Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

aiutatemi, neanche in modalita' provvisoria riesco ad accede

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

aiutatemi, neanche in modalita' provvisoria riesco ad accede

Messaggioda freedom06 » mer mar 07, 2007 11:32 am

Logfile of HijackThis v1.99.1
Scan saved at 10.25.33, on 07/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\lsaigvcv.exe
C:\Programmi\ABAQUS\License\lmgrd.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\ABAQUS\License\ABAQUSLM.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ABAQUS\Documentation\monitor.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\ABAQUS\Documentation\monitor.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\VEXPLITE\VIRITEXP.EXE
C:\Documents and Settings\pc\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {087FC023-DC5B-41E6-9286-953D382070C1} - C:\WINDOWS\System32\urqqomj.dll
O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\nnnliii.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D2AD4883-8E95-4142-81A3-84CD54E60BE3} - C:\WINDOWS\Config\rsvnu.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\System32\mgiklrig.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.dll,CMICtrlWnd
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\ljwq.exe
O4 - HKLM\..\Run: [Windows Explore Service] explore.exe
O4 - HKLM\..\Run: [lsaigvcv] "c:\windows\system32\lsaigvcv.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\ywvtopro.dll",setvm
O4 - HKLM\..\RunServices: [Windows Update] Systemalerts.exe
O4 - HKLM\..\RunServices: [Windows Explore Service] explore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BD59A08-7804-4DF1-91B2-C4E378AC78C8}: NameServer = 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BD59A08-7804-4DF1-91B2-C4E378AC78C8}: NameServer = 151.99.125.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3BD59A08-7804-4DF1-91B2-C4E378AC78C8}: NameServer = 151.99.125.1
O20 - AppInit_DLLs:
O20 - Winlogon Notify: nnnliii - nnnliii.dll (file missing)
O20 - Winlogon Notify: rsvnu - C:\WINDOWS\Config\rsvnu.dll
O20 - Winlogon Notify: urqqomj - C:\WINDOWS\SYSTEM32\urqqomj.dll
O23 - Service: ABAQUS - Macrovision Corporation - C:\Programmi\ABAQUS\License\lmgrd.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Texis Monitor - Expansion Programs International, Inc. - C:\Programmi\ABAQUS\Documentation\monitor.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
Avatar utente
freedom06
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: ven lug 28, 2006 11:01 am

Messaggioda Amantide » mer mar 07, 2007 12:26 pm

Se non riesci ad accedere in modalità provvisoria allora probabilmente si tratta di Bagle, ma oltre a questo hai anche altri problemi.

Scarica The Avenger, estrai archivio in una cartella ed avvia il file Avenger.exe.
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno del form copia ed incolla questo script:

Files to delete:
C:\WINDOWS\System32\urqqomj.dll
C:\WINDOWS\System32\nnnliii.dll
C:\WINDOWS\Config\rsvnu.dll
C:\WINDOWS\System32\mgiklrig.dll
C:\WINDOWS\System32\lssas.exe
C:\WINDOWS\System32\ljwq.exe
c:\windows\system32\lsaigvcv.exe
C:\WINDOWS\System32\ywvtopro.dll
C:\Windows\System32\Systemalerts.exe


Dopodichè clicca sul pulsante Done, poi 2 volte sull'icona del semaforo verde e rispondi alle successive domande Si .
Il pc dovrebbe riavviarsi da solo,se cosi non fosse riavvialo manualmente.
Alla fine allegami il log di Avenger che si trova in C:/avenger.txt

Dopo rifai la scansione con Hijackthis, seleziona le seguenti voci e premi Fix checked:

O2 - BHO: (no name) - {087FC023-DC5B-41E6-9286-953D382070C1} - C:\WINDOWS\System32\urqqomj.dll
O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\nnnliii.dll (file missing)
O2 - BHO: (no name) - {D2AD4883-8E95-4142-81A3-84CD54E60BE3} - C:\WINDOWS\Config\rsvnu.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\System32\mgiklrig.dll
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\ljwq.exe
O4 - HKLM\..\Run: [Windows Explore Service] explore.exe
O4 - HKLM\..\Run: [lsaigvcv] "c:\windows\system32\lsaigvcv.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\ywvtopro.dll",setvm
O4 - HKLM\..\RunServices: [Windows Update] Systemalerts.exe
O4 - HKLM\..\RunServices: [Windows Explore Service] explore.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - AppInit_DLLs:
O20 - Winlogon Notify: nnnliii - nnnliii.dll (file missing)
O20 - Winlogon Notify: rsvnu - C:\WINDOWS\Config\rsvnu.dll
O20 - Winlogon Notify: urqqomj - C:\WINDOWS\SYSTEM32\urqqomj.dll


Fatto questo scarica ed esegui Systemscan, spunta tutte le voci e fai la scansione. A scansione terminata trova in C:\suspectfile il file report.txt, comprimilo in un archivio rar o zip ed allegalo qui.
E cambia antivirus!! Metti Antivir Pe o Active Virus Shield al posto di Avast.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

grazie 1000 ma...

Messaggioda freedom06 » mer mar 07, 2007 1:14 pm

Vi ringrazio infinitamente x i vostri utilissimi consigli, nel primo pomeriggio provvedero' immediatamente.
Volevo solo dirvi che l'antivirus Avast l'ho installato solo qualche ora fa, prima avevo quel maledettisimo antivirirus chiamato NORTON.

Avast Professional non credo sia male o me lo sconsigliate?

Grazie ancora
Avatar utente
freedom06
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: ven lug 28, 2006 11:01 am


Re: grazie 1000 ma...

Messaggioda Amantide » mer mar 07, 2007 1:54 pm

freedom06 ha scritto:
Avast Professional non credo sia male o me lo sconsigliate?

Grazie ancora

Meglio di Norton ma non è il massimo.
Fai una cosa, nelle opzioni di Avast puoi programmare la scansione al riavvio del pc, se riuscirà ad eliminare da solo tutta la roba che ti ho indicato prima, lascialo... altrimenti fai funzionare Avenger e cambia antivirus. [std]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

log di avenger

Messaggioda freedom06 » mer mar 07, 2007 4:46 pm

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sninibnu

*******************

Script file located at: \??\C:\WINDOWS\System32\xosimkiy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\System32\urqqomj.dll deleted successfully.


File C:\WINDOWS\System32\nnnliii.dll not found!
Deletion of file C:\WINDOWS\System32\nnnliii.dll failed!

Could not process line:
C:\WINDOWS\System32\nnnliii.dll
Status: 0xc0000034

File C:\WINDOWS\Config\rsvnu.dll deleted successfully.
File C:\WINDOWS\System32\mgiklrig.dll deleted successfully.


File C:\WINDOWS\System32\lssas.exe not found!
Deletion of file C:\WINDOWS\System32\lssas.exe failed!

Could not process line:
C:\WINDOWS\System32\lssas.exe
Status: 0xc0000034

File C:\WINDOWS\System32\ljwq.exe deleted successfully.
File c:\windows\system32\lsaigvcv.exe deleted successfully.
File C:\WINDOWS\System32\ywvtopro.dll deleted successfully.


File C:\Windows\System32\Systemalerts.exe not found!
Deletion of file C:\Windows\System32\Systemalerts.exe failed!

Could not process line:
C:\Windows\System32\Systemalerts.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
freedom06
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: ven lug 28, 2006 11:01 am

log di avenger

Messaggioda freedom06 » mer mar 07, 2007 4:53 pm

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sninibnu

*******************

Script file located at: \??\C:\WINDOWS\System32\xosimkiy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\System32\urqqomj.dll deleted successfully.


File C:\WINDOWS\System32\nnnliii.dll not found!
Deletion of file C:\WINDOWS\System32\nnnliii.dll failed!

Could not process line:
C:\WINDOWS\System32\nnnliii.dll
Status: 0xc0000034

File C:\WINDOWS\Config\rsvnu.dll deleted successfully.
File C:\WINDOWS\System32\mgiklrig.dll deleted successfully.


File C:\WINDOWS\System32\lssas.exe not found!
Deletion of file C:\WINDOWS\System32\lssas.exe failed!

Could not process line:
C:\WINDOWS\System32\lssas.exe
Status: 0xc0000034

File C:\WINDOWS\System32\ljwq.exe deleted successfully.
File c:\windows\system32\lsaigvcv.exe deleted successfully.
File C:\WINDOWS\System32\ywvtopro.dll deleted successfully.


File C:\Windows\System32\Systemalerts.exe not found!
Deletion of file C:\Windows\System32\Systemalerts.exe failed!

Could not process line:
C:\Windows\System32\Systemalerts.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
freedom06
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: ven lug 28, 2006 11:01 am

Messaggioda Amantide » mer mar 07, 2007 7:48 pm

La scansione con Avast hai fatto?

Postami anche il log della scansione con Systemscan.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

blocco systemscan

Messaggioda freedom06 » mer mar 07, 2007 8:08 pm

Ciao, ho provato a lanciare una scansione con systemscan ma si blocca sempre alla stessa voce e cioè: Alternate Data Streams e non riesco a capire x quale motivo.

comunque. ho seguito le vostre indicazioni e ho eliminato le voci che mi avevate indicato, con Hijackthis.

Vi devo ancora postare il log di avast. provvedo al + presto
Avatar utente
freedom06
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: ven lug 28, 2006 11:01 am

log di systemsacn

Messaggioda freedom06 » mer mar 07, 2007 8:15 pm

Sono riuscito a far terminare la scansione di systemsan deselezionando la voce Alternate Data Streams .

systemscan - www.suspectfile.com - ver. 2.0.23

Date: 07/03/2007
Time: 19.07.39,10

Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Not Running Services
-Device Driver Services
-Svchost.exe instances
-Loaded Dlls
-Encrypted Files
-Hidden objects
-Include hijackthis.log

-------------Users folders -------------

Directory di C:\documents and settings

07/03/2007 12.11 <DIR> Administrator
16/09/2005 12.00 <DIR> All Users
16/09/2005 12.02 <DIR> Default User
07/03/2007 18.07 <DIR> LocalService
16/09/2005 12.05 <DIR> NetworkService
07/03/2007 16.07 <DIR> pc

-------------Recent files (60 days) -------------
NOTE: searched only in C:, C:\WINDOWS, C:\WINDOWS\system32, C:\Programmi\File comuni, C:\WINDOWS\temp



Directory di C:\


07/03/2007 19.03 <DIR> WINDOWS
07/03/2007 12.10 <DIR> VEXPLITE
07/03/2007 12.27 <DIR> Temp
07/03/2007 19.07 <DIR> suspectfile
07/03/2007 16.12 <DIR> SOPHTEMP
02/02/2007 00.01 <DIR> ARTICOLO_LAMIERE
07/03/2007 19.03 <DIR> Programmi
07/03/2007 15.40 <DIR> avenger
09/02/2007 13.50 <DIR> costruzioni_di_macchine
07/03/2007 10.18 <DIR> Documents and Settings
07/03/2007 11.56 0 CONFIG.SYS
07/03/2007 15.39 2.862 avenger.txt
07/03/2007 11.56 0 AUTOEXEC.BAT
12/01/2007 17.47 16.636.416 Articolo_Lamiere.doc
24/01/2007 18.43 222.720 ANALISI AGLI ELEMENTI FINITI DELLA FORMATURA SUPERPLASTICA DI UNA LEGA DI Mg.doc


Directory di C:\WINDOWS


07/03/2007 17.55 <DIR> WinSxS
07/03/2007 17.48 <DIR> Web
07/03/2007 18.04 <DIR> AppPatch
02/02/2007 13.13 <DIR> bak
07/03/2007 18.59 <DIR> Temp
07/03/2007 18.36 <DIR> system32
07/03/2007 17.50 <DIR> system
07/03/2007 17.51 <DIR> srchasst
07/03/2007 17.51 <DIR> ServicePackFiles
07/03/2007 18.18 <DIR> security
07/03/2007 15.39 <DIR> Config
07/03/2007 17.54 <DIR> provisioning
07/03/2007 18.05 <DIR> Debug
07/03/2007 18.05 <DIR> Prefetch
26/01/2007 10.23 <DIR> Downloaded Installations
07/03/2007 17.54 <DIR> peernet
07/03/2007 17.55 <DIR> EHome
07/03/2007 18.22 <DIR> msagent
06/03/2007 18.58 <DIR> Minidump
07/03/2007 17.54 <DIR> Media
07/03/2007 17.55 <DIR> Help
07/03/2007 19.00 <DIR> LastGood
07/03/2007 17.55 <DIR> ime
07/03/2007 18.17 1.355 imsins.BAK
07/03/2007 18.18 1.355 imsins.log
07/03/2007 18.18 320.852 iis6.log
07/03/2007 18.16 17.543 KB873339.log
07/03/2007 18.17 20.055 KB885835.log
07/03/2007 18.17 19.564 KB885836.log
07/03/2007 18.13 15.623 KB888302.log
07/03/2007 18.14 18.584 KB890046.log
07/03/2007 18.12 15.344 KB890859.log
07/03/2007 18.14 17.466 KB891781.log
07/03/2007 18.16 20.731 KB893756.log
07/03/2007 18.15 18.813 KB896358.log
07/03/2007 18.16 19.232 KB896423.log
07/03/2007 18.16 20.694 KB896424.log
07/03/2007 18.12 13.936 KB896428.log
07/03/2007 18.18 21.510 KB899587.log
07/03/2007 18.17 20.317 KB899591.log
07/03/2007 18.13 17.637 KB900725.log
07/03/2007 18.17 19.884 KB901017.log
07/03/2007 18.14 17.291 KB901214.log
07/03/2007 18.13 15.165 KB904706.log
07/03/2007 18.14 17.851 KB905414.log
07/03/2007 18.13 15.482 KB905749.log
07/03/2007 18.12 14.292 KB908519.log
07/03/2007 18.13 15.839 KB908531.log
07/03/2007 18.15 18.220 KB910437.log
07/03/2007 18.16 19.938 KB911280.log
07/03/2007 18.16 19.449 KB911562.log
07/03/2007 18.15 15.609 KB911564.log
07/03/2007 18.17 20.197 KB911927.log
07/03/2007 18.13 15.886 KB912919.log
07/03/2007 18.12 15.369 KB913580.log
07/03/2007 18.14 18.597 KB914388.log
07/03/2007 18.12 14.117 KB914389.log
07/03/2007 18.14 17.371 KB917344.log
07/03/2007 18.13 16.717 KB917422.log
07/03/2007 18.14 17.205 KB917953.log
07/03/2007 18.14 18.198 KB919007.log
07/03/2007 18.15 18.043 KB920670.log
07/03/2007 18.12 14.750 KB920683.log
07/03/2007 18.17 20.017 KB920685.log
07/03/2007 18.16 19.332 KB921398.log
07/03/2007 18.17 20.682 KB921883.log
07/03/2007 18.17 19.530 KB922616.log
07/03/2007 19.01 18.158 KB922819.log
07/03/2007 19.01 19.446 KB923191.log
07/03/2007 19.01 21.641 KB923414.log
07/03/2007 19.01 21.567 KB924191.log
07/03/2007 19.01 21.572 KB924496.log
07/03/2007 18.18 21.136 medctroc.Log
07/03/2007 16.09 80 gmer_uninstall.cmd
07/03/2007 16.16 250 gmer.ini
09/02/2007 09.17 8.636 ModemLog_SoftK56 Data Fax.txt
07/03/2007 16.09 565.311 gmer.dll
07/03/2007 18.18 13.854 msgsocm.log
07/03/2007 18.18 87.554 msmqinst.log
07/03/2007 18.18 270.711 FaxSetup.log
07/03/2007 18.18 47.960 netfxocm.log
07/03/2007 18.51 123.782 ntbtlog.txt
07/03/2007 18.18 55.679 ntdtcsetup.log
07/03/2007 18.18 136.810 ocgen.log
07/03/2007 18.18 17.141 ocmsn.log
07/03/2007 18.09 345 OEWABLog.txt
07/03/2007 18.08 232 DtcInstall.log
07/03/2007 18.18 89.849 comsetup.log
07/03/2007 17.57 200 cmsetacl.log
07/03/2007 18.58 32.244 SchedLgU.Txt
07/03/2007 17.55 218 sessmgr.setup.log
07/03/2007 17.41 0 setupact.log
07/03/2007 18.36 188.201 setupapi.log
07/03/2007 17.41 0 setuperr.log
07/03/2007 18.07 12.951 setuplog.txt
09/02/2007 11.20 37.133 SiSUSBrg.exe
07/03/2007 18.22 30.162 spupdsvc.log
07/03/2007 17.33 0 Sti_Trace.log
07/03/2007 18.01 434.166 svcpack.log
07/03/2007 18.18 13.840 tabletoc.log
07/03/2007 18.18 126.671 tsoc.log
07/03/2007 18.18 11.458 updspapi.log
07/03/2007 18.36 2.060 vminst.log
07/03/2007 18.59 159 wiadebug.log
07/03/2007 18.59 50 wiaservc.log
07/03/2007 17.56 604 win.ini
07/03/2007 19.07 284.869 WindowsUpdate.log
07/03/2007 18.59 0 0.log
07/03/2007 18.15 778 wmsetup.log
07/03/2007 18.08 316.640 WMSysPr9.prx


Directory di C:\WINDOWS\system32


07/03/2007 18.05 <DIR> wbem
07/03/2007 17.50 <DIR> usmt
07/03/2007 17.55 <DIR> Setup
07/03/2007 17.51 <DIR> Restore
07/03/2007 17.47 <DIR> ReinstallBackups
07/03/2007 17.54 <DIR> oobe
07/03/2007 17.51 <DIR> npp
02/02/2007 13.12 <DIR> ??sembly
07/03/2007 18.07 <DIR> inetsrv
07/03/2007 18.17 <DIR> drivers
06/03/2007 19.00 <DIR> config
07/03/2007 17.51 <DIR> Com
07/03/2007 19.01 <DIR> CatRoot2
07/03/2007 18.00 <DIR> CatRoot
09/02/2007 11.21 <DIR> bak
15/01/2007 18.32 689.280 aswBoot.exe
15/01/2007 18.23 90.112 AVASTSS.scr
12/01/2007 18.12 16 coh.cache
06/03/2007 18.44 2.934 CONFIG.NT
12/01/2007 18.12 30.328 EraserAHS.tlg
07/03/2007 18.22 312.376 FNTCACHE.DAT
02/02/2007 13.17 60 i
07/03/2007 18.58 1.536 LMGRD.LOG
31/01/2007 19.04 0 mcrh.tmp
09/02/2007 11.20 37.133 NeroCheck.exe
02/02/2007 13.12 36.875 NeroCheck.exe1171016487
07/03/2007 18.14 39.992 perfc009.dat
07/03/2007 18.14 47.592 perfc010.dat
07/03/2007 18.14 311.604 perfh009.dat
07/03/2007 18.14 345.010 perfh010.dat
07/03/2007 18.14 751.592 PerfStringBackup.INI
02/02/2007 13.14 39.936 s.exe
07/03/2007 18.05 269 spupdwxp.log
02/02/2007 13.16 0 TFTP3620
02/02/2007 13.14 2 wnscptr.exe
07/03/2007 18.07 2.206 wpa.dbl
02/02/2007 13.12 193.281 xcbbc.exe


Directory di C:\Programmi\File comuni


02/02/2007 12.47 <DIR> Adobe
02/02/2007 12.51 <DIR> Adobe Systems Shared
26/01/2007 10.26 <DIR> Macromedia
07/03/2007 19.02 <DIR> Symantec Shared
07/03/2007 17.50 <DIR> System


Directory di C:\WINDOWS\temp


07/03/2007 19.04 <DIR> _avast4_



-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

[run]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

[run]

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------

[Windows]
"AppInit_DLLs"=""

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"forceunlocklogon"=dword:00000000
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"Background"="0 0 0"
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
"Shell"="Explorer.exe"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Senza fili"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Script"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"iedkcs32.dll"
@="Personalizzazione Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installazione software"
"DllName"=expand:"appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="Protezione IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe"
"Cmaudio"="RunDll32 cmicnfg.dll,CMICtrlWnd"
"AtiPTA"="atiptaxx.exe"
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"DSLSTATEXE"="C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon"
"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon"
"Acrobat Assistant 7.0"="\"C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe\""
@=""
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE"

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

[RunOnceEx]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

[RunServices]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

[RunServicesOnce]

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"ATI Launchpad"=""
"MSMSGS"="\"C:\Programmi\Messenger\msmsgs.exe\" /background"

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

[RunServices]

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

[RunServicesOnce]

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------

[Browser Helper Objects]

[Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
#### HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\InprocServer32 @="C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""

[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\Programmi\Spybot - Search & Destroy\SDHelper.dll"

[Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
#### HKCR\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\InprocServer32 @="C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll"
@=""

-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\System32\shdocvw.dll"
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""
#### HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 @="C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{3A947772-3B29-41DB-A436-4B5CAAECE2F6}"=""
"{087FC023-DC5B-41E6-9286-953D382070C1}"=""

-------------HKLM\SYSTEM\ControlSet001\Control\Lsa-------------

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"LsaPid"=dword:0000020c
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000001
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="a87d5bc7"
"Pattern"=hex:ac,ea,07,ad,df,53,7f,a2,ed,54,9e,31,96,3d,fc,45,61,38,37,64,35,\
62,63,37,00,68,07,00,01,00,00,00,d8,00,00,00,dc,00,00,00,48,fa,06,00,d6,48,\
53,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,60,19,a2,9f

[Lsa\GBG]
@Class="60a655ca"
"GrafBlumGroup"=hex:c4,a4,c2,aa,02,30,e3,a0,d0

[Lsa\JD]
@Class="30469f00"
"Lookup"=hex:d1,01,90,39,9c,de

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="a2193709"
"SkewMatrix"=hex:8b,a9,37,29,9c,9a,de,58,ab,af,61,e5,63,27,87,f1

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:80,88,aa,ba,da,60,c7,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"RpcId"=dword:0000ffff
"Time"=hex:00,4e,a0,48,fa,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"RpcId"=dword:00000011
"Time"=hex:00,2f,96,4e,fa,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"RpcId"=dword:00000012
"Time"=hex:00,2f,96,4e,fa,85,c4,01
"Type"=dword:00000031

-------------HKLM\SYSTEM\ControlSet001\Services\SharedAccess-------------

[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ObjectName"="LocalSystem"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."

[SharedAccess\Epoch]
"Epoch"=dword:0000000f

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[SharedAccess\Security]
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{E0F839B4-9D15-476C-872B-EEACA2255680}"=dword:00000001
"{3BD59A08-7804-4DF1-91B2-C4E378AC78C8}"=dword:00000001

-------------HKLM\Software\Microsoft\Ole-------------

[Ole]
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="N"
"EnableRemoteConnect"="N"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------

@="\"%1\" /S"

-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------

@="C:\WINDOWS\System32\mshta.exe \"%1\" %*"

-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\INF\unregmp2.exe /ShowWMP"
@="Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@=""
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\System32\danim.dll"
@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Modulo ricerca non in linea"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Guida di Internet Explorer"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
@="Windows Messenger 4.7"
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Strumenti di installazione di Internet Explorer"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
@="Miglioramenti sfoglia"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="Accesso sito MSN"
"ComponentID"="MSN_Auth"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Binding dati Dynamic HTML"
"ComponentID"="Tridata"

[Installed Components\{BF90891F-5005-53D1-E20A-36D33249B439}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"Local"="EN"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Font principali di Internet Explorer"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="Guida HTML"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"

-------------Comparing registry keys CCS1 vs CCS2 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


-------------Comparing registry keys CCS1 vs CCS3 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\eeCtrl\Started
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ewido security suite driver Start REG_DWORD 4 (0x4)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\ewido security suite driver Start REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ewido security suite driver DeleteFlag REG_DWORD 1 (0x1)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 15 (0xF)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 12 (0xC)

Result compared: Different


-------------List of running services -------------



000) "ABAQUS" - ABAQUS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Programmi\ABAQUS\License\lmgrd.exe

001) "ALG" - Servizio Gateway di livello applicazione
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe

002) "aswUpdSv" - avast! iAVS4 Control Service
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"

003) "AudioSrv" - Audio Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

004) "avast! Antivirus" - avast! Antivirus
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"

005) "avast! Mail Scanner" - avast! Mail Scanner
---> STAT = (RUNNING) Started manually
---> FILE = "C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service

006) "avast! Web Scanner" - avast! Web Scanner
---> STAT = (RUNNING) Started manually
---> FILE = "C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service

007) "BITS" - Servizio trasferimento intelligente in background
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

008) "CryptSvc" - Servizi di crittografia
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

009) "DcomLaunch" - Utilità di avvio processo server DCOM
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch

010) "Dhcp" - Client DHCP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

011) "dmserver" - Gestione dischi logici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

012) "Dnscache" - Client DNS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k NetworkService

013) "ERSvc" - Servizio di segnalazione errori
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

014) "Eventlog" - Registro eventi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe

015) "EventSystem" - Sistema di eventi COM+
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

016) "FastUserSwitchingCompatibility" - Compatibilità di Cambio rapido utente
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

017) "helpsvc" - Guida in linea e supporto tecnico
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

018) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

019) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

020) "LmHosts" - Helper NetBIOS di TCP/IP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

021) "MDM" - Machine Debug Manager
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"

022) "Netman" - Connessioni di rete
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

023) "Nla" - NLA (Network Location Awareness)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

024) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe

025) "PolicyAgent" - Servizi IPSEC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\lsass.exe

026) "ProtectedStorage" - Archiviazione protetta
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

027) "RasMan" - Connection Manager di Accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

028) "RemoteRegistry" - Registro di sistema remoto
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

029) "RpcSs" - RPC (Remote Procedure Call)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss

030) "SamSs" - Gestione account di protezione (SAM)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

031) "seclogon" - Accesso secondario
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

032) "SENS" - Notifica eventi di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

033) "SharedAccess" - Windows Firewall / Condivisione connessione Internet (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

034) "ShellHWDetection" - Rilevamento hardware shell
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

035) "Spooler" - Spooler di stampa
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe

036) "SSDPSRV" - Servizio di rilevamento SSDP
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

037) "stisvc" - Acquisizione di immagini di Windows (WIA)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k imgsvc

038) "TapiSrv" - Telefonia
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

039) "TermService" - Servizi terminal
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch

040) "Texis Monitor" - Texis Monitor
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Programmi\ABAQUS\Documentation\monitor.exe

041) "Themes" - Temi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

042) "TrkWks" - Manutenzione collegamenti distribuiti client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

043) "viritsvclite" - Virit eXplorer Lite
---> STAT = (RUNNING) Started automatically
---> FILE = C:\VEXPLITE\viritsvc.exe

044) "W32Time" - Ora di Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

045) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

046) "winmgmt" - Strumentazione gestione Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

047) "wscsvc" - Centro sicurezza PC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

048) "wuauserv" - Aggiornamenti automatici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

049) "WZCSVC" - Zero Configuration reti senza fili
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs



..:: BOOT REGISTRY ::..

0) "SiSUSBRG"
---> CMD = C:\WINDOWS\SiSUSBrg.exe
---> FILE = C:\WINDOWS\SiSUSBrg.exe

1) "Cmaudio"
---> CMD = RunDll32 cmicnfg.dll,CMICtrlWnd
---> FILE = C:\WINDOWS\RunDll32 cmicnfg.dll,CMICtrlWnd

2) "AtiPTA"
---> CMD = atiptaxx.exe
---> FILE = C:\WINDOWS\atiptaxx.exe

3) "NeroCheck"
---> CMD = C:\WINDOWS\system32\NeroCheck.exe
---> FILE = C:\WINDOWS\system32\NeroCheck.exe

4) "DSLSTATEXE"
---> CMD = C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
---> FILE = C:\Programmi\IPM\Adsl\DataWay\dslstat.exe

5) "Easy-PrintToolBox"
---> CMD = C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
---> FILE = C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

6) "Acrobat Assistant 7.0"
---> CMD = "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
---> FILE = C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

7) ""
---> CMD =
---> FILE = C:\Programmi\Adobe\Acrobat 7.0\Distillr\

8) "avast!"
---> CMD = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---> FILE = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

9) "VIRIT LITE MONITOR"
---> CMD = C:\VEXPLITE\MONLITE.EXE
---> FILE = C:\VEXPLITE\MONLITE.EXE



-------------List of NOT running services -------------



000) "Adobe LM Service" - Adobe LM Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"

001) "Alerter" - Avvisi
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

002) "AppMgmt" - Gestione applicazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

003) "Browser" - Browser di computer
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

004) "CiSvc" - Servizio di indicizzazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\cisvc.exe

005) "ClipSrv" - ClipBook
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\clipsrv.exe

006) "CLTNetCnService" - Symantec Lic NetConnect service
---> STAT = (NOT RUNNING) Started automatically
---> FILE = "C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon

007) "COMSysApp" - Applicazione di sistema COM+
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

008) "dmadmin" - Servizio amministrativo di Gestione disco logico
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com

009) "HidServ" - Accesso periferica Human Interface
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

010) "HTTPFilter" - SSL HTTP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter

011) "ImapiService" - Servizio COM di masterizzazione CD IMAPI
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\imapi.exe

012) "Messenger" - Messenger
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

013) "mnmsrvc" - Condivisione desktop remoto di NetMeeting
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\mnmsrvc.exe

014) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\msdtc.exe

015) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\msiexec.exe /V

016) "NetDDE" - DDE di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe

017) "NetDDEdsdm" - DDE DSDM di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe

018) "Netlogon" - Accesso rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe

019) "NtLmSsp" - Provider supporto protezione LM NT
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe

020) "NtmsSvc" - Archivi rimovibili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

021) "ose" - Office Source Engine
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE

022) "RasAuto" - Auto Connection Manager di Accesso remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

023) "RDSessMgr" - Gestione sessione di assistenza mediante desktop remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe

024) "RemoteAccess" - Routing e Accesso remoto
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

025) "RpcLocator" - RPC Locator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\locator.exe

026) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\rsvp.exe

027) "SCardSvr" - smart card
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe

028) "Schedule" - Utilità di pianificazione
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

029) "srservice" - Servizio Ripristino configurazione di sistema
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

030) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{5B388EE1-46C9-43C7-B8CB-D54A9160257F}

031) "SysmonLog" - Avvisi e registri di prestazioni
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\smlogsvc.exe

032) "TlntSvr" - Telnet
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\tlntsvr.exe

033) "upnphost" - Host di periferiche Plug and Play universali
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService

034) "UPS" - Gruppo di continuità
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe

035) "VSS" - Copia replicata del volume
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe

036) "WmdmPmSN" - Servizio Numero di serie per dispositivi multimediali portatili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

037) "Wmi" - Estensioni driver di Strumentazione gestione Windows
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

038) "WmiApSrv" - Scheda WMI Performance
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\wbem\wmiapsrv.exe

039) "xmlprov" - Servizio Provisioning di rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs



-------------List of running device driver services -------------



000) "ACPI" - Driver ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ACPI.sys

001) "AFD" - Ambiente supporto di rete AFD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys

002) "aswMon2" - avast! Standard Shield Support
---> STAT = (RUNNING) Started automatically

003) "aswRdr" - aswRdr
---> STAT = (RUNNING) Started manually

004) "aswTdi" - avast! Network Shield Support
---> STAT = (RUNNING) Started by "IoInitSystem" function

005) "atapi" - Controller disco rigido IDE/ESDI standard
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\atapi.sys

006) "ati2mtag" - ati2mtag
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ati2mtag.sys

007) "audstub" - Driver stub audio
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\audstub.sys

008) "basic2" - basic2
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\basic2.sys

009) "Beep" - Beep
---> STAT = (RUNNING) Started by "IoInitSystem" function

010) "Cdfs" - Cdfs
---> STAT = (RUNNING) Disabled

011) "Cdrom" - Driver del CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\cdrom.sys

012) "cmuda" - C-Media WDM Audio Interface
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\cmuda.sys

013) "Cnxtdiag" - Cnxtdiag
---> STAT = (RUNNING) Started automatically
---> FILE = System32\DRIVERS\cnxtdiag.sys

014) "Disk" - Driver del disco
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\disk.sys

015) "dmio" - Driver Gestione dischi logici
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\drivers\dmio.sys

016) "dmload" - dmload
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\drivers\dmload.sys

017) "eeCtrl" - Symantec Eraser Control driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys

018) "ewido security suite driver" - ewido security suite driver
---> STAT = (RUNNING) Disabled
---> FILE = \??\C:\Programmi\ewido anti-malware\guard.sys

019) "Fallback" - Fallback
---> STAT = (RUNNING) Started automatically
---> FILE = System32\DRIVERS\fallback.sys

020) "Fastfat" - Fastfat
---> STAT = (RUNNING) Disabled

021) "Fdc" - Driver controller disco floppy
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\fdc.sys

022) "Fips" - Fips
---> STAT = (RUNNING) Started by "IoInitSystem" function

023) "Flpydisk" - Driver disco floppy
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\flpydisk.sys

024) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\drivers\fltmgr.sys

025) "Fsks" - Fsks
---> STAT = (RUNNING) Started automatically
---> FILE = System32\DRIVERS\fsksnt.sys

026) "Ftdisk" - Driver archiviazione volumi
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\ftdisk.sys

027) "gameenum" - Enumeratore porta giochi
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\gameenum.sys

028) "Gpc" - Utilità di classificazione pacchetti generica
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\msgpc.sys

029) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys

030) "i8042prt" - Driver di porta mouse PS/2 e tastiera i8042
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\i8042prt.sys

031) "Imapi" - Driver filtro masterizzazione CD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\imapi.sys

032) "intelppm" - Driver processore Intel
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\intelppm.sys

033) "IpNat" - Traduttore indirizzi di rete IP
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ipnat.sys

034) "IPSec" - Driver IPSEC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\ipsec.sys

035) "isapnp" - Driver bus PnP ISA/EISA
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\isapnp.sys

036) "K56" - K56
---> STAT = (RUNNING) Started automatically
---> FILE = System32\DRIVERS\k56nt.sys

037) "Kbdclass" - Driver classe tastiera
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\kbdclass.sys

038) "kmixer" - Mixer wave audio del kernel Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys

039) "KSecDD" - KSecDD
---> STAT = (RUNNING) Started by operating system loader

040) "mnmdd" - mnmdd
---> STAT = (RUNNING) Started by "IoInitSystem" function

041) "Modem" - Modem
---> STAT = (RUNNING) Started manually

042) "Mouclass" - Driver classe mouse
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mouclass.sys

043) "MountMgr" - Gestore installazione (Mounting)
---> STAT = (RUNNING) Started by operating system loader

044) "MRxDAV" - Redirector del client WebDav
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mrxdav.sys

045) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mrxsmb.sys

046) "Msfs" - Msfs
---> STAT = (RUNNING) Started by "IoInitSystem" function

047) "mssmbios" - Driver BIOS Microsoft System Management
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mssmbios.sys

048) "ms_mpu401" - Driver Microsoft MPU-401 MIDI UART
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\msmpu401.sys

049) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader

050) "NDIS" - Driver di sistema NDIS
---> STAT = (RUNNING) Started by operating system loader

051) "NdisTapi" - Driver TAPI NDIS di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndistapi.sys

052) "Ndisuio" - Protocollo I/O modalità utente su NDIS
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndisuio.sys

053) "NdisWan" - Driver WAN NDIS di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndiswan.sys

054) "NDProxy" - Proxy NDIS
---> STAT = (RUNNING) Started manually

055) "NetBIOS" - Interfaccia NetBIOS
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbios.sys

056) "NetBT" - NetBios su Tcpip
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbt.sys

057) "Npfs" - Npfs
---> STAT = (RUNNING) Started by "IoInitSystem" function

058) "Ntfs" - Ntfs
---> STAT = (RUNNING) Disabled

059) "Null" - Null
---> STAT = (RUNNING) Started by "IoInitSystem" function

060) "Parport" - Driver della porta parallela
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\parport.sys

061) "PartMgr" - Gestore partizioni
---> STAT = (RUNNING) Started by operating system loader

062) "ParVdm" - ParVdm
---> STAT = (RUNNING) Started automatically

063) "PCI" - PCI Bus Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\pci.sys

064) "PCIIde" - PCIIde
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\DRIVERS\pciide.sys

065) "PptpMiniport" - WAN Miniport (PPTP)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspptp.sys

066) "PSched" - Utilità di pianificazione pacchetti QoS
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\psched.sys

067) "Ptilink" - Driver Direct Parallel Link
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ptil
Avatar utente
freedom06
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: ven lug 28, 2006 11:01 am

Re: blocco systemscan

Messaggioda Amantide » mer mar 07, 2007 8:21 pm

Allora, già dalle prime righe vedo la probabile presenza di un trojan bruttino, quindi mentre esamino il resto corri a fare la scansione con Kaspersky online e posta qui il report della scansione.
Ah, e butta pure Avast, su 9 file ha rimosso solo 3 [:p]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda Amantide » mer mar 07, 2007 8:37 pm

Scarica The Avenger, estrai archivio in una cartella ed avvia il file Avenger.exe.
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno del form copia ed incolla questo script:

Files to delete:
C:\WINDOWS\imsins.BAK
C:\WINDOWS\imsins.log
C:\WINDOWS\system32\i
C:\WINDOWS\system32\s.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\wnscptr.exe
C:\WINDOWS\system32\xcbbc.exe


Dopodichè clicca sul pulsante Done, poi 2 volte sull'icona del semaforo verde e rispondi alle successive domande Si .
Il pc dovrebbe riavviarsi da solo,se cosi non fosse riavvialo manualmente.
Alla fine allegami il log di Avenger che si trova in C:/avenger.txt


Oltre al log di Kaspersky posta anche il nuovo log di Hijackthis.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

log di KASPERSKY

Messaggioda freedom06 » gio mar 08, 2007 12:20 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 08, 2007 11:11:17 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/03/2007
Kaspersky Anti-Virus database records: 262823
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 114930
Number of viruses found: 8
Number of infected objects: 21 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:46:49

Infected Object Name / Virus Name / Last Action
C:\avenger\avenger\ljwq.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\avenger\avenger\lsaigvcv.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\avenger\avenger\mgiklrig.dll Infected: Trojan.Win32.BHO.g skipped
C:\avenger\avenger\urqqomj.dll Infected: Trojan-Downloader.Win32.ConHook.as skipped
C:\avenger\backup.zip/avenger/ljwq.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\avenger\backup.zip/avenger/lsaigvcv.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\avenger\backup.zip/avenger/mgiklrig.dll Infected: Trojan.Win32.BHO.g skipped
C:\avenger\backup.zip/avenger/urqqomj.dll Infected: Trojan-Downloader.Win32.ConHook.as skipped
C:\avenger\backup.zip ZIP: infected - 4 skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\pc\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Cronologia\History.IE5\MSHist012007030820070309\index.dat Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pc\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\pc\ntuser.dat.LOG Object is locked skipped
C:\Programmi\ABAQUS\Documentation\logs\transfer.log Object is locked skipped
C:\Programmi\ABAQUS\Documentation\texis\monitor.log Object is locked skipped
C:\Programmi\ABAQUS\Documentation\texis\v6.5\SYSINDEX.tbl Object is locked skipped
C:\Programmi\ABAQUS\Documentation\texis\v6.5\SYSMETAI.tbl Object is locked skipped
C:\Programmi\ABAQUS\Documentation\texis\v6.5\SYSPERMS.tbl Object is locked skipped
C:\Programmi\ABAQUS\Documentation\texis\v6.5\SYSSCHEDULE.tbl Object is locked skipped
C:\Programmi\ABAQUS\Documentation\texis\v6.5\SYSTABLE.tbl Object is locked skipped
C:\Programmi\ABAQUS\Documentation\texis\v6.5\SYSTRIG.tbl Object is locked skipped
C:\Programmi\ABAQUS\Documentation\texis\v6.5\SYSUSERS.tbl Object is locked skipped
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SiSUSBrg.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3CA187F3-ACC6-40DE-AFA0-34ABD24E342F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bak\ljwq.exe Infected: Trojan-Proxy.Win32.Ranky.gi skipped
C:\WINDOWS\system32\bak\lsaigvcv.exe Object is locked skipped
C:\WINDOWS\system32\bak\lsasss.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dewlmmpr.exe Infected: Backdoor.Win32.Rbot.bnz skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LMGRD.LOG Object is locked skipped
C:\WINDOWS\system32\NeroCheck.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\WINDOWS\system32\NeroCheck.exe1171016487 Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\WINDOWS\system32\o Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\s.exe Infected: Trojan-Downloader.Win32.Agent.ber skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wfbfiw.exe Infected: Trojan-Dropper.Win32.Pakes skipped
C:\WINDOWS\Tasks\fbhsfj.job Object is locked skipped
C:\WINDOWS\Tasks\jkgnn.job Object is locked skipped
C:\WINDOWS\Tasks\jpy.job Object is locked skipped
C:\WINDOWS\Tasks\oud.job Object is locked skipped
C:\WINDOWS\Tasks\rufrg.job Object is locked skipped
C:\WINDOWS\Tasks\thr.job Object is locked skipped
C:\WINDOWS\Tasks\wsf.job Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
Avatar utente
freedom06
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: ven lug 28, 2006 11:01 am

log di hjackThis

Messaggioda freedom06 » gio mar 08, 2007 12:22 pm

Logfile of HijackThis v1.99.1
Scan saved at 11.19.43, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ABAQUS\License\lmgrd.exe
C:\Programmi\ABAQUS\License\ABAQUSLM.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ABAQUS\Documentation\monitor.exe
C:\Programmi\ABAQUS\Documentation\monitor.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SiSUSBrg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pc\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.dll,CMICtrlWnd
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BD59A08-7804-4DF1-91B2-C4E378AC78C8}: NameServer = 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BD59A08-7804-4DF1-91B2-C4E378AC78C8}: NameServer = 151.99.125.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ABAQUS - Macrovision Corporation - C:\Programmi\ABAQUS\License\lmgrd.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Texis Monitor - Expansion Programs International, Inc. - C:\Programmi\ABAQUS\Documentation\monitor.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
Avatar utente
freedom06
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: ven lug 28, 2006 11:01 am

aiutatemi

Messaggioda freedom06 » gio mar 08, 2007 1:48 pm

vi prego potete contrllarmi gli ultimi 2 log che vi ho postato?
Avatar utente
freedom06
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: ven lug 28, 2006 11:01 am

Re: aiutatemi

Messaggioda Amantide » gio mar 08, 2007 2:49 pm

freedom06 ha scritto:vi prego potete contrllarmi gli ultimi 2 log che vi ho postato?

Ma se li hai postati appena 1 ora e mezzo fa!!! [...]

Vedo che avete una brutta tendenza di dimenticare che nessuno di noi ci vive qui sul forum e che tutti noi siamo i volontari che forniscano l'assistenza per la passione di farlo e non per i soldi... purtroppo.
E non mi pare nemmeno che nella sezione Sicurezza almeno una domanda sia rimasta senza la risposta [nonono]

Esegui con Avenger questo script

Files to delete:
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\SiSUSBrg.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe1171016487
C:\WINDOWS\system32\bak\ljwq.exe
C:\WINDOWS\system32\bak\lsaigvcv.exe
C:\WINDOWS\system32\bak\lsasss.exe
C:\WINDOWS\system32\dewlmmpr.exe
C:\WINDOWS\system32\o
C:\WINDOWS\system32\s.exe
C:\WINDOWS\system32\wfbfiw.exe
C:\WINDOWS\Tasks\fbhsfj.job
C:\WINDOWS\Tasks\jkgnn.job
C:\WINDOWS\Tasks\jpy.job
C:\WINDOWS\Tasks\oud.job
C:\WINDOWS\Tasks\rufrg.job
C:\WINDOWS\Tasks\thr.job
C:\WINDOWS\Tasks\wsf.job


Al riavvio del pc vai nelle cartelle indicate in blu, li trovi la cartella BAK, in quella cartella c'è la copia sana del file eliminato, quello indicato in rosso. Devi prendere quel file "sano" e metterlo al posto del file infetto eliminato:

C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\SiSUSBrg.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe1171016487
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

ok

Messaggioda freedom06 » gio mar 08, 2007 5:44 pm

chiedo umilmente scusa x prima, non capitera' piu'!

ho seguito i tuoi ultimi consigli spero di aver risolto in gran parte i miei problemi.

Ti ringrazio e scusami ancora!!!
Avatar utente
freedom06
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: ven lug 28, 2006 11:01 am

Messaggioda Amantide » gio mar 08, 2007 6:40 pm

Per verificare di aver ripulito tutto basta che rifai la scansione con kaspersky online. [;)]

Fai anche la scansione completa con AVG Anti-spyware.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising