|
|
#1
23. Mag 2009, 09:33
| |||
| |||
| Sono amici su un computer, Vista, e le finestre non si aggiorna. Finora ho trovato e rimosso Internet Anti-Virus, Win32Adload.r, e video.exe. Hanno anche avuto il coupon che lo spyware e il loro figlio mantenuto carico antivirus. Ho eliminato entrambi (LOL Limewire si installa in 400 posti, ho dovuto passare attraverso tutte le cartelle e file per liberarsi di tale). Ma ancora non finestre aggiornamento. I'm 80072efd ottenere un codice che dice c'è una finestra da firewall impedisce l'aggiornamento. Non riesco a trovare qualsiasi firewall diverso da quello di Windows e ho cercato in ogni cartella. Qui ci sono le tre tronchi, non riesco a trovare nulla, ho perso qualcosa? NOTA: non riesco a caricare una qualsiasi delle tre tronchi. Continuo a ricevere il messaggio di file non valido dal sito. What's up with that? Ho troppi arrivi qui? vorrei provare un copia incolla: SUPERAntiSpyware Scan Entra http://www.superantispyware.com Generata 05/23/2009 alle 04:42 AM Applicazione Versione: 4/26/1002 Core Regole Database Version: 3908 Trace Regole Database Version: 1852 Tipo di scansione: Scansione completa Totale Scan Time: 03:45:40 Memoria oggetti scanditi: 831 Memoria minacce rilevate: 0 Registro di oggetti scanditi: 6407 Registro di minacce rilevate: 0 File oggetti scanditi: 326608 File minacce rilevate: 78 Adware.Tracking Cookie C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ interclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ tribalfusion [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ Realmedia [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ specificclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ media6degrees [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ revsci [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ media6degrees [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ Realmedia [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ tribalfusion [1]. Txt C: \ Documents and Settings \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman ager [2]. Txt C: \ Documents and Settings \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt C: \ Documents and Settings \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ media6degre es [1]. Txt C: \ Documents and Settings \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ microsoftwi ndows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ msnservices .112.2 o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ Realmedia [2]. Txt C: \ Documents and Settings \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley specificcli @ ck [1]. Txt C: \ Documents and Settings \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley tribalfusio @ n [1]. Txt C: \ Documents and Settings \ Shirley \ cookies \ shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Shirley \ cookies \ shirley@adopt.specificcli ck [1]. Txt C: \ Documents and Settings \ Shirley \ cookies \ shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ cookies \ shirley @ media6degrees [1]. Txt C: \ Documents and Settings \ Shirley \ cookies \ shirley @ microsoftinternet explorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ cookies \ shirley @ MicrosoftWindows. 112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ cookies \ shirley@msnservices.112.2 o7 [1]. Txt C: \ Documents and Settings \ Shirley \ cookies \ shirley @ Realmedia [2]. Txt C: \ Documents and Settings \ Shirley \ cookies \ shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ cookies \ shirley @ specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ cookies \ shirley @ tribalfusion [1]. Txt C: \ Users \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman ager [2]. Txt C: \ Users \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt C: \ Users \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ interclick [1]. Txt C: \ Users \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ media6degre es [1]. Txt C: \ Users \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ microsoftwi ndows.112.2o7 [1]. Txt C: \ Users \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt C: \ Users \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ msnservices .112.2 o7 [1]. Txt C: \ Users \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ Realmedia [2]. Txt C: \ Users \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley @ revsci [1]. Txt C: \ Users \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley specificcli @ ck [1]. Txt C: \ Users \ Shirley \ Dati applicazioni \ Microsoft \ Windows \ Cookies \ shirley tribalfusio @ n [1]. Txt C: \ Users \ Shirley \ cookies \ shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Users \ Shirley \ cookies \ shirley@adopt.specificcli ck [1]. Txt C: \ Users \ Shirley \ cookies \ shirley @ interclick [1]. Txt C: \ Users \ Shirley \ cookies \ shirley @ media6degrees [1]. Txt C: \ Users \ Shirley \ cookies \ shirley @ microsoftinternet explorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ cookies \ shirley @ MicrosoftWindows. 112.2o7 [1]. Txt C: \ Users \ Shirley \ cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Users \ Shirley \ cookies \ shirley@msnservices.112.2 o7 [1]. Txt C: \ Users \ Shirley \ cookies \ shirley @ Realmedia [2]. Txt C: \ Users \ Shirley \ cookies \ shirley @ revsci [1]. Txt C: \ Users \ Shirley \ cookies \ shirley @ specificclick [1]. Txt C: \ Users \ Shirley \ cookies \ shirley @ tribalfusion [1]. Txt Malwarebytes' Anti-Malware 1,36 Database versione: 2150 Windows 6.0.6001 Service Pack 1 5/19/2009 8:40:58 AM mbam-log-2009-05-19 (08-40-58). txt Tipo di scansione: Quick Scan Oggetti scandita: 71524 Tempo trascorso: 3 minuti (s), 23 secondi (s) Processi di memoria infetti: 0 Moduli di memoria infetti: 0 Chiavi di registro infette: 13 Valori del registro infetti: 0 I dati del Registro di oggetti infetti: 3 Cartelle infette: 3 File infetti: 11 Processi di memoria infetti: (N. oggetti dannosi individuati) Moduli di memoria infetti: (N. oggetti dannosi individuati) Chiavi di registro infette: HKEY_CLASSES_ROOT \ fe345.fe345mgr (Trojan.FakeAlert) -> quarantena ed eliminato con successo. HKEY_CLASSES_ROOT \ CLSID \ (65768b48-B004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> quarantena ed eliminato con successo. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (65768b48-B004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> quarantena ed eliminato con successo. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (65768b48-B004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> quarantena ed eliminato con successo. HKEY_CLASSES_ROOT \ fe345.fe345mgr.1 (Trojan.FakeAlert) -> quarantena ed eliminato con successo. HKEY_CLASSES_ROOT \ y537.y537mgr (Trojan.BHO) -> quarantena ed eliminato con successo. HKEY_CLASSES_ROOT \ TypeLib \ (e63648f7-3933-440e-b4f6-a8584dd7b7eb) (Trojan.BHO) -> quarantena ed eliminato con successo. HKEY_CLASSES_ROOT \ Interface \ (f7d09218-46d7-4d3d-9b7f-315204cd0836) (Trojan.BHO) -> quarantena ed eliminato con successo. HKEY_CLASSES_ROOT \ CLSID \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> quarantena ed eliminato con successo. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> quarantena ed eliminato con successo. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> quarantena ed eliminato con successo. HKEY_CLASSES_ROOT \ y537.y537mgr.1 (Trojan.BHO) -> quarantena ed eliminato con successo. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet pro_is1 antivirus (Rogue.InternetAntivirus) -> quarantena ed eliminato con successo. Valori del registro infetti: (N. oggetti dannosi individuati) I dati del Registro di oggetti infetti: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> quarantena ed eliminato con successo. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> quarantena ed eliminato con successo. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> quarantena ed eliminato con successo. Cartelle infette: C: \ Windows \ System32 \ 199638 (Trojan.FakeAlert) -> quarantena ed eliminato con successo. C: \ Program Files \ websrvx (Trojan.Downloader) -> quarantena ed eliminato con successo. C: \ Windows \ System32 \ 796525 (Trojan.BHO) -> quarantena ed eliminato con successo. I file infetti: C: \ Windows \ System32 \ 199638 \ 199638.dll (Trojan.FakeAlert) -> quarantena ed eliminato con successo. C: \ Windows \ System32 \ 796525 \ 796525.dll (Trojan.BHO) -> quarantena ed eliminato con successo. C: \ Users \ Shirley \ AppData \ Local \ Temp \ jopaxx_1241669 819.exe (Worm.KoobFace) -> quarantena ed eliminato con successo. C: \ Program Files \ Common Files \ InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> quarantena ed eliminato con successo. C: \ Windows \ msmark2.dat (Worm.KoobFace) -> quarantena ed eliminato con successo. C: \ Windows \ t55ft2668f44.dat (Worm.KoobFace) -> quarantena ed eliminato con successo. C: \ Windows \ t55ft2695f44.dat (Worm.KoobFace) -> quarantena ed eliminato con successo. C: \ Windows \ t55ft3105f44.dat (Worm.KoobFace) -> quarantena ed eliminato con successo. C: \ Windows \ 9g2234wesdf3dfgjf23 (Worm.KoobFace) -> quarantena ed eliminato con successo. C: \ Windows \ f5087.dat (Worm.KoobFace) -> quarantena ed eliminato con successo. C: \ Windows \ f23567.dat (Worm.KoobFace) -> quarantena ed eliminato con successo. (di cui sopra è stato il primo registro, è al di sotto di quello attuale) Malwarebytes' Anti-Malware 1,36 Database versione: 2150 Windows 6.0.6001 Service Pack 1 5/23/2009 9:03:23 AM mbam-log-2009-05-23 (09-03-23). txt Tipo di scansione: Quick Scan Oggetti scandita: 70234 Tempo trascorso: 2 minuti (s), 28 secondi (s) Processi di memoria infetti: 0 Moduli di memoria infetti: 0 Chiavi di registro infette: 0 Valori del registro infetti: 0 I dati del Registro di oggetti infetti: 0 Cartelle infette: 0 File infetti: 0 Processi di memoria infetti: (N. oggetti dannosi individuati) Moduli di memoria infetti: (N. oggetti dannosi individuati) Chiavi di registro infette: (N. oggetti dannosi individuati) Valori del registro infetti: (N. oggetti dannosi individuati) I dati del Registro di oggetti infetti: (N. oggetti dannosi individuati) Cartelle infette: (N. oggetti dannosi individuati) I file infetti: (N. oggetti dannosi individuati) Logfile di Trend Micro HijackThis v2.0.2 Scan salvato a 9:09:09 AM, il 5/23/2009 Piattaforma: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Processi in esecuzione: C: \ Windows \ system32 \ Dwm.exe C: \ Windows \ system32 \ taskeng.exe C: \ Windows \ Explorer.EXE C: \ Program Files \ Windows Media Player \ wmpnscfg.exe C: \ Program Files \ Windows Defender \ MSASCui.exe C: \ Windows \ RtHDVCpl.exe C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe C: \ Acer \ Empowering Technology \ SysMonitor.exe C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe C: \ Windows \ System32 \ nvraidservice.exe C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe C: \ Windows \ System32 \ rundll32.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe C: \ Windows \ ehome \ ehtray.exe C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ Program Files \ Eraser \ Eraser.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe C: \ Windows \ system32 \ wbem \ unsecapp.exe C: \ Acer \ Empowering Technology \ ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E C: \ Acer \ Empowering Technology \ eRecovery \ ERAGENT.EXE C: \ Windows \ ehome \ ehmsas.exe C: \ Users \ Shirley \ Desktop \ HiJackThis.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://en.us.acer.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://en.us.acer.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int Ethernet Impostazioni, ProxyServer = http = localhost: 7171 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = O1 - Hosts::: 1 localhost O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file) O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll O2 - BHO: (no name) - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - (no file) O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll O2 - BHO: (no name) - (83A2F9B1-01A2-4AA5-87D1-45B6B8505E96) - (no file) O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 5.1.1309.3572 \ s wg.dll O2 - BHO: Google Dictionary compressione sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C: \ Program Files \ Google \ Google Toolbar \ Componenti \ fastsearch_A8904FB862BD9564.dll O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" O4 - HKLM \ .. \ Run: [Acer Empowering Technology Monitor] C: \ Acer \ Empowering Technology \ SysMonitor.exe O4 - HKLM \ .. \ Run: [SMSERIAL] C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe O4 - HKLM \ .. \ Run: [Acer Registrazione prodotto] "C: \ Program Files \ Acer Registrazione \ ACE1.exe" / startup O4 - HKLM \ .. \ Run: [NVRaidService] C: \ Windows \ system32 \ nvraidservice.exe O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" O4 - HKLM \ .. \ Run: [ArcSoft Connection Service] C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [WinPatrol] C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe-expressboot O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe O4 - HKCU \ .. \ Run: [OM2_Monitor] "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - HKCU \ .. \ Run: [Eraser] C: \ Program Files \ Eraser \ Eraser.exe-hide O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'SERVIZIO LOCALE') O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'SERVIZIO LOCALE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Empowering Technology Launcher.lnk =? O4 - Global Startup: Kodak EasyShare software.lnk = C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000 O9 - Extra pulsante: Invia a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll O9 - Extra 'Tools' menuitem: S & fine a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll O9 - Extra pulsante: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ REFIEBAR.DLL O9 - Extra pulsante: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll O13 - Gopher Prefix: Ø16 - DPF: (3860DD98-0549-4D50-AA72-5D17D200EE10) -- Ø18 - Filtro: x-sdch - (B1759355-3EEC-4C1E-B0F1-B719FE26E377) - C: \ Program Files \ Google \ Google Toolbar \ Componenti \ fastsearch_A8904FB862BD9564.dll Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACService.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Sconosciuto proprietario - C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C: \ Acer \ Empowering Technology \ eRecovery \ eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Sconosciuto proprietario - C: \ Acer \ Empowering Technology \ eSettings \ Service \ capuserv.exe O23 - Service: Google Software Updater (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe O23 - Service: NTI Backup Now 5 Servizio di pianificazione (NTISchedulerSvc) - Sconosciuto proprietario - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvvsvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe -- Fine del file - 9919 bytes |
|
#2
23. Mag 2009, 23:45
| ||||||||||||
| ||||||||||||
| Hi Bubba .... Abbiamo bisogno di disattivare il TeaTimer come potrebbe interferire con le correzioni che abbiamo bisogno di fare. 1) Eseguire Spybot-S & D 2) Vai alla modalità menu e assicurarsi che "Modalità avanzata" è selezionato 3) Sulla sinistra, scegli Strumenti -> Resident 4) Deseleziona "Resident TeaTimer" e tutte le istruzioni OK 5) Riavviare il computer. Scaricare ResetTeaTimer.bat facendo clic destro sul link e scegliere Salva con nome. * Salva sul tuo desktop. * Fare doppio clic su ResetTeaTimer.zip * Fare doppio clic su ResetTeaTimer.bat e fare clic su Esegui per rimuovere tutte le voci da impostare TeaTimer. Dopo tutte le correzioni sono completi è molto importante che si attiva TeaTimer di nuovo, mi permettono di sapere quando è sicuro di farlo. Un Corso per Tea timer può essere trovato qui -> http://russelltexas.com/malware/teatimer.htm ==========================================\u0 Scarica e scansione con ComboFix.exe. Si prega di visitare questa pagina web per il download link e le istruzioni per il funzionamento dello strumento: http://www.bleepingcomputer.com/comb...o-use-combofix Assicurarsi che tutti i disabili hanno anti virus e anti malware compresi programmi WinPatrol in modo da non interferire con il funzionamento del ComboFix. Si prega di includere il C: \ ComboFix.txt nella prossima risposta per un ulteriore riesame. ==========================================\u0 Vai a Menu Start > Seleziona Correre e copia / incolla il seguente nella casella Esegui e fare clic su OK: C: \ Qoobox \ Add-Remove Programs.txt Un file di testo dovrebbe aprire. Si prega di pubblicare il contenuto di quel file nella prossima risposta.
