008-10-24 05:38 --------- d ----- bagni: \ Program Files \ Common Files \ AOL 2008-10-24 05:38 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ Viewpoint 2008-10-24 05:38 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ AOL OCP 2008-10-24 05:38 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ AOL 2008-10-24 05:38 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ acccore 2008-10-24 05:32 --------- d ----- bagni: \ Program Files \ Common Files \ Blizzard Entertainment 2008-10-24 05:20 --------- d ----- bagni: \ Program Files \ Windows Media Connect 2 2008-10-24 05:10 --------- d ----- bagni: \ Program Files \ DivX 2008-10-24 05:08 --------- d ----- bagni: \ Program Files \ DefilerPak 2008-10-24 04:37 --------- d ----- bagni: \ Program Files \ Realtek 2008-10-24 04:33 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ Symantec 2008-10-24 04:18 --------- d ----- bagni: \ Program Files \ Common Files \ Symantec Shared 2008-10-24 03:58 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ InstallShield 2008-10-24 03:57 --------- d ----- bagni: \ Program Files \ Common Files \ InstallShield 2008-10-24 03:54 --------- d ----- bagni: \ Documents and Settings \ All Users \ Dati applicazioni \ Corel 2008-10-24 03:33 --------- d ----- bagni: \ Program Files \ ASUS 2008-10-24 03:08 315.392 ---- aw C: \ WINDOWS \ HideWin.exe 2008-10-24 03:08 --------- d ----- bagni: \ Program Files \ profilo 2008-10-24 00:18 2.302.017 ---- aw C: \ windows \ system32 \ GPhotos.scr 2008-09-23 22:46 245.408 ---- aw C: \ windows \ system32 \ unicows.dll 2008-09-15 12:12 1.846.400 ---- aw c: \ windows \ system32 \ win32k.sys 2008-09-08 10:41 333.824 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys 2008-08-29 14:18 87.336 ---- aw C: \ windows \ system32 \ dns-sd.exe 2008-08-29 13:53 61.440 ---- aw C: \ windows \ system32 \ dnssd.dll 2008-08-26 07:24 826.368 ---- aw c: \ windows \ system32 \ wininet.dll 2008-08-14 10:09 2.145.280 ---- aw C: \ WINDOWS \ system32 \ ntoskrnl.exe 2008-08-14 09:33 2.023.936 ---- aw C: \ windows \ system32 \ Ntkrnlpa.exe . ((((((((((((((((((((((((((((( Snapshot@2008-11-06_19.54.31.75 )))))))))) ))))))))))))))))))))))))))))))) . - 2008-11-06 23:26:54 49.198 ---- aw C: \ windows \ system32 \ Perfc009.dat + 2008-11-07 00:54:48 49.198 ---- aw C: \ windows \ system32 \ Perfc009.dat - 2008-11-06 23:26:54 390.094 ---- aw C: \ windows \ system32 \ Perfh009.dat + 2008-11-07 00:54:48 390.094 ---- aw C: \ windows \ system32 \ Perfh009.dat + 2008-11-07 01:33:47 16.384 ---- atw C: \ WINDOWS \ Temp \ Perflib_Perfdata_584.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * vuoto voci & legit default voci non vengono visualizzate REGEDIT4 [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (0A0DDBD3-6641-40B9-873F-BBDD26D6C14E)] 2008-10-23 02:37 147928 - a ------ C: \ Program Files \ eMule \ modules \ IE2EM.dll [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ windows \ system32 \ ctfmon.exe" [2008-04-13 15360] "\ \ MING3 \ EPSON Stylus C120 Series "=" C: \ Windows \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATICCA.EXE "[2007-03-12 182272] "PcSync" = "C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe" [2006-06-27 1449984] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "PHIME2002ASync" = "C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe" [2004-08-04 455168] "PHIME2002A" = "C: \ Windows \ System32 \ IME \ PINTLGNT \ TIN TSETP.EXE" [2004-08-04 455168] "Ai Nap" = "C: \ Program Files \ ASUS \ AI Suite \ AiNap \ AiNap.exe" [2008-01-28 1413120] "CPU Power Monitor" = "C: \ Program Files \ ASUS \ AI Suite \ AiGear3 \ CpuPowerMonitor.exe" [2008-01-09 627200] "CPU Level Up Help" = "C: \ Program Files \ ASUS \ AI Suite \ CpuLevelUpHelp.exe" [2007-11-30 881152] "ASUS Energy Saving" = "C: \ Program Files \ ASUS \ AI Suite \ risparmio energetico \ PwSave.exe" [2008-01-28 1352704] "Ulead AutoDetector v2" = "C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.zip" [2006-11-29 90112] "Google Desktop Search" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-10-24 185872] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-10-01 289576] "NvCplDaemon" = "C: \ windows \ system32 \ NvMcTray.dll" [2008-01-03 13508608] "NvCplDaemon" = "C: \ windows \ system32 \ NvMcTray. Dll" [2008-01-03 86016] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792] "NSLauncher" = "C: \ Program Files \ Nokia \ Nokia Software Launcher \ NSLauncher.exe" [2006-11-28 2658304] "NeroFilterCheck" = "VTTimer.exe" [2008/05/07 c: \ windows \ VTTimer.exe] "nwiz" = "RTHDCPL.EXE" [2008/01/03 c: \ windows \ system32 \ mobsync.exe] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32] "msacm.dvacm" = C: \ PROGRA ~ 1 \ COMUNE ~ 1 \ ULEADS ~ 1 \ Vio \ Dvacm.acm "msacm.divxa32" = DivXa32.acm "msacm.ulmp3acm" = C: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ MPEG \ ulmp3acm.acm "msacm.mpegacm" = C: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ MPEG \ mpegacm.acm [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnet3.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnet3 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnet3 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx30SP1setup.