Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Processi conime.exe e wininit.exe

Problemi con i sistemi operativi di casa Microsoft? Questa è la sezione che fa per te!

Rispondi al messaggio

Processi conime.exe e wininit.exe

Messaggioda Guybrush1989 » dom apr 05, 2009 11:49 am

Salve, sono un possessore di Win Vista Home Premium SP1 OEM regolarmente acquistato col pc.
Stamattina, col software Kamomilla, ho effettuato la scansione dei processi sul mio pc e ho trovato un processo "wininit.exe" nella cartella SYSTEM che viene segnalato in rosso dal software che ne invoca la cancellazione. Ho letto che questo processo può essere dannoso o autorizzato, ma non ho ancora capito di chi fidarmi. Il sito "processlibrary.com" lo segnala come un troyan. Stesso discorso per "conime.exe", che Kamomilla segnala in blu (cioè ignora cosa sia). Ricerche su internet mi assicurano che sia un altro trojan, mentre altri mi dicono che sia un processo legato alle opzioni internazionali delle lingue orientali...
Premetto che talvolta il pc impiega davvero molto ad avviarsi, pure avendo 4 giga di ram...aspetto vostre delucidazioni [:)]
Avatar utente
Guybrush1989
Neo Iscritto
Neo Iscritto
 
Messaggi: 24
Iscritto il: mer mar 11, 2009 4:18 pm
Top

Re: Processi conime.exe e wininit.exe

Messaggioda crazy.cat » dom apr 05, 2009 11:57 am

Se "wininit.exe" è nella cartella SYSTEM non è niente di buono.
Per toglierti il dubbio fai analizzare i due file sul sito www.virustotal.com e vedi cosa ti dicono.
poi puoi postare anche il log della scansione di combofix che vediamo se ci sono altri problemi.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Re: Processi conime.exe e wininit.exe

Messaggioda Mandrake » dom apr 05, 2009 12:13 pm

se conime si trova in system32 è pulito, è un file che hanno tutti. Il trojan generalmente si posiziona in system. [std]
Avatar utente
Mandrake
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 1783
Iscritto il: mer nov 22, 2006 5:07 pm
Località: Roma
Top
Top

Re: Processi conime.exe e wininit.exe

Messaggioda Guybrush1989 » dom apr 05, 2009 12:46 pm

crazy.cat ha scritto:Se "wininit.exe" è nella cartella SYSTEM non è niente di buono.
Per toglierti il dubbio fai analizzare i due file sul sito http://www.virustotal.com e vedi cosa ti dicono.
poi puoi postare anche il log della scansione di combofix che vediamo se ci sono altri problemi.


entrambi i file sono in system32, ho controllato, e virustotal, avira premium security e malwarebytes non riscontrano nulla..ora posto i 2 log di combofix e hijackthis.

ComboFix 09-04-04.01 - Fabio 2009-04-05 13.26.34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.3068.1475 [GMT 2:00]
Eseguito da: c:\downloads\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\MabryObj.dll
c:\windows\system32\nets12.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


((((((((((((((((((((((((( Files Creati Da 2009-03-05 al 2009-04-05 )))))))))))))))))))))))))))))))))))
.