__________________
__________________
Orgoglioso membro del ASAP & UNITE Il mio sistema: Steves Rig
|
|
#3
24. Mag 2009, 02:33
| |||
| |||
| Un paio di cose prima di postare i log: 1. In Tea timer tutorial è collegato, è detto anche a disattivare il residente SDHelper così ho fatto. 2. ComboFix non visualizzare il backup regisdtry schermo a meno che non sia una rapida schermo e ho perso mentre guardando al mio computer (ricordate questa è una friends). Essa non disconnettersi da internet e non ho notato è il cambiamento del tempo. Entrambe le icone sono visibili, mentre era in esecuzione fissa combo. E 'questo un problema? Inoltre, dopo l'esecuzione Combofix, lo sfondo è stato distorto, così ho riavviato. Quando il computerstarted il backup, lo sfondo è stato fatto, Firefox non è più il browser predefinito e fino spuntato un messaggio che la home page di Internet Explorer è stato modificato a MSN (credo). È normale? Inoltre, WinPatrol osservato che un nuovo servizio è stato aggiunto: appmgmts.dll. 3. Prima di rispondere a questo, io mi sono liberata di Google Toolbar. Molte delle voci HJT guardò strano. Nel 018, per esempio, è stato chiamato x-sdCH invece di x-SDHC .......... Oltre lol, Odio e barre degli strumenti che possono sempre aggiungere di nuovo se lo vogliono. Indipendentemente da ciò, che ha cambiato il HJT log. Ho anche avuto liberarsi del 2 - 02's che non ha avuto alcun file ad essi associati. 4. Che cosa stiamo cercando nel Combofix? LOL ho iniziato a scaricare ed eseguire prima ho postato questo thread, ma ho deciso solo sapere ancora di informazioni sufficienti a pasticciare con essa. E senza ulteriori indugi: ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86 Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00] Running da: c: \ utenti \ Shirley \ Desktop \ ComboFix.exe SP: Spybot - Search and Destroy disabili * * (obsoleta) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9) SP: SUPERAntiSpyware disabili * * (Aggiornato) (222A897C-5018-402e-943F-7E7AC8560DA7) SP: Windows Defender * permesso * (Aggiornato) (D68DDC3A-831f-4FAE-9E44-DA132C1ACF46) . ((((((((((((((((((((((((( I file creati dal 2009/04/24 al 2009/05/24 ))))))))))) )))))))))))))))))))) . 2009-05-22 23:57. 2009-05-24 08:40 117760 ---- aw c: \ utenti \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-05-22 23:56. 2009-05-22 23:56 d -------- ----- wc: \ programdata \ SUPERAntiSpyware.com 2009-05-22 23:52. 2009-05-22 23:52 d -------- ----- wc: \ Program Files \ SUPERAntiSpyware 2009-05-22 23:52. 2009-05-22 23:52 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com 2009-05-22 20:36. 2009-05-22 20:36 d -------- ----- wc: \ Program Files \ Common Files \ Wise Installation Wizard 2009-05-22 15:06. 2009-02-05 20:06 51376 ---- aw c: \ windows \ system32 \ drivers \ aswTdi.sys 2009-05-22 15:06. 2009-02-05 20:06 23152 ---- aw c: \ windows \ system32 \ drivers \ aswRdr.sys 2009-05-22 15:06. 2009-02-05 20:07 114768 ---- aw c: \ windows \ system32 \ drivers \ aswSP.sys 2009-05-22 15:06. 2009-02-05 20:07 20560 ---- aw c: \ windows \ system32 \ drivers \ aswFsBlk.sys 2009-05-22 15:06. 2009-02-05 20:04 97480 ---- aw c: \ windows \ system32 \ AvastSS.scr 2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- aw c: \ windows \ system32 \ aswBoot.exe 2009-05-22 15:06. 2009-02-05 20:06 51792 ---- aw c: \ windows \ system32 \ drivers \ aswMonFlt.sys 2009-05-22 15:06. 2009-05-22 15:06 d -------- ----- wc: \ Program Files \ Alwil Software 2009-05-22 04:38. 2009-05-22 04:38 738120 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ MCESpotlig ht \ MCESpotlight \ SpotlightResources.dll 2009-05-20 12:43. 2008-06-20 01:14 97800 ---- aw c: \ windows \ system32 \ infocardapi.dll 2009-05-20 12:43. 2008-06-20 01:14 105016 ---- aw c: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 11264 ---- aw c: \ windows \ system32 \ icardres.dll 2009-05-20 12:43. 2008-06-20 01:14 622080 ---- aw c: \ windows \ system32 \ icardagt.exe 2009-05-20 12:43. 2008-06-20 01:14 43544 ---- aw c: \ windows \ system32 \ PresentationHostProxy.dll 2009-05-20 12:43. 2008-06-20 01:14 781344 ---- aw c: \ windows \ system32 \ PresentationNative_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 326160 ---- aw c: \ windows \ system32 \ PresentationHost.exe 2009-05-20 12:33. 2008-07-27 18:03 96760 ---- aw c: \ windows \ system32 \ dfshim.dll 2009-05-20 12:33. 2008-07-27 18:03 282112 ---- aw c: \ windows \ system32 \ Mscoree.dll 2009-05-20 12:33. 2008-07-27 18:03 41984 ---- aw c: \ windows \ system32 \ netfxperf.dll 2009-05-20 12:32. 2008-07-27 18:03 158720 ---- aw c: \ windows \ system32 \ mscorier.dll 2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw c: \ windows \ system32 \ mscories.dll 2009-05-20 11:39. 2009-05-20 11:39 d -------- ----- wc: \ Program Files \ Microsoft Silverlight 2009-05-20 04:03. 2009-05-20 11:00 d -------- ----- wc: \ Program Files \ Windows Live Safety Center 2009-05-19 23:20. 2009-05-19 23:20 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Local \ Acer DV Mago 2009-05-19 23:10. 2009-05-19 23:10 d -------- ----- wc: \ windows \ domenica 2009-05-19 20:40. 2009-05-19 20:40 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-19 20:40. 2009-05-19 11:41 38200 ---- aw c: \ utenti \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \www.macromedia.com \ bin \ airappinstaller \ airappinsta ller.exe 2009-05-19 18:24. 2009-05-24 08:38 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Local \ Eraser 2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ utenti \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646) 2009-05-19 18:24. 2009-05-19 18:24 d -------- ----- wc: \ Program Files \ Eraser 2009-05-19 17:20. 2009-05-19 17:20 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ eSobi 2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw C: \ Windows \ system32 \ RegRaidSedona.bat 2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA 2009-05-19 14:04. 2009-05-19 14:05 d -------- ----- wc: \ Program Files \ Spybot - Search & Destroy 2009-05-19 14:04. 2009-05-19 14:05 d -------- ----- wc: \ programdata \ Spybot - Search & Destroy 2009-05-19 13:01. 2009-05-19 13:01 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ WinPatrol 2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw C: \ utenti \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys 2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw C: \ utenti \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat 2009-05-19 13:01. 2009-05-19 13:01 d -------- ----- wc: \ Program Files \ BillP Studios 2009-05-19 12:26. 2009-05-19 12:26 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ Malwarebytes 2009-05-19 12:26. 2009-04-06 19:32 15504 ---- aw c: \ windows \ system32 \ drivers \ mbam.sys 2009-05-19 12:26. 2009-04-06 19:32 38496 ---- aw c: \ windows \ system32 \ drivers \ mbamswissarmy.sys 2009-05-19 12:26. 2009-05-19 13:22 d -------- ----- wc: \ Program Files \ Malwarebytes' Anti-Malware 2009-05-19 12:26. 2009-05-19 12:26 d -------- ----- wc: \ programdata \ Malwarebytes 2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat 2009-05-19 11:53. 2009-05-19 11:53 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Local \ Mozilla 2009-05-19 11:41. 2009-05-19 11:41 d -------- ----- wc: \ Program Files \ Common Files \ Adobe AIR 2009-05-19 11:38. 