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx30SP1setup [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx30SP1setup [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx35.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx35setup.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx35setup [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx35setup [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx35 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx35 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3setup.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3setup [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3setup [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3_ia64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3_ia64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3_ia64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3_x64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3_x64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx3_x64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ dotnetfx [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_ia64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_ia64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_ia64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_x64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_x64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_x64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_x86.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_x86 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP1_x86 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_ia64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_ia64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_ia64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_x64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_x64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_x64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_x86.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_x86 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx20SP2_x86 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx30SP1_x64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx30SP1_x64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx30SP1_x64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx30SP1_x86.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx30SP1_x86 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx30SP1_x86 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_ia64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_ia64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_ia64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_x64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_x64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_x64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_x86.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_x86 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx35_x86 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx64.exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx64 [1]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file opzioni di esecuzione \ NetFx64 [2]. Exe] "Debugger" = C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "C: \ Program Files \ \ World of Warcraft \ \ WoW-2.3.0-enUS-downloader.exe" = "c: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "c: \ \ Program Files \ \ MSN Messenger \ \ livecall.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ \ Programmi \ \ eMule \ \ emule.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "3724: TCP" = 3724: TCP: Blizzard Downloader: 3724 "12178: TCP" = 12178: TCP: BitComet 12178 TCP "12178: UDP" = 12178: UDP: BitComet 12178 UDP R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [2008-07-19 78416] R2 aswFsBlk; aswFsBlk c: \ windows \ system32 \ DRIVERS \ aswF sBlk.sys [2008-07-19 20560] R2 Viewpoint Manager Service; Viewpoint Manager Service C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2007-01-04 24652] R3 NVHDA; Servizio per driver NVIDIA High Definition Audio, c: \ windows \ system32 \ drivers \ nvhda32.sys [2008-05-04 38560] . Indice dell ' "Operazioni pianificate' cartella 2008/11/01 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 11:34] . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-06 20:34:11 5/1/2600 Windows Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... scansione di file nascosti ... scansione completata con successo i file nascosti: 0 ************************************************** ************************ . ------------------------ Altri processi in esecuzione ----------------------- -- . C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PSIService.exe c: \ Program Files \ ASUS \ AASP \ 1.00.61 \ aaCenter.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe c: \ progra ~ 1 \ COMUNE ~ 1 \ Nokia \ MPAPI \ MPAPI3s.exe . ************************************************** ************************ . Ora fine: 2008-11-06 20:36:06 - macchina è stato riavviato ComboFix-quarantined-files.txt 2008-11-07 01:36:02 ComboFix2.txt 2008-11-07 00:54:46 Pre-Run: 41668276224 bytes free Post-Run: 41678303232 bytes free 418 --- EOF --- 2008-10-28 07:00:21 Grazie |