2009-04-04 21:27 . 2009-04-04 21:27 <DIR> d-------- c:\users\Fabio\AppData\Roaming\vlc
2009-04-04 16:05 . 2009-04-04 22:00 <DIR> d-------- C:\Worms Armageddon
2009-04-04 13:27 . 2009-04-04 13:41 <DIR> d-------- c:\program files\Nero
2009-04-03 22:22 . 2009-04-03 22:22 <DIR> d-------- c:\program files\VS Revo Group
2009-04-03 21:31 . 2008-02-28 14:26 1,414,440 --a------ c:\windows\System32\ShellManager310E2D762.dll
2009-04-03 21:31 . 2008-02-28 14:01 774,144 --a------ c:\windows\System32\NEROINSTAEC43759.DB
2009-04-03 17:15 . 2009-04-03 17:15 <DIR> d-------- C:\XP
2009-04-01 22:25 . 2009-04-01 22:25 <DIR> d-------- c:\program files\No-IP
2009-04-01 21:57 . 2009-04-02 12:03 <DIR> d-------- c:\program files\freeSSHd
2009-03-30 20:39 . 2009-03-30 20:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 20:39 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-30 20:39 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-28 15:50 . 2009-03-28 15:50 <DIR> d-------- c:\windows\System32\EventProviders
2009-03-27 17:58 . 2009-03-27 17:58 <DIR> d-------- c:\program files\CodeGazer
2009-03-27 17:43 . 2009-03-27 17:43 <DIR> d-------- c:\users\Fabio\AppData\Roaming\TuneUp Software
2009-03-27 17:43 . 2009-03-27 17:43 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-03-27 17:43 . 2009-03-27 17:43 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-03-27 17:43 . 2008-12-11 14:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-03-27 17:43 . 2008-12-11 14:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-03-27 17:42 . 2009-03-27 17:42 <DIR> d-------- c:\users\All Users\TuneUp Software
2009-03-27 17:42 . 2009-03-27 17:42 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-27 17:42 . 2009-03-27 17:42 <DIR> d-------- c:\programdata\TuneUp Software
2009-03-27 17:42 . 2009-03-27 17:42 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-27 17:42 . 2009-03-27 17:43 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-03-27 00:42 . 2008-04-02 21:00 198,656 --a------ c:\windows\System32\CNMLM83.DLL
2009-03-24 00:01 . 1997-08-26 12:06 315,904 --a------ c:\windows\IsUninst.exe
2009-03-23 22:51 . 2009-03-23 22:51 <DIR> d--h----- c:\users\All Users\CanonBJ
2009-03-23 22:51 . 2009-03-23 22:51 <DIR> d--h----- c:\programdata\CanonBJ
2009-03-22 23:49 . 2009-03-22 23:49 28,182 --a------ c:\users\Fabio\AppData\Roaming\MecloDosttWpnBackground.dat
2009-03-22 22:39 . 2009-03-22 23:58 28,246 --a------ c:\users\Fabio\AppData\Roaming\Riar sefktWpnBackground.dat
2009-03-22 22:34 . 2009-03-22 23:43 <DIR> d-------- c:\users\Fabio\AppData\Roaming\Real Desktop
2009-03-22 15:39 . 2009-03-22 15:41 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-03-19 00:29 . 2009-03-19 00:29 <DIR> d-------- c:\windows\Sun
2009-03-18 19:09 . 2009-03-18 19:09 <DIR> d-------- c:\users\Fabio\AppData\Roaming\Avira
2009-03-18 18:59 . 2009-03-18 18:59 <DIR> d-------- c:\users\All Users\Avira
2009-03-18 18:59 . 2009-03-18 18:59 <DIR> d-------- c:\programdata\Avira
2009-03-18 18:59 . 2009-03-18 18:59 <DIR> d-------- c:\program files\Avira
2009-03-18 18:59 . 2008-05-07 14:20 71,592 --a------ c:\windows\System32\drivers\avfwot.sys
2009-03-18 18:59 . 2008-05-07 10:51 71,464 --a------ c:\windows\System32\drivers\avfwim.sys
2009-03-17 22:27 . 2009-03-17 22:27 <DIR> d-------- c:\program files\Recuva
2009-03-17 20:16 . 2009-03-17 20:16 <DIR> d-------- c:\users\Fabio\AppData\Roaming\Malwarebytes
2009-03-17 20:16 . 2009-03-17 20:16 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-17 20:16 . 2009-03-17 20:16 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-17 00:09 . 2009-03-28 18:12 <DIR> d-------- c:\users\Fabio\AppData\Roaming\OpenWith.org Cache
2009-03-17 00:08 . 2009-03-17 00:08 <DIR> d-------- c:\program files\OpenWith.org Desktop Tool