2009-05-19 12:45 d -------- ----- wc: \ programdata \ NN 2009-05-19 11:29. 2009-05-19 11:29 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Local \ Seven Zip 2009-05-19 10:41. 2009-03-19 20:32 23400 ---- aw c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys 2009-05-19 10:41. 2008-04-17 16:12 107368 ---- aw c: \ windows \ system32 \ GEARAspi.dll 2009-05-19 10:41. 2009-05-20 01:10 d -------- ----- wc: \ Program Files \ iPod 2009-05-19 10:41. 2009-05-19 10:41 d -------- ----- wc: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) 2009-05-19 10:41. 2009-05-19 10:41 d -------- ----- wc: \ Program Files \ iTunes 2009-05-19 10:38. 2009-05-19 10:38 d -------- ----- wc: \ Program Files \ QuickTime 2009-05-19 10:34. 2009-05-19 10:34 75048 ---- aw C: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe 2009-05-19 10:34. 2009-05-19 10:34 d -------- ----- wc: \ Program Files \ Bonjour 2009-05-19 10:33. 2009-05-19 10:33 416128 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ NetTV \ Brow se \ NetTVResources.dll 2009-05-19 10:29. 2009-05-19 10:29 410984 ---- aw c: \ windows \ system32 \ deploytk.dll 2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat 2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw C: \ programdata \ Microsoft \ Windows Defender \ Definizione Aggiornamenti \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw C: \ programdata \ ArcSoft \ kodak-printcreations-22-080812-oem \ acforall.dll 2009-05-24 04:22. 2008-09-12 01:46 d -------- ----- wc: \ Program Files \ Google 2009-05-20 11:55. 2008-09-11 17:01 104472 ---- aw c: \ utenti \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT 2009-05-20 11:51. 2008-02-05 19:30 d -------- ----- wc: \ programdata \ Microsoft Aiuto 2009-05-20 11:49. 2008-02-05 19:31 d -------- ----- wc: \ Program Files \ Microsoft Works 2009-05-20 03:54. 2008-09-12 14:01 d -------- ----- wc: \ Program Files \ Lx_cats 2009-05-20 00:42. 2008-02-05 20:19 d -------- ----- wc: \ Program Files \ Common Files \ Adobe 2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Installation Information 2009-05-19 23:27. 2008-02-05 19:49 d -------- ----- wc: \ Program Files \ Acer Arcade Live 2009-05-19 23:20. 2008-09-15 23:24 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ CyberLink 2009-05-19 21:38. 2008-09-12 20:56 d -------- ----- wc: \ Program Files \ Common Files \ SureThing Shared 2009-05-19 21:04. 2008-09-12 14:09 1664 ---- aw c: \ utenti \ Shirley \ AppData \ Roaming \ wklnhst.dat 2009-05-19 17:29. 2009-03-04 15:55 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ Sony 2009-05-19 17:20. 2008-02-05 19:22 d -------- ----- wc: \ programdata \ NVIDIA 2009-05-19 16:54. 2008-02-05 18:03 36864 ---- aw c: \ windows \ system32 \ nvcod100.dll 2009-05-19 16:54. 2007-10-25 11:02 147456 ---- aw c: \ windows \ system32 \ nvcolor.exe 2009-05-19 16:13. 2008-09-12 01:47 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ LimeWire 2009-05-19 11:32. 2008-02-05 20:08 d -------- ----- wc: \ Program Files \ Yahoo! 2009-05-19 11:05. 2008-09-12 01:45 d -------- ----- wc: \ Program Files \ Java 2009-05-19 10:41. 2008-09-13 03:14 d -------- ----- wc: \ Program Files \ Common Files \ Apple 2009-05-19 10:38. 2008-09-13 03:15 d -------- ----- wc: \ programdata \ Apple Computer 2009-05-11 12:10. 2009-05-11 12:10 78260 ---- aw C: \ programdata \ SPL23D4.tmp 2009-04-17 10:12. 2006-11-02 11:18 d -------- ----- wc: \ Program Files \ Windows Mail 2009-04-02 22:13. 2009-04-02 22:13 702127 ---- aw C: \ programdata \ SPLFB91.tmp 2009-03-19 20:32. 2009-03-19 20:32 23400 ---- aw C: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys 2009-03-17 03:38. 2009-04-17 05:22 13824 ---- aw c: \ windows \ system32 \ apilogen.dll 2009-03-17 03:38. 2009-04-17 05:22 24064 ---- aw c: \ windows \ system32 \ amxread.dll 2009-03-08 11:34. 2009-05-20 03:47 914944 ---- aw c: \ windows \ system32 \ wininet.dll 2009-03-08 11:34. 2009-05-20 03:47 43008 ---- aw c: \ windows \ system32 \ licmgr10.dll 2009-03-08 11:33. 2009-05-20 03:47 18944 ---- aw c: \ windows \ system32 \ corpol.dll 2009-03-08 11:33. 2009-05-20 03:47 109056 ---- aw c: \ windows \ system32 \ iesysprep.dll 2009-03-08 11:33. 2009-05-20 03:47 109568 ---- aw c: \ windows \ system32 \ PDMSetup.exe 2009-03-08 11:33. 2009-05-20 03:47 107520 ---- aw c: \ windows \ system32 \ RegisterIEPKEYs.exe 2009-03-08 11:33. 2009-05-20 03:47 103936 ---- aw c: \ windows \ system32 \ SetDepNx.exe 2009-03-08 11:33. 2009-05-20 03:47 132608 ---- aw c: \ windows \ system32 \ ieUnatt.exe 2009-03-08 11:33. 2009-05-20 03:47 107008 ---- aw c: \ windows \ system32 \ SetIEInstalledDate.exe 2009-03-08 11:33. 2009-05-20 03:47 420352 ---- aw c: \ windows \ system32 \ vbscript.dll 2009-03-08 11:32. 2009-05-20 03:47 72704 ---- aw c: \ windows \ system32 \ admparse.dll 2009-03-08 11:32. 2009-05-20 03:47 71680 ---- aw c: \ windows \ system32 \ iesetup.dll 2009-03-08 11:32. 2009-05-20 03:47 66560 ---- aw c: \ windows \ system32 \ wextract.exe 2009-03-08 11:32. 2009-05-20 03:47 169472 ---- aw c: \ windows \ system32 \ iexpress.exe 2009-03-08 11:31. 2009-05-20 03:47 34816 ---- aw c: \ windows \ system32 \ imgutil.dll 2009-03-08 11:31. 2009-05-20 03:47 48128 ---- aw c: \ windows \ system32 \ mshtmler.dll 2009-03-08 11:31. 2009-05-20 03:47 45568 ---- aw c: \ windows \ system32 \ Mshta.exe 2009-03-08 11:22. 2009-05-20 03:47 156160 ---- aw c: \ windows \ system32 \ Msls31.dll 2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw c: \ windows \ system32 \ ntkrnlpa.exe 2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw c: \ windows \ system32 \ ntoskrnl.exe 2009-03-03 04:39. 2009-04-17 05:22 183296 ---- aw c: \ windows \ system32 \ sdohlp.dll 2009-03-03 04:39. 2009-04-17 05:22 551424 ---- aw c: \ windows \ system32 \ Rpcss.dll 2009-03-03 04:39. 2009-04-17 05:22 26112 ---- aw c: \ windows \ system32 \ printfilterpipelineprxy.dll 2009-03-03 04:37. 2009-04-17 05:22 98304 ---- aw c: \ windows \ system32 \ iasrecst.dll 2009-03-03 04:37. 2009-04-17 05:22 54784 ---- aw c: \ windows \ system32 \ iasads.dll 2009-03-03 04:37. 2009-04-17 05:22 44032 ---- aw c: \ windows \ system32 \ iasdatastore.dll 2009-03-03 03:04. 2009-04-17 05:22 666624 ---- aw c: \ windows \ system32 \ printfilterpipelinesvc.exe 2009-03-03 02:38. 2009-04-17 05:22 17408 ---- aw c: \ windows \ system32 \ iashost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * vuoto voci & legit default voci non vengono visualizzate REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ehTray.exe" = "C: \ Windows \ ehome \ ehTray.exe" [2008-01-21 125952] "OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536] "WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240] "Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552] "Acer Empowering Technology Monitor" = "C: \ Acer \ Empowering Technology \ SysMonitor.exe" [2008-01-10 326176] "SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784] "Acer Registrazione prodotto" = "C: \ Program Files \ Acer Registrazione \ ACE1.exe" [2007-10-15 3387392] "NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296] "LXCECATS" = "c: \ windows \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728] "lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744] "EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344] "ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696] "WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704] "avast!" = "C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000] "RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007-10-11 4702208] c: \ programdata \ Microsoft \ Windows \ Menu Avvio \ Programmi \ Startup \ Empowering Technology Launcher.lnk - c: \ acer \ Empowering Technology \ eAPLauncher.exe [2008-2-5 535336] Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ System] "EnableUIADesktopToggle" = 0 (0x0) "EnableLUA" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2008-12-22 16:05 356352 ---- aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32 "wave2" = serwvdrv.