StewieBS
17-02-2009, 23:35
:help:
Ciao, premetto che non sono un "genio del pc", quindi spero di fare le cose correttamente come riportato nella guida e soprattutto in maniera chiara, in modo da trovare risposta al mio problema
PROBLEMA
Mi si aprono da sole e senza preavviso pagine internet quali questa:
http://dorm.dormitory.com/index24.html
Accade mentre navigo o avendo anche aperta una pagina normalissima di internet e tenendola sulla barra desktop...Premetto che ho già fatto la scansione con Antivir e Adware ma non è cambiato nulla...
ANALISI LOG
HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:11 , on 17/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Wireless Console 2\wcourier.exe
C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\ASUS\Splendid\ACMON.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\VnrPack\VnrPack24.exe
C:\Programmi\GetPack\GetPack30.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Java\jre6\launch4j-tmp\JDownloader.exe
D:\Programmi\AutoCAD 2008\acad.exe
C:\DOCUME~1\Mauro\IMPOST~1\Temp\AdskCleanup.0001
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Utilities Diagnosi Virus, Spyware ecc\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Programmi\WebShow\WebShow.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Programmi\Mjcore\Mjcore.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Wireless Console 2] C:\Programmi\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Programmi\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Mauro\Dati applicazioni\cogad\cogad.exe" 61A847B5BBF7281036933A466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [VnrPack24] "C:\Programmi\VnrPack\VnrPack24.exe"
O4 - HKCU\..\Run: [GetPack30] "C:\Programmi\GetPack\GetPack30.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233417864656
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 10986 bytes
MALWAREBYTES:
Malwarebytes' Anti-Malware 1.34
Versione del database: 1771
Windows 5.1.2600 Service Pack 3
18/02/2009 0.02.28
mbam-log-2009-02-18 (00-02-28).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 146939
Tempo trascorso: 26 minute(s), 36 second(s)
Processi delle memoria infetti: 2
Moduli della memoria infetti: 0
Chiavi di registro infette: 22
Valori di registro infetti: 3
Elementi dato del registro infetti: 0
Cartelle infette: 6
File infetti: 9
Processi delle memoria infetti:
C:\Programmi\VnrPack\VnrPack24.exe (Adware.SpeedMonitor) -> Unloaded process successfully.
C:\Programmi\GetPack\GetPack30.exe (Trojan.Agent) -> Unloaded process successfully.
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.
Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrpack24 (Adware.SpeedMonitor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack30 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cogad (Trojan.Agent) -> Quarantined and deleted successfully.
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
C:\Documents and Settings\LocalService\Dati applicazioni\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mauro\Dati applicazioni\cogad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmi\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
File infetti:
C:\Programmi\VnrPack\VnrPack24.exe (Adware.SpeedMonitor) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Dati applicazioni\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Dati applicazioni\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Programmi\GetPack\GetPack30.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\VnrPack\trgts.gz (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmi\VnrPack\dicts.gz (Adware.Agent) -> Quarantined and deleted successfully.
A-SQUARRED:
-squared Free - Versione 4.0
Ultimo aggiornamento: 17/02/2009 23.33.02
Impostazioni scansione:
Oggetti: Memoria, Tracce, Cookies, C:\, D:\
Archivio scansioni: On
Scientifico: On
ADS Scan: On
Scansione avviata: 17/02/2009 23.33.51
[1456] C:\Programmi\VnrPack\VnrPack24.exe rilevati: AdWare.SpeedMonitor!IK
[1512] C:\Programmi\GetPack\GetPack30.exe rilevati: AdWare.SpeedMonitor!IK
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies --> {645FF040-5081-101B-9F08-00AA002F954E} rilevati: Trace.Registry.Command Service!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies --> {6BF52A52-394A-11D3-B153-00C04F79FAA6} rilevati: Trace.Registry.Command Service!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum --> 0 rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum --> Count rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum --> NextInstance rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Security --> Security rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> DisplayName rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> ErrorControl rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> ObjectName rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> Start rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> Type rilevati: Trace.Registry.NetMon!A2
C:\Documents and Settings\Mauro\Cookies\mauro@doubleclick[1].txt rilevati: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adtech[1].txt rilevati: Trace.TrackingCookie.adtech!A2
C:\Documents and Settings\Mauro\Cookies\mauro@bs.serving-sys[1].txt rilevati: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@serving-sys[2].txt rilevati: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[2].txt rilevati: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[2].txt rilevati: Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media6degrees[2].txt rilevati: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@zedo[2].txt rilevati: Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\Mauro\Cookies\mauro@zedo[1].txt rilevati: Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media6degrees[4].txt rilevati: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adtech[2].txt rilevati: Trace.TrackingCookie.adtech!A2
C:\Documents and Settings\Mauro\Cookies\mauro@cms.trafficmp[1].txt rilevati: Trace.TrackingCookie.cms!A2
C:\Documents and Settings\Mauro\Cookies\mauro@2o7[2].txt rilevati: Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\Mauro\Cookies\mauro@doubleclick[2].txt rilevati: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[3].txt rilevati: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[3].txt rilevati: Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Mauro\Cookies\mauro@hitbox[2].txt rilevati: Trace.TrackingCookie.hitbox!A2
C:\Documents and Settings\Mauro\Cookies\mauro@bluestreak[2].txt rilevati: Trace.TrackingCookie.bluestreak!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media6degrees[1].txt rilevati: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media.intelia[1].txt rilevati: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@tradedoubler[1].txt rilevati: Trace.TrackingCookie.tradedoubler!A2
C:\Documents and Settings\Mauro\Cookies\mauro@atdmt[2].txt rilevati: Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Mauro\Cookies\mauro@bs.serving-sys[2].txt rilevati: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@mediatraffic[2].txt rilevati: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@serving-sys[1].txt rilevati: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[4].txt rilevati: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[4].txt rilevati: Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Mauro\Cookies\mauro@com[1].txt rilevati: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Mauro\Cookies\mauro@revenue[2].txt rilevati: Trace.TrackingCookie.revenue!A2
C:\Documents and Settings\Mauro\Cookies\mauro@mediaplex[1].txt rilevati: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@mediaplex[1].txt rilevati: Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\Mauro\Cookies\mauro@statse.webtrendslive[1].txt rilevati: Trace.TrackingCookie.statse.webtrendslive!A2
C:\Documents and Settings\Mauro\Documenti\Mauro\Cavolate\chenoia.exe rilevati: Riskware.Joke.Langeweile!IK
C:\System Volume Information\_restore{2A72F87E-9980-4D8C-B739-5538008BCCDC}\RP53\A0012257.dll rilevati: Win32.SuspectCrc!IK
D:\Programmi\Photoshop\Crack\disable_activation.cmd rilevati: Riskware.patch.Adobe!IK
Scansionati
Files: 172287
Tracce: 614748
Cookies: 193
Processi: 62
Rilevato
Files: 3
Tracce: 11
Cookies: 32
Processi: 2
Chiavi di registro: 0
Fine scansione: 18/02/2009 0.26.53
Tempo scansione: 0:53:02
D:\Programmi\Photoshop\Crack\disable_activation.cmd In quarantena Riskware.patch.Adobe!IK
C:\System Volume Information\_restore{2A72F87E-9980-4D8C-B739-5538008BCCDC}\RP53\A0012257.dll In quarantena Win32.SuspectCrc!IK
C:\Documents and Settings\Mauro\Documenti\Mauro\Cavolate\chenoia.exe In quarantena Riskware.Joke.Langeweile!IK
C:\Documents and Settings\Mauro\Cookies\mauro@statse.webtrendslive[1].txt In quarantena Trace.TrackingCookie.statse.webtrendslive!A2
C:\Documents and Settings\Mauro\Cookies\mauro@mediaplex[1].txt In quarantena Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\Mauro\Cookies\mauro@revenue[2].txt In quarantena Trace.TrackingCookie.revenue!A2
C:\Documents and Settings\Mauro\Cookies\mauro@com[1].txt In quarantena Trace.TrackingCookie.com!A2
C:\Documents and Settings\Mauro\Cookies\mauro@atdmt[2].txt In quarantena Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Mauro\Cookies\mauro@tradedoubler[1].txt In quarantena Trace.TrackingCookie.tradedoubler!A2
C:\Documents and Settings\Mauro\Cookies\mauro@bluestreak[2].txt In quarantena Trace.TrackingCookie.bluestreak!A2
C:\Documents and Settings\Mauro\Cookies\mauro@hitbox[2].txt In quarantena Trace.TrackingCookie.hitbox!A2
C:\Documents and Settings\Mauro\Cookies\mauro@2o7[2].txt In quarantena Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\Mauro\Cookies\mauro@cms.trafficmp[1].txt In quarantena Trace.TrackingCookie.cms!A2
C:\Documents and Settings\Mauro\Cookies\mauro@zedo[2].txt In quarantena Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\Mauro\Cookies\mauro@zedo[1].txt In quarantena Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media6degrees[2].txt In quarantena Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media6degrees[4].txt In quarantena Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media6degrees[1].txt In quarantena Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media.intelia[1].txt In quarantena Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@mediatraffic[2].txt In quarantena Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@mediaplex[1].txt In quarantena Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[2].txt In quarantena Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[3].txt In quarantena Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[4].txt In quarantena Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[2].txt In quarantena Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[3].txt In quarantena Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[4].txt In quarantena Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Mauro\Cookies\mauro@serving-sys[2].txt In quarantena Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@serving-sys[1].txt In quarantena Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@bs.serving-sys[1].txt In quarantena Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@bs.serving-sys[2].txt In quarantena Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adtech[1].txt In quarantena Trace.TrackingCookie.adtech!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adtech[2].txt In quarantena Trace.TrackingCookie.adtech!A2
C:\Documents and Settings\Mauro\Cookies\mauro@doubleclick[1].txt In quarantena Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Mauro\Cookies\mauro@doubleclick[2].txt In quarantena Trace.TrackingCookie.doubleclick!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum --> 0 In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum --> Count In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum --> NextInstance In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Security --> Security In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> DisplayName In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> ErrorControl In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> ObjectName In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> Start In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> Type In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies --> {645FF040-5081-101B-9F08-00AA002F954E} In quarantena Trace.Registry.Command Service!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies --> {6BF52A52-394A-11D3-B153-00C04F79FAA6} In quarantena Trace.Registry.Command Service!A2
[1456] C:\Programmi\VnrPack\VnrPack24.exe In quarantena AdWare.SpeedMonitor!IK
[1512] C:\Programmi\GetPack\GetPack30.exe In quarantena AdWare.SpeedMonitor!IK
In quarantena
Files: 3
Tracce: 11
Cookies: 32
Spero che qualcuno possa aiutarmi...
Intanto grazie a tutti coloro che leggono...
p.s: è stata eseguita correttamente la richiesta? giusto per migliorarmi!
Ciao, premetto che non sono un "genio del pc", quindi spero di fare le cose correttamente come riportato nella guida e soprattutto in maniera chiara, in modo da trovare risposta al mio problema
PROBLEMA
Mi si aprono da sole e senza preavviso pagine internet quali questa:
http://dorm.dormitory.com/index24.html
Accade mentre navigo o avendo anche aperta una pagina normalissima di internet e tenendola sulla barra desktop...Premetto che ho già fatto la scansione con Antivir e Adware ma non è cambiato nulla...
ANALISI LOG
HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:11 , on 17/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Wireless Console 2\wcourier.exe
C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\ASUS\Splendid\ACMON.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\VnrPack\VnrPack24.exe
C:\Programmi\GetPack\GetPack30.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Java\jre6\launch4j-tmp\JDownloader.exe
D:\Programmi\AutoCAD 2008\acad.exe
C:\DOCUME~1\Mauro\IMPOST~1\Temp\AdskCleanup.0001
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Utilities Diagnosi Virus, Spyware ecc\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Programmi\WebShow\WebShow.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Programmi\Mjcore\Mjcore.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Wireless Console 2] C:\Programmi\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Programmi\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Programmi\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Mauro\Dati applicazioni\cogad\cogad.exe" 61A847B5BBF7281036933A466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [VnrPack24] "C:\Programmi\VnrPack\VnrPack24.exe"
O4 - HKCU\..\Run: [GetPack30] "C:\Programmi\GetPack\GetPack30.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233417864656
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 10986 bytes
MALWAREBYTES:
Malwarebytes' Anti-Malware 1.34
Versione del database: 1771
Windows 5.1.2600 Service Pack 3
18/02/2009 0.02.28
mbam-log-2009-02-18 (00-02-28).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 146939
Tempo trascorso: 26 minute(s), 36 second(s)
Processi delle memoria infetti: 2
Moduli della memoria infetti: 0
Chiavi di registro infette: 22
Valori di registro infetti: 3
Elementi dato del registro infetti: 0
Cartelle infette: 6
File infetti: 9
Processi delle memoria infetti:
C:\Programmi\VnrPack\VnrPack24.exe (Adware.SpeedMonitor) -> Unloaded process successfully.
C:\Programmi\GetPack\GetPack30.exe (Trojan.Agent) -> Unloaded process successfully.
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.
Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrpack24 (Adware.SpeedMonitor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack30 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cogad (Trojan.Agent) -> Quarantined and deleted successfully.
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
C:\Documents and Settings\LocalService\Dati applicazioni\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mauro\Dati applicazioni\cogad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmi\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
File infetti:
C:\Programmi\VnrPack\VnrPack24.exe (Adware.SpeedMonitor) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Dati applicazioni\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Dati applicazioni\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Programmi\GetPack\GetPack30.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\VnrPack\trgts.gz (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmi\VnrPack\dicts.gz (Adware.Agent) -> Quarantined and deleted successfully.
A-SQUARRED:
-squared Free - Versione 4.0
Ultimo aggiornamento: 17/02/2009 23.33.02
Impostazioni scansione:
Oggetti: Memoria, Tracce, Cookies, C:\, D:\
Archivio scansioni: On
Scientifico: On
ADS Scan: On
Scansione avviata: 17/02/2009 23.33.51
[1456] C:\Programmi\VnrPack\VnrPack24.exe rilevati: AdWare.SpeedMonitor!IK
[1512] C:\Programmi\GetPack\GetPack30.exe rilevati: AdWare.SpeedMonitor!IK
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies --> {645FF040-5081-101B-9F08-00AA002F954E} rilevati: Trace.Registry.Command Service!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies --> {6BF52A52-394A-11D3-B153-00C04F79FAA6} rilevati: Trace.Registry.Command Service!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum --> 0 rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum --> Count rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum --> NextInstance rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Security --> Security rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> DisplayName rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> ErrorControl rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> ObjectName rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> Start rilevati: Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> Type rilevati: Trace.Registry.NetMon!A2
C:\Documents and Settings\Mauro\Cookies\mauro@doubleclick[1].txt rilevati: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adtech[1].txt rilevati: Trace.TrackingCookie.adtech!A2
C:\Documents and Settings\Mauro\Cookies\mauro@bs.serving-sys[1].txt rilevati: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@serving-sys[2].txt rilevati: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[2].txt rilevati: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[2].txt rilevati: Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media6degrees[2].txt rilevati: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@zedo[2].txt rilevati: Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\Mauro\Cookies\mauro@zedo[1].txt rilevati: Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media6degrees[4].txt rilevati: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adtech[2].txt rilevati: Trace.TrackingCookie.adtech!A2
C:\Documents and Settings\Mauro\Cookies\mauro@cms.trafficmp[1].txt rilevati: Trace.TrackingCookie.cms!A2
C:\Documents and Settings\Mauro\Cookies\mauro@2o7[2].txt rilevati: Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\Mauro\Cookies\mauro@doubleclick[2].txt rilevati: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[3].txt rilevati: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[3].txt rilevati: Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Mauro\Cookies\mauro@hitbox[2].txt rilevati: Trace.TrackingCookie.hitbox!A2
C:\Documents and Settings\Mauro\Cookies\mauro@bluestreak[2].txt rilevati: Trace.TrackingCookie.bluestreak!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media6degrees[1].txt rilevati: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media.intelia[1].txt rilevati: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@tradedoubler[1].txt rilevati: Trace.TrackingCookie.tradedoubler!A2
C:\Documents and Settings\Mauro\Cookies\mauro@atdmt[2].txt rilevati: Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Mauro\Cookies\mauro@bs.serving-sys[2].txt rilevati: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@mediatraffic[2].txt rilevati: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@serving-sys[1].txt rilevati: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[4].txt rilevati: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[4].txt rilevati: Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Mauro\Cookies\mauro@com[1].txt rilevati: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Mauro\Cookies\mauro@revenue[2].txt rilevati: Trace.TrackingCookie.revenue!A2
C:\Documents and Settings\Mauro\Cookies\mauro@mediaplex[1].txt rilevati: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@mediaplex[1].txt rilevati: Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\Mauro\Cookies\mauro@statse.webtrendslive[1].txt rilevati: Trace.TrackingCookie.statse.webtrendslive!A2
C:\Documents and Settings\Mauro\Documenti\Mauro\Cavolate\chenoia.exe rilevati: Riskware.Joke.Langeweile!IK
C:\System Volume Information\_restore{2A72F87E-9980-4D8C-B739-5538008BCCDC}\RP53\A0012257.dll rilevati: Win32.SuspectCrc!IK
D:\Programmi\Photoshop\Crack\disable_activation.cmd rilevati: Riskware.patch.Adobe!IK
Scansionati
Files: 172287
Tracce: 614748
Cookies: 193
Processi: 62
Rilevato
Files: 3
Tracce: 11
Cookies: 32
Processi: 2
Chiavi di registro: 0
Fine scansione: 18/02/2009 0.26.53
Tempo scansione: 0:53:02
D:\Programmi\Photoshop\Crack\disable_activation.cmd In quarantena Riskware.patch.Adobe!IK
C:\System Volume Information\_restore{2A72F87E-9980-4D8C-B739-5538008BCCDC}\RP53\A0012257.dll In quarantena Win32.SuspectCrc!IK
C:\Documents and Settings\Mauro\Documenti\Mauro\Cavolate\chenoia.exe In quarantena Riskware.Joke.Langeweile!IK
C:\Documents and Settings\Mauro\Cookies\mauro@statse.webtrendslive[1].txt In quarantena Trace.TrackingCookie.statse.webtrendslive!A2
C:\Documents and Settings\Mauro\Cookies\mauro@mediaplex[1].txt In quarantena Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\Mauro\Cookies\mauro@revenue[2].txt In quarantena Trace.TrackingCookie.revenue!A2
C:\Documents and Settings\Mauro\Cookies\mauro@com[1].txt In quarantena Trace.TrackingCookie.com!A2
C:\Documents and Settings\Mauro\Cookies\mauro@atdmt[2].txt In quarantena Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Mauro\Cookies\mauro@tradedoubler[1].txt In quarantena Trace.TrackingCookie.tradedoubler!A2
C:\Documents and Settings\Mauro\Cookies\mauro@bluestreak[2].txt In quarantena Trace.TrackingCookie.bluestreak!A2
C:\Documents and Settings\Mauro\Cookies\mauro@hitbox[2].txt In quarantena Trace.TrackingCookie.hitbox!A2
C:\Documents and Settings\Mauro\Cookies\mauro@2o7[2].txt In quarantena Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\Mauro\Cookies\mauro@cms.trafficmp[1].txt In quarantena Trace.TrackingCookie.cms!A2
C:\Documents and Settings\Mauro\Cookies\mauro@zedo[2].txt In quarantena Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\Mauro\Cookies\mauro@zedo[1].txt In quarantena Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media6degrees[2].txt In quarantena Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media6degrees[4].txt In quarantena Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media6degrees[1].txt In quarantena Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@media.intelia[1].txt In quarantena Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@mediatraffic[2].txt In quarantena Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@mediaplex[1].txt In quarantena Trace.TrackingCookie.media!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[2].txt In quarantena Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[3].txt In quarantena Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[4].txt In quarantena Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[2].txt In quarantena Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[3].txt In quarantena Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adserver.hwupgrade[4].txt In quarantena Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Mauro\Cookies\mauro@serving-sys[2].txt In quarantena Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@serving-sys[1].txt In quarantena Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@bs.serving-sys[1].txt In quarantena Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@bs.serving-sys[2].txt In quarantena Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adtech[1].txt In quarantena Trace.TrackingCookie.adtech!A2
C:\Documents and Settings\Mauro\Cookies\mauro@adtech[2].txt In quarantena Trace.TrackingCookie.adtech!A2
C:\Documents and Settings\Mauro\Cookies\mauro@doubleclick[1].txt In quarantena Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Mauro\Cookies\mauro@doubleclick[2].txt In quarantena Trace.TrackingCookie.doubleclick!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum --> 0 In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum --> Count In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum --> NextInstance In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Security --> Security In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> DisplayName In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> ErrorControl In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> ObjectName In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> Start In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor --> Type In quarantena Trace.Registry.NetMon!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies --> {645FF040-5081-101B-9F08-00AA002F954E} In quarantena Trace.Registry.Command Service!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies --> {6BF52A52-394A-11D3-B153-00C04F79FAA6} In quarantena Trace.Registry.Command Service!A2
[1456] C:\Programmi\VnrPack\VnrPack24.exe In quarantena AdWare.SpeedMonitor!IK
[1512] C:\Programmi\GetPack\GetPack30.exe In quarantena AdWare.SpeedMonitor!IK
In quarantena
Files: 3
Tracce: 11
Cookies: 32
Spero che qualcuno possa aiutarmi...
Intanto grazie a tutti coloro che leggono...
p.s: è stata eseguita correttamente la richiesta? giusto per migliorarmi!