2009-03-15 14:06 . 2009-03-15 14:06 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-15 14:03 . 2009-03-15 14:03 <DIR> d-------- c:\users\Fabio\AppData\Roaming\Nikon
2009-03-15 14:01 . 2009-03-15 14:01 <DIR> d-------- c:\users\All Users\Ultima_T15
2009-03-15 14:01 . 2009-03-15 14:01 <DIR> d-------- c:\users\All Users\Nikon
2009-03-15 14:01 . 2009-03-15 14:01 <DIR> d-------- c:\users\All Users\howto
2009-03-15 14:01 . 2009-03-15 14:01 <DIR> d-------- c:\users\All Users\EnterNHelp
2009-03-15 14:01 . 2009-03-15 14:01 <DIR> d-------- c:\programdata\Ultima_T15
2009-03-15 14:01 . 2009-03-15 14:01 <DIR> d-------- c:\programdata\Nikon
2009-03-15 14:01 . 2009-03-15 14:01 <DIR> d-------- c:\programdata\howto
2009-03-15 14:01 . 2009-03-15 14:01 <DIR> d-------- c:\programdata\EnterNHelp
2009-03-15 14:01 . 2009-03-15 14:01 <DIR> d-------- c:\program files\Nikon
2009-03-15 14:01 . 2009-03-15 14:02 <DIR> d-------- c:\program files\Common Files\Nikon
2009-03-15 14:01 . 2009-03-15 14:01 <DIR> d-------- c:\program files\Common Files\muvee Technologies
2009-03-15 14:01 . 2009-03-19 16:47 20 ---h----- c:\users\All Users\PKP_DLdu.DAT
2009-03-15 14:01 . 2009-03-19 16:47 20 ---h----- c:\programdata\PKP_DLdu.DAT
2009-03-15 13:59 . 2009-03-15 13:59 <DIR> d-------- c:\users\All Users\Apple Computer
2009-03-15 13:59 . 2009-03-15 13:59 <DIR> d-------- c:\programdata\Apple Computer
2009-03-15 13:59 . 2009-03-15 14:00 <DIR> d-------- c:\program files\QuickTime
2009-03-13 15:05 . 2009-03-13 15:05 <DIR> d-------- c:\program files\Defraggler
2009-03-13 01:35 . 2009-03-13 01:41 <DIR> d-------- c:\users\Fabio\.VirtualBox
2009-03-13 01:35 . 2009-02-16 18:46 100,560 --a------ c:\windows\System32\drivers\VBoxDrv.sys
2009-03-13 01:34 . 2009-03-13 01:35 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-03-13 01:34 . 2009-02-16 18:47 129,552 --a------ c:\windows\System32\VBoxNetFltNotify.dll
2009-03-13 01:34 . 2009-02-16 18:47 87,568 --a------ c:\windows\System32\drivers\VBoxNetFlt.sys
2009-03-13 01:34 . 2009-02-16 18:47 41,744 --a------ c:\windows\System32\drivers\VBoxUSBMon.sys
2009-03-13 00:36 . 2009-03-13 00:36 <DIR> d-------- c:\program files\Muziic
2009-03-11 17:50 . 2009-03-11 17:51 <DIR> d-------- c:\program files\Karnaugh Map Minimizer 0.4 (EN-IT)
2009-03-10 21:56 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-10 21:56 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-10 18:02 . 2004-09-03 01:00 124,688 --a------ c:\windows\System32\MSWINSCK.OCX
2009-03-10 18:02 . 2007-10-07 12:27 10,752 --a------ c:\windows\System32\aamd532.dll
2009-03-10 00:08 . 2009-03-11 21:03 <DIR> d-------- c:\program files\nLite
2009-03-08 23:36 . 2009-03-08 23:36 <DIR> d-------- c:\users\All Users\CenerTCPMessenger
2009-03-08 23:36 . 2009-03-08 23:36 <DIR> d-------- c:\programdata\CenerTCPMessenger
2009-03-08 16:31 . 2009-03-08 16:31 <DIR> d-------- c:\users\All Users\Zylom
2009-03-08 16:31 . 2009-03-08 16:31 <DIR> d-------- c:\programdata\Zylom
2009-03-08 16:22 . 2009-03-08 16:53 <DIR> d-------- c:\users\Fabio\AppData\Roaming\Zylom
2009-03-08 00:21 . 2009-03-08 14:01 <DIR> d-------- c:\users\Fabio\AppData\Roaming\PoivY
2009-03-08 00:18 . 2009-03-08 00:18 <DIR> d-------- c:\program files\PoivY.com
2009-03-08 00:05 . 2009-03-08 00:05 172 --a------ c:\windows\ODBC.INI
2009-03-08 00:04 . 2009-03-08 00:04 <DIR> d-------- c:\windows\System32\js
2009-03-08 00:04 . 2009-03-08 00:04 <DIR> d-------- c:\windows\System32\images
2009-03-08 00:04 . 2009-03-08 00:04 <DIR> d-------- c:\windows\System32\html
2009-03-08 00:04 . 2009-03-08 00:04 <DIR> d-------- c:\windows\System32\css
2009-03-08 00:04 . 2009-03-08 00:04 <DIR> d-------- c:\program files\Microsoft Device Emulator