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend] @ = "Service" [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ FirewallRules] "(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark sistema di comunicazioni "(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark sistema di comunicazioni "(EB8798E6-358B-A219-4DDA-21BBC5D3C79A)" = UDP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Finestra di stato della stampante "(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Finestra di stato della stampante "(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Main Page \ Acer Arcade Live.exe: Acer Arcade Live "(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(1DF156D1-4B3D-94E3-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(8640BFAB-48CC-1B85-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(3DB81CCD-40B3-4E96-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Aggiornamento Spybot-S & D "(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Aggiornamento Spybot-S & D "(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center "(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile] "EnableFirewall" = 0 (0x0) R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 AM 114768] R1 FAMv4; FAMv4; c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944] R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560] R2 aswMonFlt; aswMonFlt; c: \ windows \ system32 \ drivers \ come wMonFlt.sys [5/22/2009 11:06 AM 51792] R2 BUNAgentSvc; NTI Backup Now 5 Servizio di agente; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752] R2 NTIBackupSvc; NTI Backup Now 5 Backup Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520] R2 NTISchedulerSvc; NTI Backup Now 5 Servizio di pianificazione; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440] R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368] R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)] "C: \ Windows \ System32 \ rundll32.exe" C: \ Windows \ System32 \ iedkcs32.dll ", BrandIEActiveSe TUP SIGNUP . - - - - ORFANI REMOVED - - - -- SafeBoot-procexp90.Sys . ------- ------- Supplementari Scan . uStart Page = hxxp: / / www.yahoo.com/ mStart Page = hxxp: / / en.us.acer.yahoo.com uInternet Impostazioni, ProxyOverride = <local>; *. locali uInternet Impostazioni, ProxyServer = http = localhost: 7171 IE: E & sporta in Microsoft Excel - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000 Trusted Zone: microsoft.com \ update Trusted Zone: microsoft.com \ WindowsUpdate FF - ProfilePath - c: \ utenti \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ rofiles P \ j0dqrqc6.default \ FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com / . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-24 04:54 Windows 6.0.6001 Service Pack 1 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run LXCECATS = rundll32 c: \ windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? scansione di file nascosti ... scansione completata con successo i file nascosti: 0 ************************************************** ************************ . --------------------- --------------------- LOCKED chiavi di registro [HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings] @ Negato: (A) (Utenti) @ Negato: (A) (Everyone) @ Ammessi: (B 1 2 3 4 5) (S-1-5-20) "BlindDial" = dword: 00000000 . Completamento orario: 2009-05-24 4:55 ComboFix-quarantena-files.txt 2009-05-24 08:55 Pre-Run: 173.756.547.072 byte libero Post-Run: 173.859.581.952 byte libero 269 --- EOF --- 2009-05-17 10:04 AGGIUNGI RIMUOVI PROGRAMMI Microsoft Office Shared MUI (inglese) 2007 Il programma di installazione di Microsoft Office Shared MUI metadati (in inglese) 2007 Microsoft Office Word MUI (inglese) 2007 Microsoft Silverlight Microsoft Visual C + + 2005 Redistributable Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Motorola SM56 Speakerphone Modem Mozilla Firefox (3.0.10) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) Parser MSXML 4.0 SP2 e SDK Mystery Case Files - Huntsville Mystery Solitaire - Secret Island netbrdg NTI Backup Now 5 NTI Backup ora Standard NTI Media Maker 8 NTI Open File Manager (solo rimozione) Driver NVIDIA OfotoXMI OLYMPUS Master 2 OLYMPUS muvee theaterPack PCDADDIN PCDHELP QuickTime Realtek High Definition Audio Driver Aggiornamento della protezione per Microsoft Office PowerPoint 2007 (KB957789) SFR Shasta skin0001 SKINXSDK Spybot - Search & Destroy staticcr SUPERAntiSpyware Free Edition tooltip Turbo Pizza Aggiornamento per Microsoft Office System 2007 (KB967642) Aggiornamento per Microsoft Office 2007 Guida per la funzionalità (KB963673) Aggiornamento per Microsoft Office Excel 2007 Guida (KB963678) Aggiornamento per Microsoft Office OneNote 2007 Aiuto (KB963670) Aggiornamento per Microsoft Office PowerPoint 2007 Help (KB963669) Aggiornamento per Microsoft Office Script Editor Guida (KB963671) Aggiornamento per Microsoft Office Word 2007 Guida (KB963665) VPRINTOL Windows Live OneCare Safety scanner WinPatrol 2009 WIRELESS Zuma Deluxe EDIT: Tre domande: ho notato uno Limewire DLL, che si può uccidere? Sebbene LTI è un programma legittimo, è necessario? Penso che è fornito in bundle con questo stupido computer Acer (l'uomo che fanno carico di queste cose con la spazzatura), e rende superfluo il costruito in Microsoft programma. LT Gatti, è costruito in uno spyware lprinter dal costruttore, Lenmark. Ho pensato che mi sono pertinenti parti, ma non ero sicuro di quanto a ascia senza disattivare la stampante. Posso andare più o è ciò che viene lasciato multa? |
|
#4
24. Mag 2009, 04:03
| |||
| |||
| Hi Bubba Please dont giocare con HJT a meno che non si capisce il funzionamento di essa. È necessario ricordare che HJT è in effetti uno strumento editor del Registro di sistema in un contesto diverso. Vorrei vi odiano per accendere il PC in un costoso a domicilio! 02 Le due voci che si sono cancellati legittime, anche se il file come relazioni mancanti non è sempre questo il caso. HJT è noto che alcune voci misreport. Per quanto riguarda limewire, hai disinstallato tramite pannello di controllo? Se così si può lavare un paio di articoli più ridondante che vengono lasciati. Vedo un paio di bit che si riferiscono a Norton, questo è stato preinstallato sul PC in una sola volta? Si prega di eseguire il Norton strumento di rimozione per pulire le reminants. Potete trovare lo strumento qui: Norton Removal Tool Una volta fatto ...... Combofix
Citazione:
 Salva come CFScript.txt, Nella stessa posizione ComboFix.exe  Facendo riferimento alla figura sopra, trascinare CFScript su ComboFix.exe. Una volta terminato, si produrrà un log per voi a "C: \ ComboFix.txt" Non clic combofix della finestra, mentre è in esecuzione. Questo può causare allo stallo. ATTENZIONE! Chiunque altro pensando di utilizzare lo script qui sopra lo fa a proprio rischio - si potrebbe finire per dover re-installare Windows! Si prega di postare il log C: \ ComboFix.txt per un ulteriore riesame. ===================================== Ho notato che la disinstallazione di log è stato tagliato nella parte superiore, si può ripubblicare per me please. Inoltre mi mantenere aggiornato il sistema di come stanno le cose sagge
__________________ Orgoglioso membro del ASAP & UNITE |
|
#5
24. Mag 2009, 04:53
| |||
| |||
| Limewire non appaiono nei programmi e le funzionalità del pannello di disinstallazione. i file "run" che ho trovato sono stati app file, non exe, così ho piedi attraverso l'unità C e cancellato tutto quello che ho potuto trovare. Vedo ho perso almeno uno in se il Registro di sistema. Per quanto riguarda Norton ........ yeah, Acer caricato su una versione di prova. Ho disinstallato tramite pannello di controllo e quindi utilizzato Norton strumento di rimozione. (Questa è stata la prima cosa che ho fatto, anche prima che io caricato spybot, WinPatrol, e il resto della roba.) Quando ero passare attraverso il file C drive, ho continuato a trovare i resti di più di Norton e cancellati come sono andato. Non è mai avvenuto a me a farlo funzionare di nuovo, ma vorrei farlo ora. LOL Questi tre file in Combofix sono stati i tre ero più curioso circa. Non ci dovrebbero essere un proxy ospitante, né credo che i profili devono essere bloccata per tutti. Ma non ho ancora studiato Combofix ed è per questo che io non uso io stesso, in quanto tale, ero clueless di cosa fare con questi tre, o anche se sono in realtà "cattivo". Ci scusiamo per il taglio la testa fuori la disinstallazione di log, che cosa è stupido ho guardato due volte dato che non ha avuto l'impostazione, il mio errore e perdere entrambe le volte. EDIT: e ho ancora dimenticato di post it: Suite di Microsoft Office 2007 Service Pack 2 (SP2) Acer Arcade Live Main Page Acer Empowering Technology Acer ePerformance Management Acer eSettings Management Acer Gamezone Console DTV 2.0.1.1 Acer Registrazione Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player Plugin 10 Adobe Reader 9.1.1 Adobe Shockwave Player 11,5 Agatha Christie Morte sul Nilo Alice Greenfingers Apple Mobile Device Support Apple Software Update ArcSoft Stampa Creations ArcSoft Stampa Creations - Album Page ArcSoft Stampa Creations - Funhouse ArcSoft Stampa Creations - Greeting Card ArcSoft Stampa Creations - Photo Book ArcSoft Stampa Creations - Foto Calendario ArcSoft Stampa Creations - Scrapbook ArcSoft Stampa Creations - Slimline Card avast! Antivirus Azada Backspin Biliardo Big Kahuna Reef Bonjour Bookworm Deluxe Bricks of Egypt Cake Mania CCScore Chicken Invaders 3 Chuzzle Diner Dash Flo on the Go Eraser ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSTOOLS essvatgt Flip Words 2 HijackThis 2.0.2 Hotfix per Microsoft. NET Framework 3,5 SP1 (KB953595) Hotfix per Microsoft. NET Framework 3,5 SP1 (KB958484) iTunes Java (TM) 6 Update 13 Jewel Quest Solitaire kgcbaby kgchday kgchlwn kgcinvt kgckids kgcmove kgcvday Kick N Rush Kodak EasyShare software Carica il software KODAK Gallery Lexmark 4300 Series Mahjong Escape Ancient Cina Mahjongg Artifacts Malwarebytes' Anti-Malware Memorex exPressit Label Design Studio Microsoft. NET Framework 3,5 SP1 Microsoft Office Excel MUI (inglese) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (inglese) 2007 Microsoft Office PowerPoint MUI (inglese) 2007 La prova di Microsoft Office (in inglese) 2007 La prova di Microsoft Office (in francese) 2007 La prova di Microsoft Office (in spagnolo) 2007 Di correzione di Microsoft Office (in inglese) 2007 Microsoft Office Shared MUI (inglese) 2007 Il programma di installazione di Microsoft Office Shared MUI metadati (in inglese) 2007 Microsoft Office Word MUI (inglese) 2007 Microsoft Silverlight Microsoft Visual C + + 2005 Redistributable Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Motorola SM56 Speakerphone Modem Mozilla Firefox (3.0.10) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) Parser MSXML 4.0 SP2 e SDK Mystery Case Files - Huntsville Mystery Solitaire - Secret Island netbrdg NTI Backup Now 5 NTI Backup ora Standard NTI Media Maker 8 NTI Open File Manager (solo rimozione) Driver NVIDIA OfotoXMI OLYMPUS Master 2 OLYMPUS muvee theaterPack PCDADDIN PCDHELP QuickTime Realtek High Definition Audio Driver Aggiornamento della protezione per Microsoft Office PowerPoint 2007 (KB957789) SFR Shasta skin0001 SKINXSDK Spybot - Search & Destroy staticcr SUPERAntiSpyware Free Edition tooltip Turbo Pizza Aggiornamento per Microsoft Office System 2007 (KB967642) Aggiornamento per Microsoft Office 2007 Guida per la funzionalità (KB963673) Aggiornamento per Microsoft Office Excel 2007 Guida (KB963678) Aggiornamento per Microsoft Office OneNote 2007 Aiuto (KB963670) Aggiornamento per Microsoft Office PowerPoint 2007 Help (KB963669) Aggiornamento per Microsoft Office Script Editor Guida (KB963671) Aggiornamento per Microsoft Office Word 2007 Guida (KB963665) VPRINTOL Windows Live OneCare Safety scanner WinPatrol 2009 WIRELESS Zuma Deluxe |
|
#6
24. Mag 2009, 05:58
| |||
| |||
| Hi there Bubba Grazie per l'elenco aggiornato di disinstallazione - puoi postare il nuovo log combofix per me, come richiesto. Citazione:
Per quanto riguarda LTCats: Da quello che posso dire è presente una voce valida, ma viene classificato come 'utente la scelta' a se esso viene eseguito su avvio Per quanto riguarda Limewire: Riesco a vedere un paio di voci che sono ancora lì, ma siamo in grado di ge con la successiva esecuzione di combofix
__________________ Orgoglioso membro del ASAP & UNITE |
|
#7
24. Mag 2009, 07:03
| |||
| |||
| Ahi, il computer bloccato e chiuso come sembrava che Combofix stava per finire. E riavviato e ho selezionato safemode. Non credo che sia creato il registro, ma non so per certo. Ecco il popup di Microsoft. Windows ha recuperato da un arresto inatteso. Problema firma: Nome evento problema: Blue Screen OS Version: 6.0.6001.2.1.0.768.3 Locale ID: 1033 Ulteriori informazioni sul problema: BCCODE: 50 BCP1: E0858E9B BCP2: 00000000 BCP3: 9B9D2D10 BCP4: 00000002 OS Version: 6_6_6001 SERVICE PACK: 1_0 PRODOTTO: 768_1 FILES CHE DESCRIVONO IL PROBLEMA: C \ Windows \ minidump \ mini052409-01.dmp C \ Users \ Shirley \ appdata \ temp \ WER-85644-0.systemdata.xml C \ Users \ Shirley \ AppData \ Local \ Temp \ WERC6C7.tmp.ver sion.txt Ho lasciato che il computer che lo schermo in safemode. Che cosa vuoi che io faccia con esso? Sto lasciando in safemode fino a quando non ho sentito qualcosa, devo andare film adesso, essere di nuovo in circa 3 ore. L'uomo è bello lavorare su un altro computer, in modo che ho per la mia ancora qui a chiedere aiuto. EDIT: non ho ancora provato, ma sono sicuro che posso ottenere questi file in safemode se avete bisogno di sapere che cosa dire, ma anche non sapere come aprire un file XML. |
|
#8
24. Mag 2009, 07:11
| |||
| |||
| Hi Bubba Prova a riavviare e vedere se è successo di nuovo gli stivali, se non prova a premere F8 per accedere alla schermata di boot su avvio e scegliere l'opzione per l'ultima configurazione.
