Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Figlio di Trojan

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Figlio di Trojan

Messaggioda RaFFoLo » dom gen 20, 2008 11:01 am

Ogni volta che avvio il pc, avast! mi rileva questo trojan senza la possibilità nè di rimuoverlo nè di metterlo in quarantena ...

Premetto che ho già fatto la scansione completa.
Come posso far sì che si elimini il suddetto file?

Grazie.
Powered by AMD Athlon II X2 3 Ghz | Geforce 8300 | 2 gb DDR-2 1000 Mhz | 300 Gb ATA-100 | Via HD Audio | Windows Seven x64 / OpenSUSE 11
Avatar utente
RaFFoLo
Silver Member
Silver Member
 
Messaggi: 1144
Iscritto il: dom ago 19, 2007 3:16 pm
Località: "(Un)eXPerienced Land"

Messaggioda crazy.cat » dom gen 20, 2008 11:07 am

Li sta tentando di tirarti giù qualcosa dalla rete e viene bloccato.
C'è qualcosa da cercare sul tuo pc che è già presente invece.
Proviamo a vedere un log della scansione di hijackthis.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda RaFFoLo » dom gen 20, 2008 1:22 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.22.54, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINXP\Explorer.EXE
C:\WINXP\wisyst32.exe
C:\PROGRA~3\ALWILS~1\Avast4\ashDisp.exe
C:\WINXP\system32\taskswitch.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINXP\system32\CTHELPER.EXE
C:\WINXP\system32\spoolsv.exe
C:\PROGRA~3\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINXP\system32\rundll32.exe
C:\Programmi\Comodo\Firewall\cfp.exe
C:\PROGRA~3\INTERV~1\WinDVR\WINSCH~1.EXE
C:\Programmi\InterVideo\WinDVR\WinRemote.exe
C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe
C:\DOCUME~3\RAFFAELE\IMPOST~1\Temp\iservice.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Clock Tray Skins\ClockTraySkins.exe
C:\WINXP\system32\ctfmon.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINXP\system32\PSIService.exe
C:\Programmi\TechSmith\SnagIt 8\TSCHelp.exe
C:\WINXP\System32\PAStiSvc.exe
C:\Programmi\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINXP\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINXP\system32\devldr32.exe
C:\Documenti\RAFFAELE\Programmi\Sicurezza\HiJackThis.exe
C:\PROGRA~3\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programmi\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~3\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINXP\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINXP\TEMP\E_SA2.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogonStudio] "C:\Programmi\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINXP\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~3\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~3\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~3\INTERV~1\WinDVR\WINSCH~1.EXE
O4 - HKLM\..\Run: [WinRemote] C:\Programmi\InterVideo\WinDVR\WinRemote.exe
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [ValueX] C:\DOCUME~3\RAFFAELE\IMPOST~1\Temp\services.exe
O4 - HKLM\..\Run: [iNotice] C:\DOCUME~3\RAFFAELE\IMPOST~1\Temp\iservice.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SkinClock] C:\Programmi\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~3\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 5712712578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5712534625
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O20 - AppInit_DLLs: wbsys.dll C:\WINXP\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINXP\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINXP\System32\PAStiSvc.exe

--
End of file - 10007 bytes
Powered by AMD Athlon II X2 3 Ghz | Geforce 8300 | 2 gb DDR-2 1000 Mhz | 300 Gb ATA-100 | Via HD Audio | Windows Seven x64 / OpenSUSE 11
Avatar utente
RaFFoLo
Silver Member
Silver Member
 
Messaggi: 1144
Iscritto il: dom ago 19, 2007 3:16 pm
Località: "(Un)eXPerienced Land"


Messaggioda crazy.cat » dom gen 20, 2008 1:32 pm

Controlla se nella stessa cartella c'è anche un file logon.dll (in caso eliminala)
C:\WINXP\wisyst32.exe
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [ValueX] C:\DOCUME~3\RAFFAELE\IMPOST~1\Temp\services.exe
O4 - HKLM\..\Run: [iNotice] C:\DOCUME~3\RAFFAELE\IMPOST~1\Temp\iservice.exe


I file indicati in rosso sono da eliminare, usa killbox per cancellarli se hai problemi, cancella con hijackthis le righe indicate qui sopra.
Riavvia poi il pc e vedi come va.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda RaFFoLo » dom gen 20, 2008 3:41 pm

Ho eliminato il file nella directory di Windows con unlocker...
Ho eliminato le stringhe in rosso con hijackthis...