2009-03-08 00:04 . 2009-03-08 00:04 <DIR> d-------- c:\program files\Business Objects
2009-03-08 00:02 . 2009-03-08 00:03 <DIR> d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-03-08 00:02 . 2009-03-08 00:02 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2009-03-07 23:53 . 2009-03-07 23:53 <DIR> d-------- c:\users\All Users\PreEmptive Solutions
2009-03-07 23:53 . 2009-03-07 23:53 <DIR> d-------- c:\programdata\PreEmptive Solutions
2009-03-07 23:47 . 2009-03-07 23:47 <DIR> d-------- c:\windows\System32\1033
2009-03-07 23:47 . 2009-03-07 23:47 <DIR> d-------- c:\windows\symbols
2009-03-07 23:44 . 2009-03-09 00:59 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0
2009-03-07 23:44 . 2009-03-07 23:44 <DIR> d-------- c:\program files\Microsoft SDKs
2009-03-07 23:44 . 2009-03-07 23:49 <DIR> d-------- c:\program files\HTML Help Workshop
2009-03-07 23:44 . 2009-03-07 23:44 <DIR> d-------- c:\program files\CE Remote Tools
2009-03-07 23:41 . 2009-03-07 23:42 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2009-03-06 23:15 . 2009-03-07 17:47 <DIR> d-------- c:\program files\Microsoft SQL Server
2009-03-06 23:04 . 2009-03-09 00:59 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-03-06 23:04 . 2009-03-09 00:55 <DIR> d-------- c:\program files\Common Files\Merge Modules
2009-03-06 00:05 . 2009-03-06 00:05 <DIR> d-------- c:\program files\Common Files\Stardock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 11:35 42,559 ----a-w c:\users\All Users\nvModes.dat
2009-04-05 11:35 42,559 ----a-w c:\programdata\nvModes.dat
2009-04-05 11:31 --------- d-----w c:\users\Fabio\AppData\Roaming\Orbit
2009-04-04 22:22 --------- d-----w c:\users\Fabio\AppData\Roaming\MiniLyrics
2009-04-04 12:39 --------- d-----w c:\users\Fabio\AppData\Roaming\Nero
2009-04-04 11:56 --------- d-----w c:\program files\Common Files\Nero
2009-04-04 11:35 --------- d-----w c:\programdata\Nero
2009-04-03 20:28 --------- d-----w c:\users\Fabio\AppData\Roaming\TeraCopy
2009-04-01 17:24 --------- d---a-w c:\programdata\TEMP
2009-03-31 16:27 --------- d-----w c:\program files\Java
2009-03-30 21:13 --------- d-----w c:\program files\Orbitdownloader
2009-03-30 09:02 --------- d-----w c:\program files\Stardock
2009-03-23 22:31 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-22 13:05 --------- d-----w c:\users\Fabio\AppData\Roaming\Desktopicon
2009-03-18 16:22 --------- d-----w c:\programdata\Norton
2009-03-18 16:20 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-15 09:15 --------- d-----w c:\program files\Common Files\Adobe
2009-03-12 23:34 --------- d-----w c:\program files\Sun
2009-03-10 21:26 --------- d-----w c:\program files\Windows Mail
2009-03-10 20:15 --------- d-----w c:\programdata\Microsoft Help
2009-03-09 11:43 --------- d-----w c:\program files\Real Alternative
2009-03-07 22:02 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-07 22:00 --------- d-----w c:\program files\Microsoft.NET
2009-03-07 21:48 --------- d-----w c:\program files\MSBuild
2009-03-05 22:38 --------- d-----w c:\program files\CamSpace
2009-02-27 16:26 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-27 16:26 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 12:16 --------- dc-h--w c:\programdata\{E94FD7CC-6945-4744-99C3-9BFF40AA2F24}
2009-02-24 12:16 --------- d-----w c:\users\Fabio\AppData\Roaming\Stardock
2009-02-18 17:05 --------- d-----w c:\program files\SelfTest
2009-02-13 17:18 --------- d-----w c:\program files\Windows Live
2009-02-06 19:01 308,088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-05 19:25 --------- d-----w c:\users\Fabio\AppData\Roaming\BatteryBar
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-12-06 14:52 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040]