__________________ Orgoglioso membro del ASAP & UNITE |
|
#9
24. Mag 2009, 07:50
| |||
| |||
| E 'avviato e vi è stato un ComboFix2 log vi è abbastanza identico al primo, ma vi è un timestamp 10:04 in riferimento a una quarantena di log. Il quarentine log è vuoto. Qui c'è il file, non so se è completo o quello che volete. Ora ho per dividere. ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86 Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00] Running da: c: \ utenti \ Shirley \ Desktop \ ComboFix.exe SP: Spybot - Search and Destroy disabili * * (obsoleta) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9) SP: SUPERAntiSpyware disabili * * (Aggiornato) (222A897C-5018-402e-943F-7E7AC8560DA7) SP: Windows Defender * permesso * (Aggiornato) (D68DDC3A-831f-4FAE-9E44-DA132C1ACF46) . ((((((((((((((((((((((((( I file creati dal 2009/04/24 al 2009/05/24 ))))))))))) )))))))))))))))))))) . 2009-05-22 23:57. 2009-05-24 08:40 117760 ---- aw c: \ utenti \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-05-22 23:56. 2009-05-22 23:56 d -------- ----- wc: \ programdata \ SUPERAntiSpyware.com 2009-05-22 23:52. 2009-05-22 23:52 d -------- ----- wc: \ Program Files \ SUPERAntiSpyware 2009-05-22 23:52. 2009-05-22 23:52 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com 2009-05-22 20:36. 2009-05-22 20:36 d -------- ----- wc: \ Program Files \ Common Files \ Wise Installation Wizard 2009-05-22 15:06. 2009-02-05 20:06 51376 ---- aw c: \ windows \ system32 \ drivers \ aswTdi.sys 2009-05-22 15:06. 2009-02-05 20:06 23152 ---- aw c: \ windows \ system32 \ drivers \ aswRdr.sys 2009-05-22 15:06. 2009-02-05 20:07 114768 ---- aw c: \ windows \ system32 \ drivers \ aswSP.sys 2009-05-22 15:06. 2009-02-05 20:07 20560 ---- aw c: \ windows \ system32 \ drivers \ aswFsBlk.sys 2009-05-22 15:06. 2009-02-05 20:04 97480 ---- aw c: \ windows \ system32 \ AvastSS.scr 2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- aw c: \ windows \ system32 \ aswBoot.exe 2009-05-22 15:06. 2009-02-05 20:06 51792 ---- aw c: \ windows \ system32 \ drivers \ aswMonFlt.sys 2009-05-22 15:06. 2009-05-22 15:06 d -------- ----- wc: \ Program Files \ Alwil Software 2009-05-22 04:38. 2009-05-22 04:38 738120 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ MCESpotlig ht \ MCESpotlight \ SpotlightResources.dll 2009-05-20 12:43. 2008-06-20 01:14 97800 ---- aw c: \ windows \ system32 \ infocardapi.dll 2009-05-20 12:43. 2008-06-20 01:14 105016 ---- aw c: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 11264 ---- aw c: \ windows \ system32 \ icardres.dll 2009-05-20 12:43. 2008-06-20 01:14 622080 ---- aw c: \ windows \ system32 \ icardagt.exe 2009-05-20 12:43. 2008-06-20 01:14 43544 ---- aw c: \ windows \ system32 \ PresentationHostProxy.dll 2009-05-20 12:43. 2008-06-20 01:14 781344 ---- aw c: \ windows \ system32 \ PresentationNative_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 326160 ---- aw c: \ windows \ system32 \ PresentationHost.exe 2009-05-20 12:33. 2008-07-27 18:03 96760 ---- aw c: \ windows \ system32 \ dfshim.dll 2009-05-20 12:33. 2008-07-27 18:03 282112 ---- aw c: \ windows \ system32 \ Mscoree.dll 2009-05-20 12:33. 2008-07-27 18:03 41984 ---- aw c: \ windows \ system32 \ netfxperf.dll 2009-05-20 12:32. 2008-07-27 18:03 158720 ---- aw c: \ windows \ system32 \ mscorier.dll 2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw c: \ windows \ system32 \ mscories.dll 2009-05-20 11:39. 2009-05-20 11:39 d -------- ----- wc: \ Program Files \ Microsoft Silverlight 2009-05-20 04:03. 2009-05-20 11:00 d -------- ----- wc: \ Program Files \ Windows Live Safety Center 2009-05-19 23:20. 2009-05-19 23:20 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Local \ Acer DV Mago 2009-05-19 23:10. 2009-05-19 23:10 d -------- ----- wc: \ windows \ domenica 2009-05-19 20:40. 2009-05-19 20:40 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-19 20:40. 2009-05-19 11:41 38200 ---- aw c: \ utenti \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \http://www.macromedia.com \ bin \ airapp ... pinstaller.exe 2009-05-19 18:24. 2009-05-24 08:38 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Local \ Eraser 2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ utenti \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646) 2009-05-19 18:24. 2009-05-19 18:24 d -------- ----- wc: \ Program Files \ Eraser 2009-05-19 17:20. 2009-05-19 17:20 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ eSobi 2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw C: \ Windows \ system32 \ RegRaidSedona.bat 2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA 2009-05-19 14:04. 2009-05-19 14:05 d -------- ----- wc: \ Program Files \ Spybot - Search & Destroy 2009-05-19 14:04. 2009-05-19 14:05 d -------- ----- wc: \ programdata \ Spybot - Search & Destroy 2009-05-19 13:01. 2009-05-19 13:01 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ WinPatrol 2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw C: \ utenti \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys 2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw C: \ utenti \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat 2009-05-19 13:01. 2009-05-19 13:01 d -------- ----- wc: \ Program Files \ BillP Studios 2009-05-19 12:26. 2009-05-19 12:26 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ Malwarebytes 2009-05-19 12:26. 2009-04-06 19:32 15504 ---- aw c: \ windows \ system32 \ drivers \ mbam.sys 2009-05-19 12:26. 2009-04-06 19:32 38496 ---- aw c: \ windows \ system32 \ drivers \ mbamswissarmy.sys 2009-05-19 12:26. 2009-05-19 13:22 d -------- ----- wc: \ Program Files \ Malwarebytes' Anti-Malware 2009-05-19 12:26. 2009-05-19 12:26 d -------- ----- wc: \ programdata \ Malwarebytes 2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat 2009-05-19 11:53. 2009-05-19 11:53 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Local \ Mozilla 2009-05-19 11:41. 2009-05-19 11:41 d -------- ----- wc: \ Program Files \ Common Files \ Adobe AIR 2009-05-19 11:38. 2009-05-19 12:45 d -------- ----- wc: \ programdata \ NN 2009-05-19 11:29. 2009-05-19 11:29 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Local \ Seven Zip 2009-05-19 10:41. 2009-03-19 20:32 23400 ---- aw c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys 2009-05-19 10:41. 2008-04-17 16:12 107368 ---- aw c: \ windows \ system32 \ GEARAspi.dll 2009-05-19 10:41. 2009-05-20 01:10 d -------- ----- wc: \ Program Files \ iPod 2009-05-19 10:41. 2009-05-19 10:41 d -------- ----- wc: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) 2009-05-19 10:41. 2009-05-19 10:41 d -------- ----- wc: \ Program Files \ iTunes 2009-05-19 10:38. 2009-05-19 10:38 d -------- ----- wc: \ Program Files \ QuickTime 2009-05-19 10:34. 2009-05-19 10:34 75048 ---- aw C: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe 2009-05-19 10:34. 2009-05-19 10:34 d -------- ----- wc: \ Program Files \ Bonjour 2009-05-19 10:33. 2009-05-19 10:33 416128 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ NetTV \ Brow se \ NetTVResources.dll 2009-05-19 10:29. 2009-05-19 10:29 410984 ---- aw c: \ windows \ system32 \ deploytk.dll 2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat 2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw C: \ programdata \ Microsoft \ Windows Defender \ Definizione Aggiornamenti \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw C: \ programdata \ ArcSoft \ kodak-printcreations-22-080812-oem \ acforall.dll 2009-05-24 04:22. 2008-09-12 01:46 d -------- ----- wc: \ Program Files \ Google 2009-05-20 11:55. 2008-09-11 17:01 104472 ---- aw c: \ utenti \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT 2009-05-20 11:51. 2008-02-05 19:30 d -------- ----- wc: \ programdata \ Microsoft Aiuto 2009-05-20 11:49. 2008-02-05 19:31 d -------- ----- wc: \ Program Files \ Microsoft Works 2009-05-20 03:54. 2008-09-12 14:01 d -------- ----- wc: \ Program Files \ Lx_cats 2009-05-20 00:42. 2008-02-05 20:19 d -------- ----- wc: \ Program Files \ Common Files \ Adobe 2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Installation Information 2009-05-19 23:27. 2008-02-05 19:49 d -------- ----- wc: \ Program Files \ Acer Arcade Live 2009-05-19 23:20. 2008-09-15 23:24 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ CyberLink 2009-05-19 21:38. 2008-09-12 20:56 d -------- ----- wc: \ Program Files \ Common Files \ SureThing Shared 2009-05-19 21:04. 2008-09-12 14:09 1664 ---- aw c: \ utenti \ Shirley \ AppData \ Roaming \ wklnhst.dat 2009-05-19 17:29. 2009-03-04 15:55 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ Sony 2009-05-19 17:20. 2008-02-05 19:22 d -------- ----- wc: \ programdata \ NVIDIA 2009-05-19 16:54. 2008-02-05 18:03 36864 ---- aw c: \ windows \ system32 \ nvcod100.dll 2009-05-19 16:54. 2007-10-25 11:02 147456 ---- aw c: \ windows \ system32 \ nvcolor.exe 2009-05-19 16:13. 2008-09-12 01:47 d -------- ----- wc: \ utenti \ Shirley \ AppData \ Roaming \ LimeWire 2009-05-19 11:32. 2008-02-05 20:08 d -------- ----- wc: \ Program Files \ Yahoo! 2009-05-19 11:05. 2008-09-12 01:45 d -------- ----- wc: \ Program Files \ Java 2009-05-19 10:41. 2008-09-13 03:14 d -------- ----- wc: \ Program Files \ Common Files \ Apple 2009-05-19 10:38. 2008-09-13 03:15 d -------- ----- wc: \ programdata \ Apple Computer 2009-05-11 12:10. 2009-05-11 12:10 78260 ---- aw C: \ programdata \ SPL23D4.tmp 2009-04-17 10:12. 2006-11-02 11:18 d -------- ----- wc: \ Program Files \ Windows Mail 2009-04-02 22:13. 2009-04-02 22:13 702127 ---- aw C: \ programdata \ SPLFB91.tmp 2009-03-19 20:32. 2009-03-19 20:32 23400 ---- aw C: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys 2009-03-17 03:38. 2009-04-17 05:22 13824 ---- aw c: \ windows \ system32 \ apilogen.dll 2009-03-17 03:38. 2009-04-17 05:22 24064 ---- aw c: \ windows \ system32 \ amxread.dll 2009-03-08 11:34. 2009-05-20 03:47 914944 ---- aw c: \ windows \ system32 \ wininet.dll 2009-03-08 11:34. 2009-05-20 03:47 43008 ---- aw c: \ windows \ system32 \ licmgr10.dll 2009-03-08 11:33. 2009-05-20 03:47 18944 ---- aw c: \ windows \ system32 \ corpol.dll 2009-03-08 11:33. 2009-05-20 03:47 109056 ---- aw c: \ windows \ system32 \ iesysprep.dll 2009-03-08 11:33. 2009-05-20 03:47 109568 ---- aw c: \ windows \ system32 \ PDMSetup.exe 2009-03-08 11:33. 2009-05-20 03:47 107520 ---- aw c: \ windows \ system32 \ RegisterIEPKEYs.exe 2009-03-08 11:33. 2009-05-20 03:47 103936 ---- aw c: \ windows \ system32 \ SetDepNx.exe 2009-03-08 11:33. 2009-05-20 03:47 132608 ---- aw c: \ windows \ system32 \ ieUnatt.exe 2009-03-08 11:33. 2009-05-20 03:47 107008 ---- aw c: \ windows \ system32 \ SetIEInstalledDate.exe 2009-03-08 11:33. 2009-05-20 03:47 420352 ---- aw c: \ windows \ system32 \ vbscript.dll 2009-03-08 11:32. 2009-05-20 03:47 72704 ---- aw c: \ windows \ system32 \ admparse.dll 2009-03-08 11:32. 2009-05-20 03:47 71680 ---- aw c: \ windows \ system32 \ iesetup.dll 2009-03-08 11:32. 2009-05-20 03:47 66560 ---- aw c: \ windows \ system32 \ wextract.exe 2009-03-08 11:32. 2009-05-20 03:47 169472 ---- aw c: \ windows \ system32 \ iexpress.exe 2009-03-08 11:31. 2009-05-20 03:47 34816 ---- aw c: \ windows \ system32 \ imgutil.dll 2009-03-08 11:31. 2009-05-20 03:47 48128 ---- aw c: \ windows \ system32 \ mshtmler.dll 2009-03-08 11:31. 2009-05-20 03:47 45568 ---- aw c: \ windows \ system32 \ Mshta.exe 2009-03-08 11:22. 2009-05-20 03:47 156160 ---- aw c: \ windows \ system32 \ Msls31.dll 2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw c: \ windows \ system32 \ ntkrnlpa.exe 2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw c: \ windows \ system32 \ ntoskrnl.exe 2009-03-03 04:39. 2009-04-17 05:22 183296 ---- aw c: \ windows \ system32 \ sdohlp.dll 2009-03-03 04:39. 2009-04-17 05:22 551424 ---- aw c: \ windows \ system32 \ Rpcss.dll 2009-03-03 04:39. 2009-04-17 05:22 26112 ---- aw c: \ windows \ system32 \ printfilterpipelineprxy.dll 2009-03-03 04:37. 2009-04-17 05:22 98304 ---- aw c: \ windows \ system32 \ iasrecst.dll 2009-03-03 04:37. 2009-04-17 05:22 54784 ---- aw c: \ windows \ system32 \ iasads.dll 2009-03-03 04:37. 2009-04-17 05:22 44032 ---- aw c: \ windows \ system32 \ iasdatastore.dll 2009-03-03 03:04. 2009-04-17 05:22 666624 ---- aw c: \ windows \ system32 \ printfilterpipelinesvc.exe 2009-03-03 02:38. 2009-04-17 05:22 17408 ---- aw c: \ windows \ system32 \ iashost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * vuoto voci & legit default voci non vengono visualizzate REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ehTray.exe" = "C: \ Windows \ ehome \ ehTray.exe" [2008-01-21 125952] "OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536] "WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240] "Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552] "Acer Empowering Technology Monitor" = "C: \ Acer \ Empowering Technology \ SysMonitor.exe" [2008-01-10 326176] "SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784] "Acer Registrazione prodotto" = "C: \ Program Files \ Acer Registrazione \ ACE1.exe" [2007-10-15 3387392] "NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296] "LXCECATS" = "c: \ windows \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728] "lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744] "EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344] "ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696] "WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704] "avast!" = "C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000] "RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007-10-11 4702208] c: \ programdata \ Microsoft \ Windows \ Menu Avvio \ Programmi \ Startup \ Empowering Technology Launcher.lnk - c: \ acer \ Empowering Technology \ eAPLauncher.exe [2008-2-5 535336] Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ System] "EnableUIADesktopToggle" = 0 (0x0) "EnableLUA" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2008-12-22 16:05 356352 ---- aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32 "wave2" = serwvdrv.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend] @ = "Service" [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ FirewallRules] "(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark sistema di comunicazioni "(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark sistema di comunicazioni "(EB8798E6-358B-A219-4DDA-21BBC5D3C79A)" = UDP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Finestra di stato della stampante "(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Finestra di stato della stampante "(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Main Page \ Acer Arcade Live.exe: Acer Arcade Live "(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(1DF156D1-4B3D-94E3-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(8640BFAB-48CC-1B85-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(3DB81CCD-40B3-4E96-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Aggiornamento Spybot-S & D "(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Aggiornamento Spybot-S & D "(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center "(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile] "EnableFirewall" = 0 (0x0) R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 AM 114768] R1 FAMv4; FAMv4; c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944] R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560] R2 aswMonFlt; aswMonFlt; c: \ windows \ system32 \ drivers \ come wMonFlt.sys [5/22/2009 11:06 AM 51792] R2 BUNAgentSvc; NTI Backup Now 5 Servizio di agente; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752] R2 NTIBackupSvc; NTI Backup Now 5 Backup Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520] R2 NTISchedulerSvc; NTI Backup Now 5 Servizio di pianificazione; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440] R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368] R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)] "C: \ Windows \ System32 \ rundll32.exe" C: \ Windows \ System32 \ iedkcs32.dll ", BrandIEActiveSe TUP SIGNUP . - - - - ORFANI REMOVED - - - -- SafeBoot-procexp90.Sys . ------- ------- Supplementari Scan . uStart Page = hxxp: / / www.yahoo.com/ mStart Page = hxxp: / / en.us.acer.yahoo.com uInternet Impostazioni, ProxyOverride = <local>; *. locali uInternet Impostazioni, ProxyServer = http = localhost: 7171 IE: E & sporta in Microsoft Excel - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000 Trusted Zone: microsoft.com \ update Trusted Zone: microsoft.com \ WindowsUpdate FF - ProfilePath - c: \ utenti \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ rofiles P \ j0dqrqc6.default \ FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com / . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-24 04:54 Windows 6.0.6001 Service Pack 1 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run LXCECATS = rundll32 c: \ windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? scansione di file nascosti ... scansione completata con successo i file nascosti: 0 ************************************************** ************************ . --------------------- --------------------- LOCKED chiavi di registro [HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings] @ Negato: (A) (Utenti) @ Negato: (A) (Everyone) @ Ammessi: (B 1 2 3 4 5) (S-1-5-20) "BlindDial" = dword: 00000000 . Completamento orario: 2009-05-24 4:55 ComboFix-quarantena-files.txt 2009-05-24 08:55 Pre-Run: 173.756.547.072 byte libero Post-Run: 173.859.581.952 byte libero 269 --- EOF --- 2009-05-17 10:04 EDIT: No, rapido confronto tra la prima, credo che sia identico. |
|
#10
24. Mag 2009, 10:38
| |||
| |||
| Ciao Bubba, Citazione:
L'attuale registro può essere trovato in C: / combofix.txt.
__________________ Orgoglioso membro del ASAP & UNITE |