Avevo seguito questa procedura ma non aveva portato a casa:
http://www.sophos.com/virusinfo/analyse ... cosbu.html

Vabbè ora riavvio farò sapere se è tutto risolto [^]


**EDIT**

Come non detto ç___ç

Riavviato il pc non si aprono più i programmi nell'avvio automatico , quando clicco su un'icona non si apre più NESSUN programma associato e alla chiusura del sistema dice: l'utente non dispone delle autorizzazioni per eseguire l'operazione (e sono - o meglio ero amministratore ò__ò).

Mi permette - per fortuna - di aprire il task manager, con cui sono riuscito a sua volta ad aprire regedit ... Qualcuno mi dica come riprendermi i miei diritti con quest'ultimo [cry+]. Antivirus, Firewall e affini sono ko (temo il bagle T__T).

I programmi pare si possano aprire solo dal task manager - tramite nuova operazione - e temo ancora per poco (se il virus/worm/trojan quel che è) è ancora attivo...

Grazie,
Ciao.
Ultima modifica di RaFFoLo il lun gen 21, 2008 7:22 am, modificato 2 volte in totale.
Powered by AMD Athlon II X2 3 Ghz | Geforce 8300 | 2 gb DDR-2 1000 Mhz | 300 Gb ATA-100 | Via HD Audio | Windows Seven x64 / OpenSUSE 11
Avatar utente
RaFFoLo
Silver Member
Silver Member
 
Messaggi: 1144
Iscritto il: dom ago 19, 2007 3:16 pm
Località: "(Un)eXPerienced Land"

Messaggioda ste_95 » dom gen 20, 2008 5:35 pm

Dal task manager riesci ad aprire i programmi di sicurezza?

Prova a fare un giro con combofix.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda RaFFoLo » dom gen 20, 2008 6:33 pm

ste_95 ha scritto:Dal task manager riesci ad aprire i programmi di sicurezza?

Stranamente e fortunatamente sì ...

ste_95 ha scritto:Prova a fare un giro con combofix.

Grazie ho provato Combofix, ma niente continuano a non aprirsi i programmi... Non credo sia bagle (niente corrisponde a quanto detto nell'articolo su MegaLab, questo: http://www.MegaLab.it/2657 ).

Per ristabilire i diritti d'amministrazione cos'altro posso provare?? [cry+]

Dal log noto che molti file sono possibili virus ma non posso avvalermi di unlocker e nemmeno eliminarli visto che sono di sola lettura e protetti...

**EDIT**
Leggendo in diversi post di sicurezza - ho notato che spesso viene consigliato anche GMER per controllare l'eventuale presenza di rootkit e ho pensato: e se fosse un rootkit ?!? Ho cominciato la scansione e mi ha rilevato in rosso un file, "guard32.dll" che pare aver "corrotto" diversi files di sistema... Fixati questi, provo ad eliminare i file malevoli rilevati da combofix con unlocker (sperando che vada xD) e a rifare una scansione totale con avast! ...

Mannaggia 'sto winzozzo >_<

(Posto anche il log di combofix...ditemi se ne cavate qualcosa che mi possa aiutare [^])

ComboFix 08-01-20.1 - BABBO 2008-01-20 18:17:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.981 [GMT 1:00]
Eseguito da: C:\Documents and Settings\BABBO\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2007-12-20 al 2008-01-20 )))))))))))))))))))))))))))))))))))
.