c:\users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
freeSSHd.lnk - c:\program files\freeSSHd\FreeSSHDService.exe [2009-04-01 1355976]
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2009-04-01 1172992]
Sidebar.lnk - c:\program files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-03-30 3450608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-12-06 1719496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC654325-1273-C2A9-2B7C-45A29BCE2FBD}"= "c:\program files\Stardock\Fences\DesktopDock.dll" [2009-02-04 513384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Fabio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopEarth AutoStart.lnk]
path=c:\users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
backup=c:\windows\pss\DesktopEarth AutoStart.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Fabio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rapget.lnk]
path=c:\users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rapget.lnk
backup=c:\windows\pss\Rapget.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 18:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 12:40 687560 c:\daemon tools lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PoivY]
--a------ 2008-09-26 12:25 9102112 c:\program files\PoivY.com\PoivY\PoivY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 21:16 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-09 05:19 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
--------- 2008-06-13 19:11 210216 c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 06:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-21 04:23 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-21 04:25 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5BD3D597-2432-45FB-97F4-F2315C81F350}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{FB500848-9144-43BF-90C4-B3C564185A72}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{BB642A42-A2B9-4F6A-BC56-22B151318D1D}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{28E60446-FE87-4935-8CFD-10BBDD5CBA01}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C6558523-2881-465A-869E-174924BC5DE9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{76F9DAFD-B34B-47FD-9EBF-14C121ED0365}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{1E302A30-F401-4B65-A083-63FF6EAF2950}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{0BCE26FB-86F0-40CA-8D9F-325E64DC1F05}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{CA77B2A8-806A-4824-83DE-5226E2667FE8}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"{011AD9C6-6381-4C06-9C71-C0E36228B7E1}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R1 avfwot;avfwot;c:\windows\System32\drivers\avfwot.sys [2009-03-18 71592]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [2009-03-13 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [2009-03-13 41744]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [2008-09-27 73728]
R2 AntiVirFirewallService;Firewall Avira Premium Security Suite;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [2009-03-18 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [2009-03-18 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\avwebgrd.exe [2009-03-18 258305]
R2 AVEService;Servizio assistenza di Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [2009-03-18 41217]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [2008-03-18 24880]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-30 179856]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-07-18 341328]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-27 603904]
R3 AVerAF15;HP DVB-T TV Tuner;c:\windows\System32\drivers\AVerAF15.sys [2008-09-27 280192]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\System32\drivers\avfwim.sys [2009-03-18 71464]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-07-18 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-01-24 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-04-01 81296]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [2009-03-30 15504]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-05-23 43552]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [2009-03-13 87568]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - sptd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56f37b72-e3ce-11dd-937a-00238b1b1eb2}]
\shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7ee3500-0ee6-11de-8c58-94c180c752fd}]
\shell\AutoRun\command - H:\
\shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-04 c:\windows\Tasks\Malwarebytes' Scheduled Update for Fabio.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 16:49]

2009-04-05 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 17:20]

2009-04-05 c:\windows\Tasks\User_Feed_Synchronization-{2D442BD6-49CC-4803-B48C-52A2206DA76C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 13:31]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-Google Update - c:\users\Fabio\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.smsveloce.it/ricerca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: avsda.dll
TCP: {40FEF727-E697-491B-93CF-825EAA0B9304} = 192.168.0.1
FF - ProfilePath - c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\bao8jswp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\bao8jswp.default\extensions\firedownload@mozilla.org\components\firedownload.dll
FF - component: c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\bao8jswp.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 13:35:08
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(4136)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wlanext.exe
c:\program files\Avira\Avira Premium Security Suite\sched.exe
c:\program files\Avira\Avira Premium Security Suite\avguard.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-05 13:41:44 - Il pc è stato riavviato [Fabio]
ComboFix-quarantined-files.txt 2009-04-05 11:41:40

Pre-Run: 125.520.805.888 byte disponibili
Post-Run: 127,641,911,296 byte disponibili

392 --- E O F --- 2009-04-02 20:37:03


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.44.59, on 05/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\freeSSHd\FreeSSHDService.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smsveloce.it/ricerca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: freeSSHd.lnk = C:\Program Files\freeSSHd\FreeSSHDService.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Sidebar.lnk = D:\Program Files\Windows Sidebar\sidebar.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40FEF727-E697-491B-93CF-825EAA0B9304}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Fences - {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Program Files\Stardock\Fences\DesktopDock.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Firewall Avira Premium Security Suite (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Scheduler Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Servizio assistenza di Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 9633 bytes
Avatar utente
Guybrush1989
Neo Iscritto
Neo Iscritto
 
Messaggi: 24
Iscritto il: mer mar 11, 2009 4:18 pm
Top

Re: Processi conime.exe e wininit.exe

Messaggioda Mandrake » dom apr 05, 2009 2:21 pm

Mi sembra pulito, ma aspetta altri pareri...
Riscontri qualche problema in particolare?
Avatar utente
Mandrake
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 1783
Iscritto il: mer nov 22, 2006 5:07 pm
Località: Roma
Top

Re: Processi conime.exe e wininit.exe

Messaggioda Guybrush1989 » dom apr 05, 2009 3:43 pm

Mandrake ha scritto:Mi sembra pulito, ma aspetta altri pareri...
Riscontri qualche problema in particolare?

solo qualche volta ci mette un po' più di tempo del solito ad avviarsi, in avvio, come se avesse un qualcosa che occupasse ram/processore...
e poi la sidebar non si avvia più da sola, mentre prima lo faceva, ma ho dovuto aggiungere un collegamento in esecuzione automatica.

Scusami, piccola domanda un po' o.t. : ma se ho avira premium security, posso affiancargli malwarebytes anti malware? di entrambi ho le versioni a pagamento, e quindi malwarebytes utilizza una protezione in tempo reale..i 2 non mi hanno dato problemi fino ad oggi, secondo potrebbero creare incompatibilità col passare del tempo? finora ho fatto diverse scansioni con entrambi e mai avuto problema, sinceramente...
Avatar utente
Guybrush1989
Neo Iscritto
Neo Iscritto
 
Messaggi: 24
Iscritto il: mer mar 11, 2009 4:18 pm
Top

Re: Processi conime.exe e wininit.exe

Messaggioda Fred » dom apr 05, 2009 10:24 pm

Scusate se mi intrometto ma mi sembra inutile aprire un altro post. Qualcuno di voi sa dirmi cosa sia il processo conime.exe? Su internet ci sono versioni discordanti. Devi dire che non mi da fastidio ma lo devo fare fuori alle volte per poter disconnettere le periferiche USB. Qualcuno di voi sa delucidarmi?
Grazie
[ciao]
Asus M3N78SE;AMD Athlon 64X2 5200+@5400;2 GB DDR2;NVIDIA GeForce 9500GT;Windows 7 Pro 64bit;
AcerASPIRE5230;Windows 7 Pro 64bit
Skype: nellopc90
Avatar utente
Fred
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3623
Iscritto il: mer apr 27, 2005 4:13 pm
Località: Urbe
Top

Re: Processi conime.exe e wininit.exe

Messaggioda davidXP » lun apr 06, 2009 2:03 pm

Ciao io ti consiglio di usare GData (un po' pesante ma coi tuoi 4GB andra benissimo) che è il migliore nella prevenzione dei virus come dice anche il mega test degli antivirus 2008.
Devo ammettere che anche che Avira e Malawarebytes sono ottimi ma secondo me ne dovresti usare solo uno.
________________________________________________________________________________________________________________________________________ Hey ragazzi sono nuovo sul forum ma non preoccupatevi so tutto di MegaLab e ammiro tutti voi redattori e coloro che postano nelle sezioni del forum!
Come minimo ci andrebbe una festa di benvenuto!
Ciaoooo!
________________________________________________________________________________________________________________________________________

[win] [win] [sadbye] XP il più bel S.O di Windows [sadbye] [win] [win]
Avatar utente
davidXP
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: dom apr 05, 2009 8:09 pm
Top

Re: Processi conime.exe e wininit.exe

Messaggioda crazy.cat » lun apr 06, 2009 3:06 pm

Fred ha scritto:Qualcuno di voi sa dirmi cosa sia il processo conime.exe?

A quanto pare serve ad aggiungere il supporto alle lingue asiatiche. Dopo ci sono i malware che ne sfruttano il nome per infiltrarsi.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Re: Processi conime.exe e wininit.exe

Messaggioda Sir Unknown » mar giu 16, 2009 2:04 pm

Scusate anche me,ma mi sembra inutile aprire un post con lo stesso problema,praticamente ho installato oggi WLN safe(5.0),e per curiosità ho avviato la sua opzione dei controllo dei processi,beh,mi da in rosso quindi come virus,questo WININIT,di fatto io questo file lo ho nella cartella SYSTEM32 ma come WININIT ne .exe e ne altra estensione che lo accompagna,avendo vista,ho cercato in giro,ma come l utente di questo post ho avuto risposte vaghe [boh] ..sapete darmi qulche dritta?ho controllato leggendo il vostro post in system e nn cè la almeno [:)] come scansioni ho usato nod23,malwarebytes e nel dubbio nn sapendo se utile anche spybot,come sempre [grazie]
La prima spada è senza dubbio una spada tagliente..la seconda è notevolmente più tagliente delle due,e non taglia senza motivo ciò che è innocente
Avatar utente
Sir Unknown
Aficionado
Aficionado
 
Messaggi: 85
Iscritto il: dom nov 23, 2008 3:03 pm
Top

Re: Processi conime.exe e wininit.exe

Messaggioda Fred » gio giu 18, 2009 12:05 pm

Che risultati hanno dato le scansioni? Prova a postare il log di hijackthis.
[ciao]
Asus M3N78SE;AMD Athlon 64X2 5200+@5400;2 GB DDR2;NVIDIA GeForce 9500GT;Windows 7 Pro 64bit;
AcerASPIRE5230;Windows 7 Pro 64bit
Skype: nellopc90
Avatar utente
Fred
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3623
Iscritto il: mer apr 27, 2005 4:13 pm
Località: Urbe
Top

Re: Processi conime.exe e wininit.exe

Messaggioda Sir Unknown » gio giu 18, 2009 7:46 pm

nulla di nulla [uhm]

ecco il log [;)]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.43.54, on 18/06/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\nod32kui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ivan\Documents\Files, qui dentro devono essere salvati\temp\backups hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: stllssvr - Syntek America Inc. - (no file)


ancora devo eliminare come consigliato da voi queste voci [acc2] ma già che ci sono,se ce altro da eliminare faccio tutto insieme xD ho già disattivato defender almeno XD

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
La prima spada è senza dubbio una spada tagliente..la seconda è notevolmente più tagliente delle due,e non taglia senza motivo ciò che è innocente
Avatar utente
Sir Unknown
Aficionado
Aficionado
 
Messaggi: 85
Iscritto il: dom nov 23, 2008 3:03 pm
Top
Rispondi al messaggio

Torna a Sistema Operativo

Chi c’è in linea

Visitano il forum: Nessuno e 40 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising