|
|||||||
|
|
|
 |
|
|
Strumenti |
04-11-2007, 21:55
|
#41 |
|
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
Bene qualcosa ha eliminato, ma non tutte le cose che ci sono nel log di HJT.
Proviamo cosi: ESET AGVPFIX: clicca qui per il download Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, individua, rimuove e eventuali Win32/Agent.VP trojan fai una scansione online con BitDefender: clicca qui per fare la scansione alla fire allega il report di BITDEFENDER e un nuovo log di HJT. grazie |
|
|
|
04-11-2007, 22:12
|
#42 | |
|
Member
Iscritto dal: Nov 2007
Messaggi: 60
|
Quote:
...grazie...ora devo staccare...proverò domani... |
|
|
|
|
|
05-11-2007, 20:08
|
#43 |
|
Member
Iscritto dal: Nov 2007
Messaggi: 60
|
nuovo log
Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.04.51, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Eset\nod32kui.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Prevx2\PXConsole.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Secunia\PSI (BETA)\PSI.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Prevx2\PXAgent.exe
C:\OPLIMIT\ocrawr32.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\RunServices: [5470B5AD] C:\WINDOWS\System32\bfsrcfuqzvv.exe
O4 - HKLM\..\RunServices: [Microsoft Config 32bit] mscnfg32.exe
O4 - HKLM\..\RunServices: [eMpyggdcxeqbsvu]iul] C:\WINDOWS\System32\wqwddgshbyk.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserver.exe
O4 - HKLM\..\RunServices: [Microsofts MediaScope] winmep.exe
O4 - HKLM\..\RunServices: [runs] run.exe
O4 - HKLM\..\RunServices: [Microsoft Winsocks 32 Controller] MSWSCK32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [MS Sound Config 16bit] sndcfg16.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msn] msnmsgr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Media Player] msams.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NAV Auto Updates] slserver.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [runs] run.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Winsocks 32 Controller] MSWSCK32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MS Sound Config 16bit] sndcfg16.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Secunia PSI (BETA).lnk = C:\Programmi\Secunia\PSI (BETA)\PSI.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PCSuiteperNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteperNokia6600 TS.lnk = ?
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/free
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188026884343
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://www.cartografia.regione.lombardia.it/include/ecwplugins/ncs.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - http://aiuto.alice.it/ata/static/installers/WebflowActiveXInstaller_4-1-5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O18 - Filter hijack: text/html - {6BD38549-7FC8-4B13-8C25-DA3097D1B296} - (no file)
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 13902 bytes
|
|
|
|
|
05-11-2007, 20:12
|
#44 |
|
Member
Iscritto dal: Nov 2007
Messaggi: 60
|
report bitdefender
.
|
|
|
|
|
05-11-2007, 20:18
|
#45 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28864
|
sembrerebbe il classico zippone trasmesso via msn
Ultima modifica di juninho85 : 05-11-2007 alle 20:25. |
|
|
|
|
05-11-2007, 20:24
|
#46 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28864
|
prova ad eseguire avenger con il seguente script
Quote:
|
|
|
|
|
|
05-11-2007, 20:26
|
#47 | |
|
Member
Iscritto dal: Nov 2007
Messaggi: 60
|
Quote:
|
|
|
|
|
|
05-11-2007, 21:26
|
#48 |
|
Member
Iscritto dal: Nov 2007
Messaggi: 60
|
postaci il relativo log a pulizia effettuata assieme allo scan di gmer,con spunte su file,system e registry[/quote]
..ho fatto la pulizia con avenger ma non ho potuto salvare il log.......che prog è gmer? grazie |
|
|
|
|
05-11-2007, 21:37
|
#49 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28864
|
il log dovresti trovarlo su c:\avenger,è un file .txt.
gmer è un programma adatto principalmente per scovare eventuali rootkit |
|
|
|
|
05-11-2007, 21:42
|
#50 |
|
Member
Iscritto dal: Nov 2007
Messaggi: 60
|
log avenger
Codice:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ormsrslc ******************* Script file located at: \??\C:\WINDOWS\agmowbwi.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\sndcfg16.exe not found! Deletion of file C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\sndcfg16.exe failed! Could not process line: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\sndcfg16.exe Status: 0xc0000034 File C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\mscnfg32.exe not found! Deletion of file C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\mscnfg32.exe failed! Could not process line: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\mscnfg32.exe Status: 0xc0000034 File C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\slserver.exe not found! Deletion of file C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\slserver.exe failed! Could not process line: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\slserver.exe Status: 0xc0000034 File C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\winmep.exe not found! Deletion of file C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\winmep.exe failed! Could not process line: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\winmep.exe Status: 0xc0000034 File C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\run.exe not found! Deletion of file C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\run.exe failed! Could not process line: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\run.exe Status: 0xc0000034 File C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\MSWSCK32.exe not found! Deletion of file C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\MSWSCK32.exe failed! Could not process line: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\MSWSCK32.exe Status: 0xc0000034 File C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\msnmsgr.exe not found! Deletion of file C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\msnmsgr.exe failed! Could not process line: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\msnmsgr.exe Status: 0xc0000034 File C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\msams.exe not found! Deletion of file C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\msams.exe failed! Could not process line: C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\msams.exe Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
05-11-2007, 21:46
|
#51 | ||
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28864
|
questa parte:
Quote:
aggiungici anche questo: Quote:
Ultima modifica di juninho85 : 05-11-2007 alle 21:51. |
||
|
|
|
|
05-11-2007, 21:48
|
#52 | |
|
Member
Iscritto dal: Nov 2007
Messaggi: 60
|
Quote:
|
|
|
|
|
|
05-11-2007, 21:50
|
#53 |
|
Member
Iscritto dal: Nov 2007
Messaggi: 60
|
scusa.....
 ....avenger l'ho fatto in 2 tempi....quello che mi hai chiesto è stato fatto nel 2°....
|
|
|
|
|
05-11-2007, 22:10
|
#54 |
|
Member
Iscritto dal: Nov 2007
Messaggi: 60
|
gmer: ti allego il log.
..è incompleto perchè ad un certo punto la scansione semprava in loop
 ...l'ho bloccata....resto in attesa....Codice HTML:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-05 23:08:02
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT pxfsf.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT pxfsf.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT pxfsf.sys ZwCreatePort
SSDT pxfsf.sys ZwCreateProcess
SSDT pxfsf.sys ZwCreateProcessEx
SSDT pxfsf.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT pxfsf.sys ZwDeleteFile
SSDT pxfsf.sys ZwDeleteKey
SSDT pxfsf.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT pxfsf.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT pxfsf.sys ZwLoadDriver
SSDT pxfsf.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT pxfsf.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT pxfsf.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT pxfsf.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT pxfsf.sys ZwReplaceKey
SSDT pxfsf.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT pxfsf.sys ZwSetContextThread
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT pxfsf.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT pxfsf.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT pxfsf.sys ZwWriteVirtualMemory
---- Registry - GMER 1.0.13 ----
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.13 ----
|
|
|
|
|
05-11-2007, 22:19
|
#55 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28864
|
lascialo andare,c'hai un putanun nel tuo pc e ti stupisci che ci mette un casino di tempo?!
|
|
|
|
|
06-11-2007, 12:24
|
#56 |
|
Member
Iscritto dal: Nov 2007
Messaggi: 60
|
log gmer
Codice:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-06 13:15:51
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT pxfsf.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT pxfsf.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT pxfsf.sys ZwCreatePort
SSDT pxfsf.sys ZwCreateProcess
SSDT pxfsf.sys ZwCreateProcessEx
SSDT pxfsf.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT pxfsf.sys ZwDeleteFile
SSDT pxfsf.sys ZwDeleteKey
SSDT pxfsf.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT pxfsf.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT pxfsf.sys ZwLoadDriver
SSDT pxfsf.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT pxfsf.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT pxfsf.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT pxfsf.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT pxfsf.sys ZwReplaceKey
SSDT pxfsf.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT pxfsf.sys ZwSetContextThread
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT pxfsf.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT pxfsf.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT pxfsf.sys ZwWriteVirtualMemory
---- Registry - GMER 1.0.13 ----
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- Files - GMER 1.0.13 ----
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\alex27mira@hotmail.it\DFSR\Staging\CS{CA2B59DA-0A3F-23AB-9A9C-6F281917664F}\01\29-{CA2B59DA-0A3F-23AB-9A9C-6F281917664F}-v1-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\alex27mira@hotmail.it\DFSR\Staging\CS{CA2B59DA-0A3F-23AB-9A9C-6F281917664F}\13\13-{8062FFC0-B45C-47EA-8679-453E257A7872}-v13-{8062FFC0-B45C-47EA-8679-453E257A7872}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\alex27mira@hotmail.it\DFSR\Staging\CS{CA2B59DA-0A3F-23AB-9A9C-6F281917664F}\13\13-{8062FFC0-B45C-47EA-8679-453E257A7872}-v13-{8062FFC0-B45C-47EA-8679-453E257A7872}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\alex27mira@hotmail.it\DFSR\Staging\CS{CA2B59DA-0A3F-23AB-9A9C-6F281917664F}\14\14-{8062FFC0-B45C-47EA-8679-453E257A7872}-v14-{8062FFC0-B45C-47EA-8679-453E257A7872}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\alex27mira@hotmail.it\DFSR\Staging\CS{CA2B59DA-0A3F-23AB-9A9C-6F281917664F}\31\47-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v31-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\alex27mira@hotmail.it\DFSR\Staging\CS{CA2B59DA-0A3F-23AB-9A9C-6F281917664F}\31\47-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v31-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\alex27mira@hotmail.it\DFSR\Staging\CS{CA2B59DA-0A3F-23AB-9A9C-6F281917664F}\31\47-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v31-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\alex27mira@hotmail.it\DFSR\Staging\CS{CA2B59DA-0A3F-23AB-9A9C-6F281917664F}\49\49-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v49-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\alex27mira@hotmail.it\DFSR\Staging\CS{CA2B59DA-0A3F-23AB-9A9C-6F281917664F}\49\49-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v49-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\fed__e91@hotmail.it\DFSR\Staging\CS{5122120B-D6A8-E4C3-D617-005C7D451894}\01\10-{5122120B-D6A8-E4C3-D617-005C7D451894}-v1-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\fed__e91@hotmail.it\DFSR\Staging\CS{5122120B-D6A8-E4C3-D617-005C7D451894}\32\32-{A0538593-E410-44C9-909F-E5F655DB4F28}-v32-{A0538593-E410-44C9-909F-E5F655DB4F28}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\fed__e91@hotmail.it\DFSR\Staging\CS{5122120B-D6A8-E4C3-D617-005C7D451894}\32\32-{A0538593-E410-44C9-909F-E5F655DB4F28}-v32-{A0538593-E410-44C9-909F-E5F655DB4F28}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\fed__e91@hotmail.it\DFSR\Staging\CS{5122120B-D6A8-E4C3-D617-005C7D451894}\32\32-{A0538593-E410-44C9-909F-E5F655DB4F28}-v32-{A0538593-E410-44C9-909F-E5F655DB4F28}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\gingerlolita17@hotmail.it\DFSR\Staging\CS{B0BA5B44-BB93-E2A0-9414-F4CF724D561F}\01\48-{B0BA5B44-BB93-E2A0-9414-F4CF724D561F}-v1-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\01\11-{0FD25496-5C0D-815C-E855-96501A09FDBE}-v1-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\12\12-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v12-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\12\12-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v12-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\12\12-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v12-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\16\16-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v16-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\16\16-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v16-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\16\16-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v16-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\17\17-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v17-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\17\17-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v17-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\20\20-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v20-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\20\20-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v20-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\20\20-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v20-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\25\25-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v25-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\25\25-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v25-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\26\26-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v26-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\26\26-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v26-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\26\26-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v26-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\28\28-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v28-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\ivniva@hotmail.com\DFSR\Staging\CS{0FD25496-5C0D-815C-E855-96501A09FDBE}\28\28-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v28-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\molt87@hotmail.it\DFSR\Staging\CS{0211E3F9-3CD0-6A74-9EDC-7837D0B1B377}\01\32-{0211E3F9-3CD0-6A74-9EDC-7837D0B1B377}-v1-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\mrcrow@hotmail.it\DFSR\Staging\CS{CE78E04A-9D3C-49D8-803D-645FAE6B096B}\01\50-{CE78E04A-9D3C-49D8-803D-645FAE6B096B}-v1-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\mrcrow@hotmail.it\DFSR\Staging\CS{CE78E04A-9D3C-49D8-803D-645FAE6B096B}\40\141-{6F03EC64-F7BA-4CA9-AC13-1EF722BC744F}-v140-{6F03EC64-F7BA-4CA9-AC13-1EF722BC744F}-v141-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\edo.o@hotmail.it\SharingMetadata\zippozappo@hotmail.it\DFSR\Staging\CS{8C19B815-9651-D7FC-1A07-AE534E1541D7}\01\38-{8C19B815-9651-D7FC-1A07-AE534E1541D7}-v1-{70C3F269-5F9C-459D-8D7F-5F2F6F3FFFC7}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
---- EOF - GMER 1.0.13 ----
|
|
|
|
|
06-11-2007, 12:34
|
#57 |
|
Member
Iscritto dal: Nov 2007
Messaggi: 60
|
perchè non l'hai copiata/incollata su avenger?
aggiungici anche questo:[/quote] Codice:
////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Error: could not create zip file. Error code: 0 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\jewavjlx ******************* Script file located at: \??\C:\Documents and Settings\lwubvbnd.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\System32\bfsrcfuqzvv.exe not found! Deletion of file C:\WINDOWS\System32\bfsrcfuqzvv.exe failed! Could not process line: C:\WINDOWS\System32\bfsrcfuqzvv.exe Status: 0xc0000034 File C:\WINDOWS\System32\wqwddgshbyk.exe not found! Deletion of file C:\WINDOWS\System32\wqwddgshbyk.exe failed! Could not process line: C:\WINDOWS\System32\wqwddgshbyk.exe Status: 0xc0000034 File C:\Documents and Settings\Proprietario\Documenti\Sorgenti\programmi scuola\Stud 0708\winPenPack\Lib\GTK\bin\gspawn-win32-helper-console.exe deleted successfully. File C:\Documents and Settings\Proprietario\Documenti\Sorgenti\programmi scuola\Stud 0708\winPenPack\Lib\GTK\bin\gspawn-win32-helper.exe deleted successfully. File C:\Programmi\GXTranscoder v2\FormatAddIns\flac_mac.exe deleted successfully. Completed script processing. ******************* Finished! Terminate.////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\sxtcvvav ******************* Script file located at: \??\C:\lweywamk.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\System32\bfsrcfuqzvv.exe not found! Deletion of file C:\WINDOWS\System32\bfsrcfuqzvv.exe failed! Could not process line: C:\WINDOWS\System32\bfsrcfuqzvv.exe Status: 0xc0000034 File C:\WINDOWS\System32\wqwddgshbyk.exe not found! Deletion of file C:\WINDOWS\System32\wqwddgshbyk.exe failed! Could not process line: C:\WINDOWS\System32\wqwddgshbyk.exe Status: 0xc0000034 File C:\Documents and Settings\Proprietario\Documenti\Sorgenti\programmi scuola\Stud 0708\winPenPack\Lib\GTK\bin\gspawn-win32-helper-console.exe not found! Deletion of file C:\Documents and Settings\Proprietario\Documenti\Sorgenti\programmi scuola\Stud 0708\winPenPack\Lib\GTK\bin\gspawn-win32-helper-console.exe failed! Could not process line: C:\Documents and Settings\Proprietario\Documenti\Sorgenti\programmi scuola\Stud 0708\winPenPack\Lib\GTK\bin\gspawn-win32-helper-console.exe Status: 0xc0000034 File C:\Documents and Settings\Proprietario\Documenti\Sorgenti\programmi scuola\Stud 0708\winPenPack\Lib\GTK\bin\gspawn-win32-helper.exe not found! Deletion of file C:\Documents and Settings\Proprietario\Documenti\Sorgenti\programmi scuola\Stud 0708\winPenPack\Lib\GTK\bin\gspawn-win32-helper.exe failed! Could not process line: C:\Documents and Settings\Proprietario\Documenti\Sorgenti\programmi scuola\Stud 0708\winPenPack\Lib\GTK\bin\gspawn-win32-helper.exe Status: 0xc0000034 File C:\Programmi\GXTranscoder v2\FormatAddIns\flac_mac.exe not found! Deletion of file C:\Programmi\GXTranscoder v2\FormatAddIns\flac_mac.exe failed! Could not process line: C:\Programmi\GXTranscoder v2\FormatAddIns\flac_mac.exe Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
06-11-2007, 15:51
|
#58 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28864
|
pure stavolta l'hai fatto a rate,ti manca questa parte
Quote:
|
|
|
|
|
|
06-11-2007, 18:01
|
#59 | |
|
Member
Iscritto dal: Nov 2007
Messaggi: 60
|
nuovo log hijack....
Quote:
ti invio nuovo log...casomai.... Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.57.13, on 06/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Prevx2\PXConsole.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmi\Secunia\PSI (BETA)\PSI.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmi\Eset\nod32krn.exe
C:\OPLIMIT\ocrawr32.exe
C:\Programmi\Prevx2\PXAgent.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=cmd.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\reboot.exe
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nxqivswj] C:\pbxigejp.bat
O4 - HKLM\..\Run: [pssygpdu] C:\gxurkvmr.bat
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\RunServices: [5470B5AD] C:\WINDOWS\System32\bfsrcfuqzvv.exe
O4 - HKLM\..\RunServices: [Microsoft Config 32bit] mscnfg32.exe
O4 - HKLM\..\RunServices: [eMpyggdcxeqbsvu]iul] C:\WINDOWS\System32\wqwddgshbyk.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserver.exe
O4 - HKLM\..\RunServices: [Microsofts MediaScope] winmep.exe
O4 - HKLM\..\RunServices: [runs] run.exe
O4 - HKLM\..\RunServices: [Microsoft Winsocks 32 Controller] MSWSCK32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [MS Sound Config 16bit] sndcfg16.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msn] msnmsgr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Media Player] msams.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NAV Auto Updates] slserver.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [runs] run.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Winsocks 32 Controller] MSWSCK32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MS Sound Config 16bit] sndcfg16.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Secunia PSI (BETA).lnk = C:\Programmi\Secunia\PSI (BETA)\PSI.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PCSuiteperNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteperNokia6600 TS.lnk = ?
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/free
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188026884343
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://www.cartografia.regione.lombardia.it/include/ecwplugins/ncs.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - http://aiuto.alice.it/ata/static/installers/WebflowActiveXInstaller_4-1-5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O18 - Filter hijack: text/html - {6BD38549-7FC8-4B13-8C25-DA3097D1B296} - (no file)
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 13919 bytes
PS: è normale che tutto sta diventanto tremendamente lento....anche aprire una normale cartella richiede parecchi secondi? |
|
|
|
|
|
06-11-2007, 18:04
|
#60 |
|
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
E' normale si, purtroppo, perchè dal log di HJT si vede che sei superinfettato.
Proviamo cosi: ELISTARTA TOOL: clicca qui per il download scorri, fino in fondo, la pagina Web che si aprirà e clicca su Descargar ELISTARTA per scaricare il Tool (per comodità, posizionalo su Desktop) Esegui ELISTARTA TOOL: ● alla prima domanda, rispondi SI ● alla seconda, rispondi SI ● alla terza rispondi NO ● si apre la finestra di scansione, clicca su Explorar ● terminata la scansione, chiudi il Tool e provvedi a riavviare il sistema ● verrà rilasciato un log dal nome infosat.txt in C: (clicca su Risorse del Computer, poi su Disco Locale C: e trovi il log e lo alleghi alla discussione) Annotazione dopo aver rilanciato Internet Explorer, potrebbe rendersi necessario reimpostare la propria pagina Web predefinita alla fine sia il log di ELISARTA che un nuovo HJT P.S:durante tutte queste operazioni avevi disabilitato il ripristino di configurazione di sistema? |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 09:58.