2008-01-20 18:03 . 2008-01-20 18:04 <DIR> d-------- C:\Documents and Settings\BABBO\Phone Browser
2008-01-20 18:02 . 2008-01-20 18:02 <DIR> d-------- C:\Documents and Settings\BABBO\Dati applicazioni\ACD Systems
2008-01-20 17:57 . 2000-08-31 08:00 51,200 --a------ C:\WINXP\NirCmd.exe
2008-01-20 13:17 . 2008-01-20 13:17 8,704 --a------ C:\Documents and Settings\RAFFAELE\paaxeg.exe
2008-01-20 12:45 . 2008-01-20 12:45 <DIR> d-------- C:\Documents and Settings\RAFFAELE\SecurityScans
2008-01-18 18:23 . 2008-01-18 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nokia
2008-01-18 18:22 . 2007-02-22 10:15 137,216 --a------ C:\WINXP\system32\drivers\nmwcd.sys
2008-01-18 18:22 . 2007-02-22 10:15 65,536 --a------ C:\WINXP\system32\nmwcdcocls.dll
2008-01-18 18:22 . 2007-02-22 10:15 12,288 --a------ C:\WINXP\system32\drivers\nmwcdcm.sys
2008-01-18 18:22 . 2007-02-22 10:15 8,320 --a------ C:\WINXP\system32\drivers\nmwcdc.sys
2008-01-18 18:20 . 2008-01-18 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-01-17 07:33 . 2008-01-20 13:15 5,120 --a------ C:\WINXP\logon.dll
2008-01-17 07:31 . 2008-01-17 07:31 <DIR> d-------- C:\WINXP\system32\xircom
2008-01-17 07:31 . 2008-01-17 07:31 <DIR> d-------- C:\Programmi\microsoft frontpage
2008-01-15 18:27 . 2008-01-16 14:55 <DIR> d-------- C:\VEXPLITE
2008-01-15 18:27 . 2007-10-10 09:00 36,096 --a------ C:\WINXP\system32\drivers\VIRAGTLT.SYS
2008-01-15 14:59 . 2008-01-15 14:59 <DIR> d-------- C:\Sandbox
2008-01-15 14:42 . 2008-01-20 11:24 <DIR> d-------- C:\BackUpMSNCleaner
2008-01-15 14:21 . 2008-01-15 14:21 <DIR> d--h----- C:\WINXP\PIF
2008-01-14 16:52 . 2008-01-14 16:52 <DIR> d-------- C:\Programmi\Orca
2008-01-14 01:00 . 2008-01-14 01:00 <DIR> d-------- C:\Programmi\Norton Navigator
2008-01-14 00:57 . 1995-07-26 20:21 200,704 --a------ C:\WINXP\system32\THREED32.OCX
2008-01-14 00:57 . 1996-12-09 00:00 194,320 --a------ C:\WINXP\system32\MCI32.OCX
2008-01-14 00:57 . 1997-08-01 12:43 93,696 --a------ C:\WINXP\system32\GVBOX.OCX
2008-01-14 00:57 . 1996-12-09 00:00 71,680 --a------ C:\WINXP\ST5UNST.EXE
2008-01-14 00:57 . 1996-12-05 00:00 36,624 --a------ C:\WINXP\system32\MSJInt35.dll
2008-01-14 00:57 . 1996-12-09 00:00 29,696 --a------ C:\WINXP\system32\VB5StKit.dll
2008-01-14 00:57 . 1996-12-05 00:00 24,336 --a------ C:\WINXP\system32\MSJtEr35.dll
2008-01-14 00:55 . 2008-01-14 00:55 <DIR> d-------- C:\Documents and Settings\RAFFAELE\WINDOWS
2008-01-14 00:55 . 1996-01-09 10:38 283,648 --a------ C:\WINXP\uninst.exe
2008-01-14 00:50 . 2008-01-14 15:41 <DIR> d-------- C:\Programmi\ZTree
2008-01-14 00:42 . 2008-01-14 00:42 <DIR> d-------- C:\~SIW0E76
2008-01-14 00:42 . 1994-08-30 03:00 11,631 --a------ C:\WINXP\SUPP3.DLL
2008-01-13 16:23 . 2008-01-13 16:23 <DIR> d-------- C:\Documents and Settings\BABBO\Dati applicazioni\PC Suite
2008-01-10 16:25 . 2008-01-10 16:25 <DIR> d-------- C:\Documents and Settings\RAFFAELE\Dati applicazioni\ACD Systems
2008-01-10 16:24 . 2008-01-10 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems
2008-01-10 16:23 . 2008-01-10 16:24 <DIR> d-------- C:\Programmi\File comuni\ACD Systems
2008-01-10 16:23 . 2008-01-10 16:23 <DIR> d-------- C:\Programmi\ACD Systems
2008-01-09 13:43 . 2007-10-30 17:53 360,832 --------- C:\WINXP\system32\dllcache\tcpip.sys
2008-01-09 13:42 . 2007-11-07 10:49 732,672 --------- C:\WINXP\system32\dllcache\lsasrv.dll
2008-01-08 14:47 . 2008-01-08 14:47 <DIR> d-------- C:\Documents and Settings\RAFFAELE\Dati applicazioni\Talkback
2008-01-07 01:41 . 2008-01-14 15:37 <DIR> d-------- C:\Programmi\IrfanView
2008-01-03 13:03 . 2008-01-03 13:03 <DIR> d-------- C:\Documents and Settings\RAFFAELE\Dati applicazioni\Jasc
2008-01-03 13:02 . 2008-01-03 13:03 <DIR> d-------- C:\Programmi\Jasc Software Inc
2008-01-02 22:44 . 2008-01-02 22:46 <DIR> d-------- C:\Programmi\SignSIS-GUI
2008-01-02 00:52 . 2008-01-02 00:52 3,623 --a------ C:\WINXP\iexplore.ini
2007-12-30 17:52 . 2007-12-30 17:52 <DIR> d-------- C:\Programmi\File comuni\DirectX
2007-12-30 17:46 . 2007-12-30 17:46 <DIR> d-------- C:\Programmi\CAPCOM
2007-12-29 21:55 . 2007-12-29 21:55 <DIR> d-------- C:\Programmi\SuperTV
2007-12-29 21:55 . 2007-12-29 21:55 <DIR> d-------- C:\Documents and Settings\RAFFAELE\Dati applicazioni\ppStream
2007-12-29 21:55 . 2007-09-12 16:43 597,160 --a------ C:\WINXP\system32\PSNetwork.dll
2007-12-29 21:55 . 2007-09-12 16:43 398,504 --a------ C:\WINXP\system32\PowerPlayer.dll
2007-12-29 21:55 . 2007-12-29 21:56 128 --a------ C:\WINXP\psnetwork.ini
2007-12-29 21:55 . 2007-12-29 21:56 93 --a------ C:\Iotmrd.sys
2007-12-29 21:38 . 2007-12-29 21:51 366 --a------ C:\WINXP\wTRTv5.ini
2007-12-29 21:37 . 2007-12-29 21:46 <DIR> d-------- C:\Programmi\worldTVRT
2007-12-29 21:30 . 2007-12-30 11:11 <DIR> d-------- C:\Programmi\ChrisTV PVR Standard
2007-12-29 21:30 . 2007-04-16 17:09 1,376 --a------ C:\WINXP\system32\ansi13.sys
2007-12-29 21:19 . 2007-12-29 21:19 231,478 --a------ C:\capt0001.bmp
2007-12-29 21:06 . 2007-12-29 21:06 230,454 --a------ C:\capt0000.bmp
2007-12-29 19:56 . 2007-12-29 19:57 <DIR> d-------- C:\Programmi\GlobeDigital
2007-12-29 19:56 . 2007-12-29 19:56 <DIR> d-------- C:\Documents and Settings\RAFFAELE\Dati applicazioni\GlobeDigital
2007-12-29 18:40 . 2002-09-27 07:53 9,856 --------- C:\WINXP\system32\drivers\pfc.sys
2007-12-29 18:39 . 2007-12-29 18:39 <DIR> d-------- C:\Programmi\File comuni\InterVideo
2007-12-29 17:29 . 2007-12-30 14:19 <DIR> d-------- C:\Programmi\ChrisTV Lite
2007-12-29 16:42 . 2001-12-10 18:42 204,800 --a------ C:\WINXP\system32\IVIresizeW7.dll
2007-12-29 16:42 . 2001-12-10 18:42 200,704 --a------ C:\WINXP\system32\IVIresizeA6.dll
2007-12-29 16:42 . 2001-12-10 18:42 192,512 --a------ C:\WINXP\system32\IVIresizeP6.dll
2007-12-29 16:42 . 2001-12-10 18:42 192,512 --a------ C:\WINXP\system32\IVIresizeM6.dll
2007-12-29 16:42 . 2001-12-10 18:42 188,416 --a------ C:\WINXP\system32\IVIresizePX.dll
2007-12-29 16:42 . 2001-12-10 18:42 20,480 --a------ C:\WINXP\system32\IVIresize.dll
2007-12-29 16:40 . 2007-12-29 16:40 921,632 --a------ C:\StiImg.dat
2007-12-29 16:25 . 2007-12-29 16:25 2,368 --a------ C:\WINXP\system32\SVKP.sys
2007-12-29 16:24 . 2007-12-29 19:07 <DIR> d-------- C:\Programmi\ChrisTV
2007-12-29 15:45 . 2002-10-23 13:48 26,880 --a------ C:\WINXP\system32\drivers\PhTVTune.sys
2007-12-29 15:21 . 2007-12-29 16:30 371,349 --a------ C:\WINXP\system32\drivers\BT848.sys
2007-12-29 13:07 . 2007-12-29 13:07 81,272 --a------ C:\WINXP\system32\drivers\cmdGuard.sys
2007-12-29 13:07 . 2007-12-29 13:07 23,672 --a------ C:\WINXP\system32\drivers\cmdhlp.sys
2007-12-28 16:29 . 2007-12-28 16:29 4,808 --a------ C:\WINXP\system32\gaeffect.sti
2007-12-28 16:29 . 2007-12-28 16:29 3,176 --a------ C:\WINXP\system32\gafilter.sti
2007-12-28 15:37 . 2008-01-06 12:19 419 --a------ C:\WINXP\ULEAD32.INI
2007-12-28 15:35 . 1999-10-15 12:50 1,056,768 --a------ C:\WINXP\system32\ROBOEX32.DLL
2007-12-27 23:58 . 2007-12-27 23:58 <DIR> d-------- C:\Programmi\MSN Messenger
2007-12-27 08:33 . 2007-12-27 23:26 <DIR> d-------- C:\Documents and Settings\RAFFAELE\Tracing
2007-12-26 10:27 . 2007-12-26 10:27 <DIR> d-------- C:\Programmi\Service Tuner
2007-12-26 10:07 . 2004-11-19 09:57 449,888 --a------ C:\WINXP\system32\CAP7134.SYS
2007-12-26 10:07 . 2004-11-19 09:57 19,616 --a------ C:\WINXP\system32\PHTVTUNE.SYS
2007-12-26 10:07 . 2004-11-19 09:57 11,247 --a------ C:\WINXP\system32\CAP7134.INF
2007-12-26 10:07 . 2004-11-19 09:57 9,172 --a------ C:\WINXP\system32\CAP7134.CAT
2007-12-26 10:07 . 2004-11-19 09:57 7,673 --a------ C:\WINXP\system32\PHTVTUNE.CAT
2007-12-26 10:07 . 2004-11-19 09:57 2,507 --a------ C:\WINXP\system32\PHTVTUNE.INF
2007-12-25 20:09 . 2007-12-29 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\InterVideo
2007-12-25 20:06 . 2002-10-23 13:46 423,008 --a------ C:\WINXP\system32\drivers\Cap7134.sys
2007-12-25 20:06 . 2002-10-23 13:52 90,112 --a------ C:\WINXP\system32\34dialog.dll
2007-12-25 20:06 . 2002-10-24 14:29 90,112 --a------ C:\WINXP\system32\34com.dll
2007-12-25 20:06 . 2002-10-23 13:51 73,728 --a------ C:\WINXP\system32\34dd.dll
2007-12-25 20:06 . 2002-10-23 13:49 32,768 --a------ C:\WINXP\system32\Prop7134.dll
2007-12-25 19:09 . 2004-08-03 23:10 38,016 --a------ C:\WINXP\system32\drivers\bthmodem.sys
2007-12-25 19:06 . 2004-08-19 15:25 274,944 --a------ C:\WINXP\system32\drivers\bthport.sys
2007-12-25 19:06 . 2004-08-19 15:39 153,600 --a------ C:\WINXP\system32\irftp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 15:06 --------- d-----w C:\Programmi\PeerGuardian2
2008-01-20 11:39 --------- d-----w C:\Programmi\Microsoft Baseline Security Analyzer 2
2008-01-20 10:26 --------- d-----w C:\Programmi\AdunanzA
2008-01-19 20:14 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\TeraCopy
2008-01-19 19:31 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\Corel
2008-01-18 16:27 --------- d-----w C:\Programmi\Mozilla Thunderbird
2008-01-17 06:34 --------- d-----w C:\Programmi\Sandboxie
2008-01-14 14:44 --------- d-----w C:\Programmi\Serials 2005
2008-01-12 12:11 139,008 ----a-w C:\WINXP\system32\guard32.dll.vir
2008-01-05 14:22 --------- d-----w C:\Programmi\WinPcap
2008-01-03 15:26 --------- d-----w C:\Programmi\Teleport Pro
2007-12-30 16:46 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-29 18:20 --------- d-----w C:\Programmi\InterVideo
2007-12-29 12:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Comodo
2007-12-29 12:07 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\Comodo
2007-12-28 15:34 --------- d-----w C:\Programmi\Ulead Systems
2007-12-28 14:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ulead Systems
2007-12-28 11:26 --------- d-----w C:\Programmi\Windows Live
2007-12-28 11:23 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-27 22:26 --------- d-----w C:\Programmi\Messenger Plus! Live
2007-12-26 21:04 --------- d-----w C:\Programmi\DOSBox-0.72
2007-12-26 11:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2007-12-26 00:51 --------- d-----w C:\Programmi\MessengerDiscovery
2007-12-24 01:04 --------- d-----w C:\Programmi\Clock Tray Skins
2007-12-23 19:27 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\uTorrent
2007-12-23 10:56 --------- d-----w C:\Programmi\PMsn Paraiso
2007-12-18 22:00 --------- d-----w C:\Programmi\Canon
2007-12-18 21:58 --------- d-----w C:\Programmi\File comuni\Canon
2007-12-18 11:43 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\Windows Live Writer
2007-12-17 20:15 --------- d-----w C:\Programmi\epson
2007-12-16 16:38 --------- d-----w C:\Programmi\Styler
2007-12-16 16:38 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\Styler
2007-12-15 13:46 --------- d-----w C:\Programmi\uTorrent
2007-12-13 21:29 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\InstallShield
2007-12-13 15:44 --------- d-----w C:\Programmi\Maxthon2
2007-12-08 15:00 --------- d-----w C:\Programmi\ReeBot
2007-12-08 13:54 --------- d-----w C:\Programmi\SmartFTP Client
2007-12-08 11:07 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\FileZilla
2007-12-05 20:30 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\SmartFTP
2007-12-05 16:13 74,752 ----a-w C:\WINXP\ST6UNST.EXE
2007-12-04 15:07 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\Sandbox
2007-12-04 14:56 --------- d-----w C:\Programmi\CONEXANT
2007-12-04 14:47 --------- d-----w C:\Programmi\innotek VirtualBox
2007-12-04 13:56 93,264 ----a-w C:\WINXP\system32\drivers\aswmon.sys
2007-12-04 13:55 94,544 ----a-w C:\WINXP\system32\drivers\aswmon2.sys
2007-12-04 13:53 23,152 ----a-w C:\WINXP\system32\drivers\aswRdr.sys
2007-12-04 13:51 42,912 ----a-w C:\WINXP\system32\drivers\aswTdi.sys
2007-12-04 13:49 26,624 ----a-w C:\WINXP\system32\drivers\aavmker4.sys
2007-12-04 12:04 837,496 ----a-w C:\WINXP\system32\aswBoot.exe
2007-12-04 11:54 95,608 ----a-w C:\WINXP\system32\AvastSS.scr
2007-12-01 17:06 --------- d-----w C:\Programmi\Free Desktop Clock
2007-11-30 22:13 --------- d-----w C:\Programmi\Mozilla Firefox 3 Beta 1
2007-11-30 14:50 737,280 ----a-w C:\WINXP\iun6002.exe
2007-11-30 14:50 --------- d-----w C:\Programmi\FireTune
2007-11-28 19:22 --------- d-----w C:\Documents and Settings\BABBO\Dati applicazioni\Comodo
2007-11-28 19:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2007-11-28 16:31 562 ---ha-w C:\os357577.bin
2007-11-28 16:26 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\Ulead Systems
2007-11-28 13:49 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\EPSON
2007-11-26 21:45 --------- d-----w C:\Programmi\HD Tune
2007-11-25 11:43 --------- d-----w C:\Programmi\VideoLAN
2007-11-24 15:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TechSmith
2007-11-24 14:46 5,659,648 ----a-w C:\WINXP\system32\logonuiX.exe
2007-11-24 11:46 163,712 ----a-w C:\WINXP\system32\drivers\vidstub.sys
2007-11-24 05:57 --------- d-----w C:\Programmi\Windows Live Writer
2007-11-23 15:45 65,536 ----a-w C:\WINXP\IFinst27.exe
2007-11-23 15:45 --------- d-----w C:\Programmi\Shock Utility
2007-11-23 15:16 --------- d-----w C:\Programmi\TeraCopy
2007-11-23 14:03 --------- d-----w C:\Programmi\Comodo
2007-11-22 22:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Creative
2007-11-22 20:51 --------- d-----w C:\Programmi\File comuni\stardock
2007-11-22 20:50 --------- d-----w C:\Programmi\Stardock
2007-11-22 20:49 --------- d-----w C:\Programmi\WinCustomize
2007-11-22 12:16 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\Media Player Classic
2007-11-22 06:38 --------- d-----w C:\Programmi\Windows Live Toolbar
2007-11-22 06:38 --------- d-----w C:\Programmi\Windows Live Favorites
2007-11-22 06:35 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2007-11-21 23:24 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Corel
2007-11-21 20:17 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\Publish Providers
2007-11-21 20:16 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\Sony
2007-11-21 20:10 --------- d-----w C:\Programmi\Total Video Converter
2007-11-21 20:05 --------- d-----w C:\Documents and Settings\BABBO\Dati applicazioni\Nero
2007-11-21 16:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2007-11-21 16:23 --------- d-----w C:\Programmi\K-Lite Codec Pack
2007-11-21 16:20 --------- d-----w C:\Programmi\Java
2007-11-21 16:18 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\Thunderbird
2007-11-21 15:28 --------- d-----w C:\Programmi\Windows Defender
2007-11-21 15:23 --------- d-----w C:\Programmi\Pro Imaging Powertoys
2007-11-21 15:15 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\Nero
2007-11-21 15:12 --------- d-----w C:\Programmi\File comuni\Nero
2007-11-21 15:09 --------- d-----w C:\Programmi\Nero
2007-11-21 15:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2007-11-21 15:08 --------- d-----w C:\Programmi\Microsoft CopyProfile
2007-11-21 15:01 --------- d-----w C:\Programmi\AutoPatcher
2007-11-21 14:57 --------- d-----w C:\Programmi\Acoustica CD Label Maker
2007-11-21 14:57 --------- d-----w C:\Documents and Settings\RAFFAELE\Dati applicazioni\Acoustica
2007-11-21 14:39 --------- d-----w C:\Programmi\Windows Media Connect 2
2007-11-21 12:29 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2007-11-21 12:17 685,816 ----a-w C:\WINXP\system32\drivers\sptd.sys
2007-11-20 16:16 --------- d-----w C:\Programmi\ieSpell
.
Codice: Seleziona tutto
<pre>
----a-w        10,011,784 2003-05-07 14:07:00  C:\Documenti\RAFFAELE\Programmi\Microsoft and 3rd Parts\Windows Media\WM Encoder (9 and above) .exe
</pre>



((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINXP\system32\ctfmon.exe" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~3\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"CoolSwitch"="C:\WINXP\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"EPSON Stylus DX4800 Series"="C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 04:00 98304]
"NvMediaCenter"="C:\WINXP\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"LogonStudio"="C:\Programmi\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 19:01 40960 C:\WINXP\system32\CTHELPER.EXE]
"UpdReg"="C:\WINXP\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-10-04 01:00 28672]
"CTStartup"="C:\Programmi\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00 28672]
"BootSkin Startup Jobs"="C:\PROGRA~3\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"PCSuiteTrayApplication"="C:\PROGRA~3\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 14:39 110592 C:\WINXP\system32\bthprops.cpl]
"COMODO Firewall Pro"="C:\Programmi\Comodo\Firewall\cfp.exe" [2007-12-29 13:07 1481472]
"WINSCHEDULER"="C:\PROGRA~3\INTERV~1\WinDVR\WINSCH~1.EXE" [2003-09-03 18:49 139264]
"WinRemote"="C:\Programmi\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 18:57 131072]
"WinDVR SchSvr"="C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe" [2003-06-06 17:52 151552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINXP\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-10-11 00:49 124928 C:\WINXP\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
InterVideo WinCinema Manager.lnk - C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-29 16:42:33 131072]
SnagIt 8.lnk - C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 11:11:48 6395464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"7G21B2J74A"= C:\WINXP\wisyst32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINXP\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Programmi\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-22 07:29 229376 C:\Programmi\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll C:\WINXP\system32\guard32.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^RAFFAELE^Menu Avvio^Programmi^Esecuzione automatica^Styler.lnk]
path=C:\Documents and Settings\RAFFAELE\Menu Avvio\Programmi\Esecuzione automatica\Styler.lnk
backup=C:\WINXP\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChrisTV Agent]
--a------ 2007-06-25 12:46 272896 C:\Programmi\ChrisTV PVR Standard\ChrisTV_Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 C:\Programmi\Windows Defender\MSASCui.exe

R0 hotcore3;hotcore3;C:\WINXP\system32\drivers\hotcore3.sys [2007-03-07 13:27]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINXP\system32\DRIVERS\cmdguard.sys [2007-12-29 13:07]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINXP\system32\DRIVERS\cmdhlp.sys [2007-12-29 13:07]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINXP\system32\DRIVERS\VBoxUSBMon.sys [2007-06-06 01:19]
R2 SVKP;SVKP;C:\WINXP\system32\SVKP.sys [2007-12-29 16:25]
R3 Cap7134;TV-Station (SAA7134Capture with MK3-Tuner);C:\WINXP\system32\DRIVERS\Cap7134.sys [2002-10-23 13:46]
R3 PAC207;SoC PC-Camer@;C:\WINXP\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
R3 PhTVTune;Philips WDM TVTuner;C:\WINXP\system32\DRIVERS\PhTVTune.sys [2002-10-23 13:48]
S1 VBoxDrv;VBoxDrv;C:\WINXP\system32\DRIVERS\VBoxUSBMon.sys [2007-06-06 01:19]
S2 713xTVCard;SAA7130 TV Card;C:\WINXP\system32\DRIVERS\SAA713x.sys [2005-03-15 12:00]
S2 BT848;Conexant's BtPCI WDM Video Capture;C:\WINXP\system32\DRIVERS\BT848.sys [2007-12-29 16:30]
S3 NPF;NetGroup Packet Filter Driver;C:\WINXP\system32\drivers\npf.sys [2007-01-25 18:31]
S3 usbscan;Driver scanner USB;C:\WINXP\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINXP\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-20 17:13:01 C:\WINXP\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 18:25:23
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run???????h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???6???\'3?????\??? ??? ???\???\???????????E?9~u?9~\???\?????????`??????C@?\???\??????s6???\??????s\???@'3?A??s@'3??C@?x???`|?w\?????@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINXP\system32\winlogon.exe
-> C:\WINXP\system32\guard32.dll

PROCESS: C:\WINXP\system32\winlogon.exe
-> C:\WINXP\system32\guard32.dll

PROCESS: C:\WINXP\system32\lsass.exe [5.01.2600.2180]
-> C:\WINXP\system32\guard32.dll

PROCESS: C:\WINXP\Explorer.EXE [6.00.2900.3156]
-> C:\WINXP\system32\guard32.dll
.
Ora fine scansione: 2008-01-20 18:28:05
.
2008-01-09 12:48:37 --- E O F ---


**EDIT-II**

I programmi adesso funzionano, pare che tutto sia risolto... Grazie per i preziosi software consigliati [^].
Powered by AMD Athlon II X2 3 Ghz | Geforce 8300 | 2 gb DDR-2 1000 Mhz | 300 Gb ATA-100 | Via HD Audio | Windows Seven x64 / OpenSUSE 11
Avatar utente
RaFFoLo
Silver Member
Silver Member
 
Messaggi: 1144
Iscritto il: dom ago 19, 2007 3:16 pm
Località: "(Un)eXPerienced Land"


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising