Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

PROBLEMA SPYWARE

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

PROBLEMA SPYWARE

Postdi Salentino76 » 12/11/07 03:32

ragazzi non riesco a togliere due file infetti, come posso fare?avg e search and destroy non li rilevano e nemmeno il nod32, mentre guardate questo log, e poi ditemi come devo comportarmi grazie!!!!!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3.23.37, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\BITWARE\NT\bwprnmon.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\BTTray.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Roper\AIRBLU~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\GIANFRANCO\Desktop\programmi antivirus\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\awtuvut.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FF39E25D-31EE-4A8F-97E0-1F7C10DA3441} - C:\WINDOWS\system32\yaywv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24E17EE2-1056-414F-BB5B-33547465EB1C}: NameServer = 193.12.150.2 212.247.152.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{24E17EE2-1056-414F-BB5B-33547465EB1C}: NameServer = 193.12.150.2 212.247.152.2
O20 - Winlogon Notify: awtuvut - C:\WINDOWS\SYSTEM32\awtuvut.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 8828 bytes
Salentino76
Utente Junior
 
Post: 99
Iscritto il: 11/12/06 20:02
Località: Lecce

Sponsor
 

Postdi Luke57 » 12/11/07 08:57

Ciao, scarica VundoFix da qui http://www.atribune.org/content/view/24/2/
Avvia vundofix, seleziona "Scan for Vundo" e poi alla fine clicca su "Remove Vundo".
Alla fine di tutto posta anche il log generato da Vundofix.
Inoltre, scarica anche COMBOFIX sul desktop http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Una volta scaricato,avvialo con un doppio click.
- Si aprirà una finestra blu , attendi
- Dopo qualche attimo apparirà un avviso che declina l'autore da ogni responsabilità.
- A questo punto seleziona 1 e premi ENTER per lanciare lo scan.
- Attendere.....
Il tool ti avviserà una volta lo scan finito e in qualche attimo visualizzerà il rapporto con i dettagli. (C:\ComboFix.txt)
Inserisci in un post il log (C:\ComboFix.txt)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Salentino76 » 12/11/07 11:46

grazie amico dei consigli, allora con vundofix non mi ha trovato nulla, poi ho fatto la scansione con combofix, che l'antidialer mi ha bloccato, forse lo vedeva coma una minaccia, però mi sono fidato di te, e sono andato avanti, ho fatto la scansione che mi è durata mezz'ora, ed ecco il report:


ComboFix 07-11-08.1 - GIANFRANCO 2007-11-12 11.03.00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.67 [GMT 1:00]
Eseguito da: C:\Documents and Settings\GIANFRANCO\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

Impossibile acquisire privilegi di Sistema

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\GIANFRANCO\Desktop\internet.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c00DE160.dat
C:\WINDOWS\system32\cawgjgug.dll
C:\WINDOWS\system32\lfrdqjiu.dll
C:\WINDOWS\system32\lxlscibx.dll
C:\WINDOWS\system32\lyylcxmv.dll
C:\WINDOWS\system32\qmubpcuq.dll
C:\WINDOWS\system32\snceihbd.dll
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\AVICAP.DLL
C:\WINDOWS\system32\system\AVIFILE.DLL
C:\WINDOWS\system32\system\BITWARED.DRV
C:\WINDOWS\system32\system\COMMDLG.DLL
C:\WINDOWS\system32\system\KEYBOARD.DRV
C:\WINDOWS\system32\system\LZEXPAND.DLL
C:\WINDOWS\system32\system\MCIAVI.DRV
C:\WINDOWS\system32\system\MCISEQ.DRV
C:\WINDOWS\system32\system\MCIWAVE.DRV
C:\WINDOWS\system32\system\MMSYSTEM.DLL
C:\WINDOWS\system32\system\MMTASK.TSK
C:\WINDOWS\system32\system\MOUSE.DRV
C:\WINDOWS\system32\system\MSVIDEO.DLL
C:\WINDOWS\system32\system\OLECLI.DLL
C:\WINDOWS\system32\system\OLESVR.DLL
C:\WINDOWS\system32\system\setup.inf
C:\WINDOWS\system32\system\SHELL.DLL
C:\WINDOWS\system32\system\SOUND.DRV
C:\WINDOWS\system32\system\stdole.tlb
C:\WINDOWS\system32\system\SYSTEM.DRV
C:\WINDOWS\system32\system\TAPI.DLL
C:\WINDOWS\system32\system\TIMER.DRV
C:\WINDOWS\system32\system\UNIDRV.DLL
C:\WINDOWS\system32\system\vdremote.dll
C:\WINDOWS\system32\system\vdsvrlnk.dll
C:\WINDOWS\system32\system\VER.DLL
C:\WINDOWS\system32\system\VGA.DRV
C:\WINDOWS\system32\system\WFWNET.DRV
C:\WINDOWS\system32\system\WINSPOOL.DRV
C:\WINDOWS\system32\uutss.bak1
C:\WINDOWS\system32\uutss.bak2
C:\WINDOWS\system32\uutss.ini
C:\WINDOWS\system32\uutss.ini2
C:\WINDOWS\system32\uutss.tmp
C:\WINDOWS\system32\vwyay.bak1
C:\WINDOWS\system32\vwyay.bak2
C:\WINDOWS\system32\vwyay.ini
C:\WINDOWS\system32\xaccf.bak1
C:\WINDOWS\system32\xaccf.ini
C:\WINDOWS\system32\yaywv.dll
C:\WINDOWS\system32\yzpsyixd.dllbox

.
((((((((((((((((((((((((( Files Creati Da 2007-10-12 al 2007-11-12 )))))))))))))))))))))))))))))))))))
.

2007-11-12 10:59 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 10:24 89,664 --a------ C:\WINDOWS\system32\iftotxkh.dll
2007-11-12 10:21 81,472 --a------ C:\WINDOWS\system32\nwfmxxrh.dll
2007-11-12 03:05 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-11 17:47 35,328 --a------ C:\WINDOWS\system32\ddcdecd.dll
2007-11-11 17:44 35,328 --a------ C:\WINDOWS\system32\awtuvut.dll
2007-11-10 12:30 <DIR> d-------- C:\WINDOWS\pss
2007-11-09 20:26 <DIR> d-------- C:\Documents and Settings\GIANFRANCO\Dati applicazioni\Grisoft
2007-11-09 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2007-11-09 20:25 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-09 20:07 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-11-09 20:07 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-11-09 20:07 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-09 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ESET
2007-11-09 14:12 <DIR> d-------- C:\Temp\Tmp___10679
2007-11-09 13:44 35,328 --a------ C:\WINDOWS\system32\mljkhhe.dll
2007-11-09 13:41 35,328 --a------ C:\WINDOWS\system32\jkkhedb.dll
2007-11-06 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2007-11-05 18:50 <DIR> d-------- C:\VundoFix Backups
2007-11-05 15:02 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-05 01:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2007-11-05 01:23 <DIR> d-------- C:\Programmi\CCleaner
2007-11-04 14:05 78,912 --a------ C:\WINDOWS\system32\aulmpeqy.dll
2007-10-29 18:28 <DIR> d-------- C:\Programmi\TELE2
2007-10-29 18:27 <DIR> d-------- C:\Documents and Settings\GIANFRANCO\Dati applicazioni\InstallShield
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-24 11:55 <DIR> d-------- C:\Programmi\File comuni\Macrovision Shared
2007-10-24 11:55 <DIR> d-------- C:\Programmi\Autodesk
2007-10-24 11:55 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2007-10-24 11:55 12,464 --a------ C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2007-10-24 11:53 <DIR> d-------- C:\WINDOWS\system32\Common Files
2007-10-24 11:53 <DIR> d-------- C:\Programmi\AnswerWorks 4.0
2007-10-24 11:52 <DIR> d-------- C:\Programmi\File comuni\Autodesk Shared
2007-10-24 11:52 <DIR> d-------- C:\Programmi\AutoCAD 2004
2007-10-24 11:52 <DIR> d-------- C:\Documents and Settings\GIANFRANCO\Dati applicazioni\Autodesk
2007-10-24 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2007-10-16 17:26 <DIR> d-------- C:\Documents and Settings\GIANFRANCO\Dati applicazioni\pdf995
2007-10-16 16:06 <DIR> d-------- C:\Programmi\pdf995
2007-10-16 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\pdf995
2007-10-16 16:06 249,856 --a------ C:\WINDOWS\system32\pdfmona.dll
2007-10-16 16:06 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 02:18 --------- d-----w C:\Programmi\eMule
2007-11-06 20:35 --------- d-----w C:\Programmi\a-squared Anti-Dialer
2007-10-23 01:48 3,822 ----a-w C:\Programmi\INSTALL.LOG
2007-10-23 01:44 --------- d-----w C:\Documents and Settings\GIANFRANCO\Dati applicazioni\AdobeUM
2007-10-07 19:16 --------- d-----w C:\Documents and Settings\GIANFRANCO\Dati applicazioni\ppStream
2007-10-06 19:04 --------- d-----w C:\Programmi\Winamp
2007-10-06 18:57 --------- d-----w C:\Programmi\ppStream
2007-10-06 13:46 --------- d-----w C:\Programmi\tvants
2007-10-06 11:52 --------- d-----w C:\Documents and Settings\GIANFRANCO\Dati applicazioni\SopCast
2007-10-06 11:35 --------- d-----w C:\Programmi\SopCast
2007-09-14 09:53 --------- d-----w C:\Programmi\MSN Messenger
2007-09-13 11:44 --------- d-----w C:\Documents and Settings\GIANFRANCO\Dati applicazioni\Temporary
2005-05-13 16:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2007-01-24 16:43:21 56 --sh--r C:\WINDOWS\system32\0DA4891A32.sys
2005-10-07 18:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 11:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-01-24 16:43:21 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-04-27 09:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 12:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40ecc0fb-9f0d-48a1-b510-071daeeac0fb}]
2007-11-12 10:21 81472 --a------ C:\WINDOWS\system32\nwfmxxrh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bwprnmon.exe"="C:\BITWARE\NT\bwprnmon.exe" [2007-01-23 15:11]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-01-26 13:44]
"a-squared Anti-Dialer"="C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" [2007-11-04 14:40]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2005-12-12 08:44]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2005-08-25 10:47]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-11-09 20:06]
"a4638241"="C:\WINDOWS\system32\iftotxkh.dll" [2007-11-12 10:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:39]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" []
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 15:21]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
BTTray.lnk - C:\Programmi\Roper\AirBlue Bluetooth Software\BTTray.exe [2005-09-19 15:02:54]
Ulead Photo Express SE Calendar Checker.lnk - C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2007-01-25 12:16:10]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2007-03-12 01:46:50]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yaywv.dll

R2 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Programmi\a-squared Anti-Dialer\a2service.exe"
R3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys
R3 wanusb;D-Link DSL-200 USB ADSL Modem(WAN);C:\WINDOWS\system32\DRIVERS\gwausb.sys
S3 lg3gbus;LGE KU580 driver (WDM);C:\WINDOWS\system32\DRIVERS\lg3gbus.sys
S3 lg3gmdfl;LGE KU580 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\lg3gmdfl.sys
S3 lg3gmdm;LGE KU580 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\lg3gmdm.sys
S3 lg3gmgmt;LGE KU580 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\lg3gmgmt.sys
S3 lg3gnd5;LGE KU580 USB Ethernet Emulation (NDIS);C:\WINDOWS\system32\DRIVERS\lg3gnd5.sys
S3 lg3gobex;LGE KU580 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\lg3gobex.sys
S3 lg3gunic;LGE KU580 USB Ethernet Emulation (WDM);C:\WINDOWS\system32\DRIVERS\lg3gunic.sys

.
Contenuto della cartella 'Scheduled Tasks'
"2007-03-26 10:45:34 C:\WINDOWS\Tasks\acilghaa.job"
"2007-09-29 11:06:32 C:\WINDOWS\Tasks\acp.job"
- c:\windows\system32\svcbqhte.exe
"2007-06-09 19:53:15 C:\WINDOWS\Tasks\aeuedsro.job"
"2007-10-20 10:07:53 C:\WINDOWS\Tasks\aheoc.job"
- c:\windows\system32\svcbqhte.exe
"2007-08-06 09:29:29 C:\WINDOWS\Tasks\ahpzyjzn.job"
"2007-07-29 07:59:09 C:\WINDOWS\Tasks\ajnbafak.job"
"2007-07-26 09:04:44 C:\WINDOWS\Tasks\alskabrk.job"
"2007-11-01 12:42:20 C:\WINDOWS\Tasks\aobzvssk.job"
- c:\windows\system32\svcbqhte.exe
"2007-04-08 18:43:44 C:\WINDOWS\Tasks\argron.job"
"2007-04-19 09:06:32 C:\WINDOWS\Tasks\asbvnlqj.job"
"2007-10-23 12:19:35 C:\WINDOWS\Tasks\astzn.job"
"2007-03-05 18:01:13 C:\WINDOWS\Tasks\atygn.job"
- c:\windows\system32\svcbqhte.exe
"2007-10-03 19:02:13 C:\WINDOWS\Tasks\axbvsc.job"
- c:\windows\system32\svcbqhte.exe
"2007-06-17 15:51:59 C:\WINDOWS\Tasks\aysa.job"
"2007-10-06 19:14:04 C:\WINDOWS\Tasks\ayz.job"
"2007-05-28 11:57:26 C:\WINDOWS\Tasks\azgfj.job"
- c:\windows\system32\svcbqhte.exe
"2007-06-24 12:11:34 C:\WINDOWS\Tasks\bacemf.job"
"2007-03-14 10:21:56 C:\WINDOWS\Tasks\bbywirb.job"
"2007-11-04 18:31:13 C:\WINDOWS\Tasks\bdb.job"
"2007-06-25 09:21:37 C:\WINDOWS\Tasks\bevlt.job"
"2007-04-03 19:29:44 C:\WINDOWS\Tasks\bftf.job"
"2007-09-17 18:27:39 C:\WINDOWS\Tasks\bhfnubxq.job"
"2007-08-01 07:56:48 C:\WINDOWS\Tasks\biffst.job"
"2007-04-12 09:24:28 C:\WINDOWS\Tasks\bjwrk.job"
- c:\windows\system32\svcbqhte.exe
"2007-07-17 23:34:26 C:\WINDOWS\Tasks\bpe.job"
"2007-05-06 10:35:42 C:\WINDOWS\Tasks\bphiaz.job"
- c:\windows\system32\svcbqhte.exe
"2007-05-10 08:03:58 C:\WINDOWS\Tasks\brbixlw.job"
- c:\windows\system32\svcbqhte.exe
"2007-08-22 17:14:06 C:\WINDOWS\Tasks\bsafav.job"
"2007-10-30 09:05:52 C:\WINDOWS\Tasks\buaczgep.job"
"2007-05-29 06:17:57 C:\WINDOWS\Tasks\budg.job"
"2007-06-02 09:18:09 C:\WINDOWS\Tasks\bulthqag.job"
"2007-03-06 12:10:41 C:\WINDOWS\Tasks\buywdz.job"
"2007-10-21 10:19:58 C:\WINDOWS\Tasks\bvixsfyi.job"
"2007-10-05 11:14:12 C:\WINDOWS\Tasks\bzrj.job"
"2007-10-28 16:24:27 C:\WINDOWS\Tasks\cbhddgis.job"
"2007-11-02 10:56:36 C:\WINDOWS\Tasks\cccoguix.job"
"2007-09-12 17:48:57 C:\WINDOWS\Tasks\cgugj.job"
"2007-03-20 00:20:11 C:\WINDOWS\Tasks\cgyrrs.job"
"2007-11-01 19:41:32 C:\WINDOWS\Tasks\chyufmdg.job"
"2007-03-14 16:55:42 C:\WINDOWS\Tasks\cmjrlqzk.job"
"2007-04-06 09:14:28 C:\WINDOWS\Tasks\comdduo.job"
"2007-09-12 09:29:43 C:\WINDOWS\Tasks\copzj.job"
"2007-02-19 23:57:22 C:\WINDOWS\Tasks\cov.job"
"2007-07-23 10:19:09 C:\WINDOWS\Tasks\coxysoo.job"
"2007-03-03 13:12:19 C:\WINDOWS\Tasks\cqlcitv.job"
"2007-06-04 05:23:13 C:\WINDOWS\Tasks\crgbarkm.job"
"2007-08-22 09:37:46 C:\WINDOWS\Tasks\cshkoa.job"
"2007-07-26 08:20:38 C:\WINDOWS\Tasks\ctwo.job"
"2007-06-30 15:35:32 C:\WINDOWS\Tasks\cutlon.job"
"2007-02-21 09:05:17 C:\WINDOWS\Tasks\cvnazkhx.job"
"2007-07-24 11:08:05 C:\WINDOWS\Tasks\cvntcj.job"
"2007-04-21 09:45:04 C:\WINDOWS\Tasks\cxidtm.job"
"2007-03-10 11:02:37 C:\WINDOWS\Tasks\cxjqvpnl.job"
"2007-03-01 09:16:48 C:\WINDOWS\Tasks\cxpdy.job"
"2007-04-11 10:05:09 C:\WINDOWS\Tasks\czvpdsl.job"
"2007-03-12 00:53:01 C:\WINDOWS\Tasks\day.job"
"2007-11-02 14:49:34 C:\WINDOWS\Tasks\dclo.job"
"2007-07-18 08:26:20 C:\WINDOWS\Tasks\dcthiqtp.job"
"2007-07-11 08:01:06 C:\WINDOWS\Tasks\dgbwptrz.job"
"2007-08-21 14:39:24 C:\WINDOWS\Tasks\dgzmje.job"
"2007-11-04 22:39:55 C:\WINDOWS\Tasks\dhs.job"
- c:\windows\system32\svcbqhte.exe
"2007-10-06 16:22:30 C:\WINDOWS\Tasks\dhxfj.job"
"2007-02-18 02:16:29 C:\WINDOWS\Tasks\djcxao.job"
"2007-04-11 18:46:45 C:\WINDOWS\Tasks\dlaisec.job"
"2007-07-24 08:19:09 C:\WINDOWS\Tasks\doqgn.job"
"2007-03-19 09:20:22 C:\WINDOWS\Tasks\dovpslhv.job"
"2007-07-20 09:21:47 C:\WINDOWS\Tasks\drrl.job"
"2007-03-13 10:31:54 C:\WINDOWS\Tasks\drzww.job"
"2007-06-08 08:25:55 C:\WINDOWS\Tasks\dsujqvxt.job"
"2007-02-16 17:36:15 C:\WINDOWS\Tasks\dtcx.job"
- c:\windows\system32\svcbqhte.exe
"2007-05-05 15:26:00 C:\WINDOWS\Tasks\duanzw.job"
- c:\windows\system32\svcbqhte.exe
"2007-02-14 13:24:44 C:\WINDOWS\Tasks\dyvgzixd.job"
"2007-03-20 00:30:58 C:\WINDOWS\Tasks\eaoy.job"
"2007-07-26 12:26:00 C:\WINDOWS\Tasks\eap.job"
"2007-05-22 16:28:33 C:\WINDOWS\Tasks\eefw.job"
"2007-08-02 15:24:46 C:\WINDOWS\Tasks\efl.job"
"2007-02-28 08:55:21 C:\WINDOWS\Tasks\ehuxypx.job"
- c:\windows\system32\svcbqhte.exe
"2007-08-21 01:51:47 C:\WINDOWS\Tasks\ehytppcl.job"
"2007-10-04 17:59:42 C:\WINDOWS\Tasks\eirlzvtv.job"
"2007-03-04 13:03:20 C:\WINDOWS\Tasks\ekqwf.job"
"2007-03-15 10:05:42 C:\WINDOWS\Tasks\emrauiqq.job"
"2007-05-17 12:51:05 C:\WINDOWS\Tasks\enni.job"
"2007-07-15 09:46:59 C:\WINDOWS\Tasks\euwr.job"
"2007-08-23 11:40:28 C:\WINDOWS\Tasks\evee.job"
"2007-06-13 12:46:27 C:\WINDOWS\Tasks\evvd.job"
"2007-04-07 10:17:31 C:\WINDOWS\Tasks\ewcm.job"
- c:\windows\system32\svcbqhte.exe
"2007-09-23 10:35:26 C:\WINDOWS\Tasks\fbr.job"
- c:\windows\system32\svcbqhte.exe
"2007-05-22 19:15:55 C:\WINDOWS\Tasks\fdpqkfn.job"
"2007-07-17 08:05:51 C:\WINDOWS\Tasks\fjj.job"
"2007-10-19 08:22:35 C:\WINDOWS\Tasks\fjp.job"
"2007-10-31 01:21:51 C:\WINDOWS\Tasks\fkign.job"
- c:\windows\system32\svcbqhte.exe
"2007-07-13 15:24:51 C:\WINDOWS\Tasks\fnxwpez.job"
- c:\windows\system32\svcbqhte.exe
"2007-04-08 09:25:24 C:\WINDOWS\Tasks\fpgkj.job"
"2007-06-30 15:41:49 C:\WINDOWS\Tasks\fpmea.job"
"2007-02-13 19:29:38 C:\WINDOWS\Tasks\fqty.job"
"2007-07-06 20:09:29 C:\WINDOWS\Tasks\fulur.job"
- c:\windows\system32\svcbqhte.exe
"2007-05-15 12:33:23 C:\WINDOWS\Tasks\fum.job"
"2007-07-25 08:37:06 C:\WINDOWS\Tasks\furjib.job"
"2007-03-20 10:12:21 C:\WINDOWS\Tasks\fuytbgxc.job"
"2007-04-18 08:54:17 C:\WINDOWS\Tasks\fwk.job"
- c:\windows\system32\svcbqhte.exe
"2007-08-12 14:29:44 C:\WINDOWS\Tasks\fyng.job"
"2007-11-03 12:03:48 C:\WINDOWS\Tasks\gcut.job"
"2007-04-16 10:48:57 C:\WINDOWS\Tasks\gffu.job"
"2007-08-12 15:21:10 C:\WINDOWS\Tasks\ggzhiub.job"
"2007-05-13 08:37:11 C:\WINDOWS\Tasks\ghjvsme.job"
"2007-03-16 17:09:37 C:\WINDOWS\Tasks\gicvtkl.job"
- c:\windows\system32\svcbqhte.exe
"2007-09-13 08:38:12 C:\WINDOWS\Tasks\gjfq.job"
"2007-11-01 16:58:12 C:\WINDOWS\Tasks\gloaeyz.job"
- c:\windows\system32\svcbqhte.exe
"2007-07-27 19:17:54 C:\WINDOWS\Tasks\gluie.job"
"2007-06-21 06:43:01 C:\WINDOWS\Tasks\gopmsmgf.job"
"2007-10-08 15:34:58 C:\WINDOWS\Tasks\gpxlbgb.job"
"2007-07-24 19:39:14 C:\WINDOWS\Tasks\gqedbi.job"
"2007-07-31 08:03:23 C:\WINDOWS\Tasks\gqfeic.job"
"2007-03-13 23:17:25 C:\WINDOWS\Tasks\gymsvwj.job"
"2007-08-03 10:14:39 C:\WINDOWS\Tasks\gzcvia.job"
"2007-10-05 10:43:57 C:\WINDOWS\Tasks\gzv.job"
"2007-06-07 12:13:20 C:\WINDOWS\Tasks\gzysmo.job"
"2007-04-02 19:58:36 C:\WINDOWS\Tasks\hdxhvim.job"
"2007-09-18 17:37:44 C:\WINDOWS\Tasks\heflgexz.job"
- c:\windows\system32\svcbqhte.exe
"2007-08-08 08:58:23 C:\WINDOWS\Tasks\hegnuf.job"
"2007-02-19 21:23:13 C:\WINDOWS\Tasks\heuchh.job"
"2007-08-03 10:35:34 C:\WINDOWS\Tasks\hgdxiewl.job"
"2007-06-05 21:22:34 C:\WINDOWS\Tasks\hghlgz.job"
"2007-10-02 09:02:14 C:\WINDOWS\Tasks\hhquscd.job"
"2007-10-18 10:44:27 C:\WINDOWS\Tasks\hiexbyt.job"
"2007-09-06 17:01:30 C:\WINDOWS\Tasks\hln.job"
"2007-04-11 08:30:50 C:\WINDOWS\Tasks\hnsfr.job"
"2007-03-28 16:26:11 C:\WINDOWS\Tasks\hohth.job"
"2007-03-17 12:03:28 C:\WINDOWS\Tasks\hovgfgu.job"
"2007-09-24 08:59:47 C:\WINDOWS\Tasks\hwsznc.job"
"2007-02-15 00:40:03 C:\WINDOWS\Tasks\hzio.job"
"2007-03-05 12:51:58 C:\WINDOWS\Tasks\ibihfna.job"
"2007-09-26 09:17:24 C:\WINDOWS\Tasks\icex.job"
- c:\windows\system32\svcbqhte.exe
"2007-02-13 19:37:32 C:\WINDOWS\Tasks\icos.job"
"2007-11-04 18:09:11 C:\WINDOWS\Tasks\icyhbutn.job"
- c:\windows\system32\svcbqhte.exe
"2007-11-04 14:40:53 C:\WINDOWS\Tasks\idfshf.job"
"2007-09-21 09:15:22 C:\WINDOWS\Tasks\ifk.job"
- c:\windows\system32\svcbqhte.exe
"2007-07-24 11:18:35 C:\WINDOWS\Tasks\igghprf.job"
"2007-05-11 12:07:01 C:\WINDOWS\Tasks\ikemfm.job"
"2007-03-15 22:08:10 C:\WINDOWS\Tasks\ilup.job"
- c:\windows\system32\svcbqhte.exe
"2007-08-25 09:47:32 C:\WINDOWS\Tasks\imbblutc.job"
"2007-05-26 12:40:34 C:\WINDOWS\Tasks\incdb.job"
"2007-09-09 10:29:02 C:\WINDOWS\Tasks\inik.job"
"2007-09-15 15:29:07 C:\WINDOWS\Tasks\ionfafi.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-11 01:48:13 C:\WINDOWS\Tasks\ipf.job"
"2007-03-16 10:56:23 C:\WINDOWS\Tasks\iql.job"
"2007-08-11 10:56:59 C:\WINDOWS\Tasks\iqpd.job"
"2007-02-18 02:22:43 C:\WINDOWS\Tasks\irnifqne.job"
"2007-09-27 10:00:23 C:\WINDOWS\Tasks\isaz.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-24 00:34:56 C:\WINDOWS\Tasks\itioksw.job"
"2007-10-07 19:07:25 C:\WINDOWS\Tasks\iujz.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-26 18:16:06 C:\WINDOWS\Tasks\iuoj.job"
- c:\windows\system32\svcbqhte.exe
"2007-06-06 05:45:04 C:\WINDOWS\Tasks\ixxaybd.job"
- c:\windows\system32\svcbqhte.exe
"2007-05-14 12:38:19 C:\WINDOWS\Tasks\izs.job"
"2007-07-28 07:48:02 C:\WINDOWS\Tasks\jalcwx.job"
"2007-03-03 09:39:25 C:\WINDOWS\Tasks\jatvqu.job"
"2007-08-21 10:28:13 C:\WINDOWS\Tasks\jau.job"
"2007-05-14 08:30:01 C:\WINDOWS\Tasks\jdyibo.job"
"2007-05-07 13:52:25 C:\WINDOWS\Tasks\jhhfl.job"
"2007-05-11 18:04:47 C:\WINDOWS\Tasks\jjvt.job"
- c:\windows\system32\svcbqhte.exe
"2007-10-01 16:32:24 C:\WINDOWS\Tasks\jlfoxu.job"
- c:\windows\system32\svcbqhte.exe
"2007-09-25 16:32:59 C:\WINDOWS\Tasks\jnh.job"
"2007-11-04 17:16:48 C:\WINDOWS\Tasks\joimm.job"
"2007-02-17 10:06:12 C:\WINDOWS\Tasks\josdbi.job"
"2007-02-18 10:58:09 C:\WINDOWS\Tasks\jpdg.job"
"2007-10-17 08:55:02 C:\WINDOWS\Tasks\jpixlfxu.job"
"2007-08-10 10:26:27 C:\WINDOWS\Tasks\jqhkrij.job"
"2007-09-16 10:36:03 C:\WINDOWS\Tasks\juy.job"
- c:\windows\system32\svcbqhte.exe
"2007-06-05 21:31:48 C:\WINDOWS\Tasks\jvumy.job"
"2007-06-25 09:58:43 C:\WINDOWS\Tasks\jwfwixd.job"
- c:\windows\system32\svcbqhte.exe
"2007-08-15 09:45:36 C:\WINDOWS\Tasks\jwkhjqr.job"
"2007-02-14 00:51:58 C:\WINDOWS\Tasks\jzj.job"
"2007-04-15 11:01:10 C:\WINDOWS\Tasks\kalvpgg.job"
"2007-06-25 10:40:28 C:\WINDOWS\Tasks\kaxvrayr.job"
- c:\windows\system32\svcbqhte.exe
"2007-09-23 13:21:09 C:\WINDOWS\Tasks\kbbzugtr.job"
- c:\windows\system32\svcbqhte.exe
"2007-04-13 10:16:48 C:\WINDOWS\Tasks\kcwrmrdt.job"
"2007-08-12 10:35:11 C:\WINDOWS\Tasks\kddgpj.job"
"2007-09-12 17:40:48 C:\WINDOWS\Tasks\kivjufs.job"
"2007-05-11 18:10:48 C:\WINDOWS\Tasks\kiy.job"
"2007-05-26 11:46:44 C:\WINDOWS\Tasks\kjenibbz.job"
"2007-08-13 10:21:19 C:\WINDOWS\Tasks\kkzhb.job"
"2007-06-12 12:38:42 C:\WINDOWS\Tasks\klmn.job"
"2007-08-03 08:14:58 C:\WINDOWS\Tasks\kmvbqq.job"
"2007-03-22 17:09:58 C:\WINDOWS\Tasks\kppw.job"
"2007-07-31 16:25:30 C:\WINDOWS\Tasks\krge.job"
"2007-03-22 10:00:36 C:\WINDOWS\Tasks\ktll.job"
"2007-04-05 09:29:12 C:\WINDOWS\Tasks\ktnozrdo.job"
"2007-10-11 09:39:29 C:\WINDOWS\Tasks\laukipd.job"
"2007-05-14 15:34:28 C:\WINDOWS\Tasks\lcrcc.job"
"2007-10-27 09:45:03 C:\WINDOWS\Tasks\lcxh.job"
"2007-09-28 09:58:58 C:\WINDOWS\Tasks\lepfjt.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-07 17:02:25 C:\WINDOWS\Tasks\lgaq.job"
"2007-08-20 03:32:47 C:\WINDOWS\Tasks\lkmto.job"
"2007-10-25 10:02:19 C:\WINDOWS\Tasks\lkvp.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-31 08:05:42 C:\WINDOWS\Tasks\llfjpkk.job"
"2007-10-12 14:51:43 C:\WINDOWS\Tasks\lnrbb.job"
"2007-05-31 10:09:06 C:\WINDOWS\Tasks\lpuhgse.job"
"2007-03-25 11:34:23 C:\WINDOWS\Tasks\lsivonf.job"
"2007-10-30 18:46:33 C:\WINDOWS\Tasks\lsom.job"
"2007-10-23 01:45:42 C:\WINDOWS\Tasks\lthttdek.job"
"2007-10-15 22:35:45 C:\WINDOWS\Tasks\lviht.job"
"2007-07-12 08:37:56 C:\WINDOWS\Tasks\lwjzfwcd.job"
"2007-06-05 23:18:58 C:\WINDOWS\Tasks\mampbmy.job"
- c:\windows\system32\svcbqhte.exe
"2007-07-04 08:44:27 C:\WINDOWS\Tasks\mayfqd.job"
"2007-09-17 14:46:48 C:\WINDOWS\Tasks\mcla.job"
- c:\windows\system32\svcbqhte.exe
"2007-05-27 09:06:09 C:\WINDOWS\Tasks\meubyfg.job"
"2007-03-12 19:20:57 C:\WINDOWS\Tasks\mfyq.job"
- c:\windows\system32\svcbqhte.exe
"2007-05-11 19:00:41 C:\WINDOWS\Tasks\mgkzvbc.job"
"2007-08-05 08:29:05 C:\WINDOWS\Tasks\mgpyo.job"
"2007-07-27 09:56:16 C:\WINDOWS\Tasks\mhp.job"
"2007-09-17 18:30:43 C:\WINDOWS\Tasks\milqjlkb.job"
"2007-09-28 09:14:09 C:\WINDOWS\Tasks\mjrtzkt.job"
"2007-10-07 12:32:07 C:\WINDOWS\Tasks\mndmjvem.job"
- c:\windows\system32\svcbqhte.exe
"2007-02-14 13:24:40 C:\WINDOWS\Tasks\moazmx.job"
- c:\windows\system32\svcbqhte.exe
"2007-04-03 09:09:57 C:\WINDOWS\Tasks\mqvkaved.job"
"2007-10-09 18:15:44 C:\WINDOWS\Tasks\mrgmi.job"
"2007-08-16 11:04:54 C:\WINDOWS\Tasks\msydl.job"
"2007-07-15 22:47:18 C:\WINDOWS\Tasks\mtzo.job"
- c:\windows\system32\svcbqhte.exe
"2007-08-01 11:11:51 C:\WINDOWS\Tasks\mumgvpw.job"
- c:\windows\system32\svcbqhte.exe
"2007-06-05 07:28:45 C:\WINDOWS\Tasks\muuoz.job"
- c:\windows\system32\svcbqhte.exe
"2007-08-14 09:25:39 C:\WINDOWS\Tasks\mzm.job"
"2007-03-25 16:29:36 C:\WINDOWS\Tasks\mznevj.job"
"2007-10-13 14:19:28 C:\WINDOWS\Tasks\nccxni.job"
"2007-06-28 07:48:16 C:\WINDOWS\Tasks\nchw.job"
"2007-10-31 10:39:22 C:\WINDOWS\Tasks\nelispj.job"
"2007-05-24 11:40:44 C:\WINDOWS\Tasks\ngkkse.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-18 13:11:50 C:\WINDOWS\Tasks\nhvrfq.job"
- c:\windows\system32\svcbqhte.exe
"2007-11-05 11:17:52 C:\WINDOWS\Tasks\niunf.job"
"2007-03-02 11:10:58 C:\WINDOWS\Tasks\nkxtbw.job"
"2007-05-11 18:40:21 C:\WINDOWS\Tasks\nmix.job"
"2007-08-27 10:53:18 C:\WINDOWS\Tasks\nrfr.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-21 09:30:37 C:\WINDOWS\Tasks\nrzlav.job"
- c:\windows\system32\svcbqhte.exe
"2007-09-19 09:57:54 C:\WINDOWS\Tasks\nsvtyp.job"
- c:\windows\system32\svcbqhte.exe
"2007-06-09 09:38:50 C:\WINDOWS\Tasks\nukmdee.job"
"2007-07-19 09:24:51 C:\WINDOWS\Tasks\nxcdf.job"
"2007-09-20 09:30:50 C:\WINDOWS\Tasks\nxgspbbm.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-15 18:10:33 C:\WINDOWS\Tasks\nxzvsvdb.job"
"2007-07-08 09:13:01 C:\WINDOWS\Tasks\oakvoqi.job"
"2007-02-20 11:47:41 C:\WINDOWS\Tasks\obpnqpb.job"
"2007-10-28 10:45:26 C:\WINDOWS\Tasks\ocbyi.job"
- c:\windows\system32\svcbqhte.exe
"2007-02-13 17:44:30 C:\WINDOWS\Tasks\ocdm.job"
"2007-04-09 09:58:19 C:\WINDOWS\Tasks\oclwrzwj.job"
"2007-07-13 09:06:50 C:\WINDOWS\Tasks\ognm.job"
- c:\windows\system32\svcbqhte.exe
"2007-10-04 18:03:00 C:\WINDOWS\Tasks\ogr.job"
- c:\windows\system32\svcbqhte.exe
"2007-07-06 07:57:18 C:\WINDOWS\Tasks\ogt.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-23 09:55:08 C:\WINDOWS\Tasks\ogtdoyq.job"
"2007-06-05 21:06:21 C:\WINDOWS\Tasks\oifb.job"
"2007-05-11 18:15:00 C:\WINDOWS\Tasks\oiuf.job"
"2007-09-13 11:18:10 C:\WINDOWS\Tasks\ojm.job"
"2007-09-17 19:13:10 C:\WINDOWS\Tasks\ojpk.job"
"2007-06-29 08:39:34 C:\WINDOWS\Tasks\omq.job"
"2007-04-20 10:47:32 C:\WINDOWS\Tasks\omqj.job"
"2007-04-21 14:17:02 C:\WINDOWS\Tasks\omslke.job"
"2007-11-04 12:51:41 C:\WINDOWS\Tasks\onbh.job"
"2007-07-22 08:01:44 C:\WINDOWS\Tasks\onfx.job"
"2007-06-15 05:28:29 C:\WINDOWS\Tasks\ongta.job"
"2007-03-27 15:57:18 C:\WINDOWS\Tasks\onhn.job"
- c:\windows\system32\svcbqhte.exe
"2007-02-17 02:16:51 C:\WINDOWS\Tasks\optzdue.job"
"2007-09-02 02:09:50 C:\WINDOWS\Tasks\oqogejs.job"
"2007-05-05 10:29:59 C:\WINDOWS\Tasks\orewyp.job"
"2007-06-20 06:47:59 C:\WINDOWS\Tasks\orqfkhjd.job"
- c:\windows\system32\svcbqhte.exe
"2007-09-17 08:42:15 C:\WINDOWS\Tasks\otto.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-20 00:24:33 C:\WINDOWS\Tasks\owo.job"
"2007-04-04 13:49:15 C:\WINDOWS\Tasks\oxapw.job"
"2007-07-21 19:59:41 C:\WINDOWS\Tasks\oxiiw.job"
"2007-04-10 10:27:12 C:\WINDOWS\Tasks\oxsjxrw.job"
"2007-10-11 19:10:25 C:\WINDOWS\Tasks\oyf.job"
"2007-03-21 18:36:26 C:\WINDOWS\Tasks\pay.job"
"2007-04-20 16:00:27 C:\WINDOWS\Tasks\pbbglppi.job"
"2007-10-04 17:47:58 C:\WINDOWS\Tasks\pbrnnwam.job"
"2007-08-17 10:17:00 C:\WINDOWS\Tasks\pgp.job"
"2007-04-22 09:19:14 C:\WINDOWS\Tasks\phqk.job"
"2007-08-03 10:58:02 C:\WINDOWS\Tasks\piuzzhf.job"
"2007-03-30 12:59:27 C:\WINDOWS\Tasks\pjmnoi.job"
"2007-03-29 08:17:09 C:\WINDOWS\Tasks\plcvbtn.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-08 19:16:12 C:\WINDOWS\Tasks\pnysjcys.job"
"2007-06-16 13:21:18 C:\WINDOWS\Tasks\pnz.job"
"2007-09-22 10:06:09 C:\WINDOWS\Tasks\pprmov.job"
"2007-03-02 18:22:00 C:\WINDOWS\Tasks\pqocqedr.job"
- c:\windows\system32\svcbqhte.exe
"2007-10-30 15:05:44 C:\WINDOWS\Tasks\prddyihj.job"
"2007-07-09 19:00:01 C:\WINDOWS\Tasks\pro.job"
- c:\windows\system32\svcbqhte.exe
"2007-02-14 00:43:34 C:\WINDOWS\Tasks\ptyggpeu.job"
"2007-06-04 12:32:35 C:\WINDOWS\Tasks\pwljbue.job"
"2007-04-11 12:51:02 C:\WINDOWS\Tasks\pwry.job"
"2007-08-18 11:23:48 C:\WINDOWS\Tasks\pxg.job"
"2007-04-19 12:07:57 C:\WINDOWS\Tasks\pyibvsd.job"
"2007-06-26 09:23:50 C:\WINDOWS\Tasks\qakdpmte.job"
"2007-02-15 00:50:48 C:\WINDOWS\Tasks\qbpcikys.job"
"2007-11-04 00:04:39 C:\WINDOWS\Tasks\qbxbd.job"
- c:\windows\system32\svcbqhte.exe
"2007-10-15 12:13:52 C:\WINDOWS\Tasks\qjtkj.job"
"2007-10-29 11:55:38 C:\WINDOWS\Tasks\qlgqoumw.job"
"2007-03-10 17:21:56 C:\WINDOWS\Tasks\qlwj.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-25 16:31:46 C:\WINDOWS\Tasks\qprvywbt.job"
"2007-03-17 18:32:48 C:\WINDOWS\Tasks\qrx.job"
"2007-02-14 13:21:16 C:\WINDOWS\Tasks\qsydx.job"
"2007-08-26 12:09:57 C:\WINDOWS\Tasks\quep.job"
"2007-03-20 17:47:37 C:\WINDOWS\Tasks\qus.job"
- c:\windows\system32\svcbqhte.exe
"2007-07-30 10:18:54 C:\WINDOWS\Tasks\qxkvck.job"
"2007-02-14 17:44:51 C:\WINDOWS\Tasks\qzdsl.job"
"2007-05-30 11:57:14 C:\WINDOWS\Tasks\ralryv.job"
"2007-02-15 01:27:16 C:\WINDOWS\Tasks\rbcv.job"
"2007-08-23 18:04:59 C:\WINDOWS\Tasks\rdpevyvl.job"
"2007-09-05 22:02:56 C:\WINDOWS\Tasks\rhpjo.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-09 08:39:55 C:\WINDOWS\Tasks\ridi.job"
"2007-09-30 09:02:37 C:\WINDOWS\Tasks\rifkutbm.job"
"2007-03-31 16:26:26 C:\WINDOWS\Tasks\rmjwve.job"
"2007-04-21 15:38:11 C:\WINDOWS\Tasks\rmpq.job"
- c:\windows\system32\svcbqhte.exe
"2007-10-10 10:17:07 C:\WINDOWS\Tasks\rpctgxih.job"
"2007-03-31 13:54:09 C:\WINDOWS\Tasks\rrtdj.job"
"2007-07-27 20:12:39 C:\WINDOWS\Tasks\rsioy.job"
"2007-07-28 19:28:42 C:\WINDOWS\Tasks\rsljkw.job"
"2007-08-02 08:13:46 C:\WINDOWS\Tasks\rvogn.job"
"2007-11-04 21:25:00 C:\WINDOWS\Tasks\ryewkuum.job"
- c:\windows\system32\svcbqhte.exe
"2007-09-15 09:30:26 C:\WINDOWS\Tasks\rze.job"
- c:\windows\system32\svcbqhte.exe
"2007-09-12 17:30:46 C:\WINDOWS\Tasks\rzv.job"
- c:\windows\system32\svcbqhte.exe
"2007-07-03 09:15:12 C:\WINDOWS\Tasks\sdm.job"
"2007-07-16 09:41:04 C:\WINDOWS\Tasks\sho.job"
"2007-02-14 17:51:58 C:\WINDOWS\Tasks\shvytu.job"
"2007-06-16 08:40:32 C:\WINDOWS\Tasks\smef.job"
"2007-10-03 09:09:46 C:\WINDOWS\Tasks\spxogo.job"
"2007-10-10 20:59:39 C:\WINDOWS\Tasks\sqvsz.job"
"2007-08-23 18:03:30 C:\WINDOWS\Tasks\sre.job"
- c:\windows\system32\svcbqhte.exe
"2007-05-08 09:24:43 C:\WINDOWS\Tasks\ssj.job"
- c:\windows\system32\svcbqhte.exe
"2007-07-29 18:25:56 C:\WINDOWS\Tasks\sskgm.job"
"2007-10-26 10:01:24 C:\WINDOWS\Tasks\svd.job"
"2007-09-19 18:44:14 C:\WINDOWS\Tasks\swdy.job"
- c:\windows\system32\svcbqhte.exe
"2007-02-14 00:46:56 C:\WINDOWS\Tasks\swpgl.job"
"2007-02-14 13:24:21 C:\WINDOWS\Tasks\swvh.job"
- c:\windows\system32\svcbqhte.exe
"2007-09-24 07:45:10 C:\WINDOWS\Tasks\swwkk.job"
- c:\windows\system32\svcbqhte.exe
"2007-07-10 16:51:54 C:\WINDOWS\Tasks\swxy.job"
- c:\windows\system32\svcbqhte.exe
"2007-06-10 10:24:28 C:\WINDOWS\Tasks\sxob.job"
"2007-07-09 07:58:42 C:\WINDOWS\Tasks\sxxpqt.job"
"2007-07-21 09:02:29 C:\WINDOWS\Tasks\sym.job"
"2007-08-17 21:02:10 C:\WINDOWS\Tasks\tajlcydg.job"
"2007-09-10 14:31:49 C:\WINDOWS\Tasks\tbqb.job"
"2007-03-30 09:16:51 C:\WINDOWS\Tasks\tbux.job"
"2007-11-04 18:20:30 C:\WINDOWS\Tasks\tgstlfa.job"
"2007-05-18 10:47:39 C:\WINDOWS\Tasks\thkfrs.job"
"2007-09-14 09:43:12 C:\WINDOWS\Tasks\tjjfstbs.job"
"2007-07-07 17:32:52 C:\WINDOWS\Tasks\tmlho.job"
"2007-03-24 19:14:42 C:\WINDOWS\Tasks\tqvhrtuz.job"
"2007-05-09 09:04:30 C:\WINDOWS\Tasks\trhtmork.job"
"2007-06-19 09:39:36 C:\WINDOWS\Tasks\tsdwbvh.job"
"2007-07-03 19:08:59 C:\WINDOWS\Tasks\tucrvujt.job"
- c:\windows\system32\svcbqhte.exe
"2007-10-22 10:27:41 C:\WINDOWS\Tasks\tuniaca.job"
"2007-10-16 14:31:20 C:\WINDOWS\Tasks\tuwm.job"
"2007-07-27 23:24:33 C:\WINDOWS\Tasks\tvyfscr.job"
"2007-03-19 15:43:22 C:\WINDOWS\Tasks\twwpzf.job"
- c:\windows\system32\svcbqhte.exe
"2007-08-06 18:26:43 C:\WINDOWS\Tasks\tzzbqvqs.job"
"2007-03-11 14:04:46 C:\WINDOWS\Tasks\uavcevs.job"
- c:\windows\system32\svcbqhte.exe
"2007-11-04 13:44:51 C:\WINDOWS\Tasks\ues.job"
- c:\windows\system32\svcbqhte.exe
"2007-08-04 08:20:53 C:\WINDOWS\Tasks\uftuva.job"
"2007-02-15 09:33:52 C:\WINDOWS\Tasks\uhmra.job"
"2007-04-13 16:59:50 C:\WINDOWS\Tasks\uhnasg.job"
"2007-02-15 01:24:56 C:\WINDOWS\Tasks\uimbgxih.job"
"2007-09-02 18:37:34 C:\WINDOWS\Tasks\ukxsnbux.job"
"2007-09-18 09:26:54 C:\WINDOWS\Tasks\uljobfp.job"
"2007-10-12 09:01:47 C:\WINDOWS\Tasks\unldxgi.job"
"2007-03-20 00:26:32 C:\WINDOWS\Tasks\upqhke.job"
"2007-07-31 17:31:40 C:\WINDOWS\Tasks\upqyinhe.job"
- c:\windows\system32\svcbqhte.exe
"2007-10-02 15:27:11 C:\WINDOWS\Tasks\uqboqan.job"
"2007-10-24 10:36:26 C:\WINDOWS\Tasks\uqkefse.job"
"2007-11-03 20:28:18 C:\WINDOWS\Tasks\uramlzve.job"
"2007-03-04 17:36:07 C:\WINDOWS\Tasks\usnoshxl.job"
"2007-05-06 17:41:47 C:\WINDOWS\Tasks\utfno.job"
"2007-02-28 09:03:49 C:\WINDOWS\Tasks\uxg.job"
- c:\windows\system32\svcbqhte.exe
"2007-06-25 10:33:01 C:\WINDOWS\Tasks\uzurn.job"
"2007-07-07 08:33:13 C:\WINDOWS\Tasks\vbld.job"
"2007-06-03 13:08:03 C:\WINDOWS\Tasks\vdfalus.job"
"2007-05-21 21:41:55 C:\WINDOWS\Tasks\vdv.job"
"2007-02-14 12:26:01 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.exe
"2007-03-26 23:08:37 C:\WINDOWS\Tasks\vfaz.job"
"2007-04-21 14:11:45 C:\WINDOWS\Tasks\vfbcltt.job"
"2007-03-28 06:22:31 C:\WINDOWS\Tasks\vfutni.job"
"2007-08-19 11:08:16 C:\WINDOWS\Tasks\vkelep.job"
"2007-03-27 10:19:52 C:\WINDOWS\Tasks\vkwruh.job"
- c:\windows\system32\svcbqhte.exe
"2007-05-19 08:44:43 C:\WINDOWS\Tasks\vomug.job"
"2007-06-04 19:22:35 C:\WINDOWS\Tasks\vovubow.job"
"2007-07-02 08:38:08 C:\WINDOWS\Tasks\vozgstyr.job"
"2007-10-04 08:20:50 C:\WINDOWS\Tasks\vrqal.job"
"2007-07-31 15:15:46 C:\WINDOWS\Tasks\vtkwdl.job"
"2007-06-14 08:11:27 C:\WINDOWS\Tasks\vumdlz.job"
- c:\windows\system32\svcbqhte.exe
"2007-05-21 12:31:12 C:\WINDOWS\Tasks\vwmslstc.job"
"2007-09-07 15:50:46 C:\WINDOWS\Tasks\vzi.job"
"2007-06-14 16:51:21 C:\WINDOWS\Tasks\vzlooyxe.job"
"2007-04-17 11:07:22 C:\WINDOWS\Tasks\wax.job"
- c:\windows\system32\svcbqhte.exe
"2007-02-14 13:24:20 C:\WINDOWS\Tasks\wayfed.job"
- c:\windows\system32\svcbqhte.exe
"2007-05-16 13:05:51 C:\WINDOWS\Tasks\wclzha.job"
"2007-02-14 13:24:19 C:\WINDOWS\Tasks\wfsx.job"
"2007-06-18 08:09:42 C:\WINDOWS\Tasks\wlltsyrv.job"
- c:\windows\system32\svcbqhte.exe
"2007-07-11 23:33:59 C:\WINDOWS\Tasks\wlsiu.job"
"2007-09-25 09:09:56 C:\WINDOWS\Tasks\wou.job"
"2007-06-14 18:06:08 C:\WINDOWS\Tasks\wouzz.job"
"2007-02-13 09:41:27 C:\WINDOWS\Tasks\wppey.job"
"2007-08-05 08:46:08 C:\WINDOWS\Tasks\wqfxvy.job"
"2007-09-12 17:15:30 C:\WINDOWS\Tasks\wqsdzt.job"
- c:\windows\system32\svcbqhte.exe
"2007-04-04 09:44:16 C:\WINDOWS\Tasks\wqxtjv.job"
- c:\windows\system32\svcbqhte.exe
"2007-06-26 13:42:37 C:\WINDOWS\Tasks\wtq.job"
"2007-04-23 05:27:26 C:\WINDOWS\Tasks\wvbmgwl.job"
- c:\windows\system32\svcbqhte.exe
"2007-07-31 15:41:44 C:\WINDOWS\Tasks\wvgivb.job"
"2007-07-05 09:19:07 C:\WINDOWS\Tasks\wvuq.job"
- c:\windows\system32\svcbqhte.exe
"2007-02-20 18:40:20 C:\WINDOWS\Tasks\wzwtcbhy.job"
- c:\windows\system32\svcbqhte.exe
"2007-02-28 18:57:40 C:\WINDOWS\Tasks\xbpz.job"
"2007-08-24 10:16:43 C:\WINDOWS\Tasks\xcv.job"
"2007-04-01 10:15:09 C:\WINDOWS\Tasks\xczo.job"
"2007-06-27 09:12:11 C:\WINDOWS\Tasks\xeftow.job"
"2007-03-08 11:39:03 C:\WINDOWS\Tasks\xjobcg.job"
"2007-04-22 16:04:24 C:\WINDOWS\Tasks\xkkhdmtv.job"
"2007-06-24 10:48:12 C:\WINDOWS\Tasks\xma.job"
"2007-03-12 12:30:18 C:\WINDOWS\Tasks\xmhpc.job"
- c:\windows\system32\svcbqhte.exe
"2007-05-20 11:32:15 C:\WINDOWS\Tasks\xoabsnqj.job"
"2007-11-04 13:33:21 C:\WINDOWS\Tasks\xof.job"
"2007-10-08 09:31:50 C:\WINDOWS\Tasks\xqlke.job"
- c:\windows\system32\svcbqhte.exe
"2007-06-06 15:19:36 C:\WINDOWS\Tasks\xqyr.job"
"2007-02-16 10:07:33 C:\WINDOWS\Tasks\xtr.job"
- c:\windows\system32\svcbqhte.exe
"2007-09-11 07:43:00 C:\WINDOWS\Tasks\xuyijukb.job"
"2007-10-06 09:07:59 C:\WINDOWS\Tasks\xwvrz.job"
- c:\windows\system32\svcbqhte.exe
"2007-09-10 07:53:34 C:\WINDOWS\Tasks\xzgj.job"
"2007-02-14 13:28:06 C:\WINDOWS\Tasks\xzz.job"
"2007-05-12 08:33:07 C:\WINDOWS\Tasks\yby.job"
"2007-05-20 15:13:37 C:\WINDOWS\Tasks\ydycttsy.job"
- c:\windows\system32\svcbqhte.exe
"2007-10-14 17:48:49 C:\WINDOWS\Tasks\ygnv.job"
- c:\windows\system32\svcbqhte.exe
"2007-06-08 12:10:09 C:\WINDOWS\Tasks\yhzuuysq.job"
"2007-05-23 12:49:18 C:\WINDOWS\Tasks\yjqkpygo.job"
"2007-03-16 19:18:07 C:\WINDOWS\Tasks\yniyqvqf.job"
- c:\windows\system32\svcbqhte.exe
"2007-06-08 09:19:14 C:\WINDOWS\Tasks\yophoau.job"
"2007-06-11 10:06:10 C:\WINDOWS\Tasks\youkkxr.job"
"2007-11-02 17:41:51 C:\WINDOWS\Tasks\youpdznh.job"
"2007-03-11 18:43:42 C:\WINDOWS\Tasks\ytjv.job"
"2007-10-07 10:31:22 C:\WINDOWS\Tasks\yusdnih.job"
"2007-06-17 08:22:12 C:\WINDOWS\Tasks\yvtnxvh.job"
"2007-04-14 10:55:36 C:\WINDOWS\Tasks\ywucvyb.job"
- c:\windows\system32\svcbqhte.exe
"2007-03-26 21:23:35 C:\WINDOWS\Tasks\yzprt.job"
"2007-03-24 10:56:49 C:\WINDOWS\Tasks\zamz.job"
"2007-07-10 08:28:30 C:\WINDOWS\Tasks\zcnurhte.job"
"2007-02-19 12:06:52 C:\WINDOWS\Tasks\zdwt.job"
"2007-06-01 11:52:50 C:\WINDOWS\Tasks\zjijer.job"
"2007-08-07 10:42:08 C:\WINDOWS\Tasks\zlxfhq.job"
"2007-02-15 01:34:23 C:\WINDOWS\Tasks\zmcahtyf.job"
"2007-05-13 12:27:01 C:\WINDOWS\Tasks\zmwhb.job"
"2007-09-08 10:21:25 C:\WINDOWS\Tasks\zonxsi.job"
"2007-07-26 09:35:26 C:\WINDOWS\Tasks\ztiig.job"
"2007-02-14 17:48:01 C:\WINDOWS\Tasks\zwld.job"
"2007-03-07 12:09:52 C:\WINDOWS\Tasks\zwly.job"
"2007-06-30 10:18:03 C:\WINDOWS\Tasks\zxkzao.job"
- c:\windows\system32\svcbqhte.exe
"2007-10-08 00:40:53 C:\WINDOWS\Tasks\zycxspka.job"
"2007-02-13 19:34:49 C:\WINDOWS\Tasks\zymaq.job"
"2007-05-25 08:28:16 C:\WINDOWS\Tasks\zzwkmzi.job"
- c:\windows\system32\svcbqhte.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 11:28:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2007-11-12 11:37:53 - machine was rebooted
.
--- E O F ---


e questo è il log fatto subito dopo

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11.44.21, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\BITWARE\NT\bwprnmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\BTTray.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Roper\AIRBLU~1\BTSTAC~1.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\GIANFRANCO\Desktop\programmi antivirus\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {bf0caeea-d170-015b-1a84-d0f9bf0cce04} - {40ecc0fb-9f0d-48a1-b510-071daeeac0fb} - C:\WINDOWS\system32\nwfmxxrh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [a4638241] rundll32.exe "C:\WINDOWS\system32\iftotxkh.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24E17EE2-1056-414F-BB5B-33547465EB1C}: NameServer = 193.12.150.2 212.247.152.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{24E17EE2-1056-414F-BB5B-33547465EB1C}: NameServer = 193.12.150.2 212.247.152.2
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 8625 bytes



aspetto una tua risposta, ciao e grazie per tutto
Salentino76
Utente Junior
 
Post: 99
Iscritto il: 11/12/06 20:02
Località: Lecce

Postdi Luke57 » 12/11/07 12:17

Ciao, scaricA The Avenger
http://swandog46.geekstogo.com/avenger.zip


Poi avvia il file Avenger.exe. (applicazioni chiuse e antivirus disattivato)
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno dello spazio bianco copia ed incolla questo script:


Files to delete:
C:\WINDOWS\system32\iftotxkh.dll
C:\WINDOWS\system32\nwfmxxrh.dll
C:\WINDOWS\system32\ddcdecd.dll
C:\WINDOWS\system32\awtuvut.dll
C:\WINDOWS\system32\mljkhhe.dll
C:\WINDOWS\system32\jkkhedb.dll
C:\WINDOWS\system32\aulmpeqy.dll
c:\windows\system32\svcbqhte.exe

folders to delete:
C:\Windows\temp
C:\Windows\tasks

registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | a4638241

registry keys to delete:
HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40ecc0fb-9f0d-48a1-b510-071daeeac0fb}


Clicca sul pulsante Done
Adesso clicca sul semaforo con la luce verde
Rispondi Yes 2 volte
Il pc si dovrebbe riavviare,se non si riavvia,riavvialo manualmente

Al riavvio collegati e allega il file C:\Avenger.txt
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Salentino76 » 12/11/07 13:54

ciao luke ho fatto come mi hai detto ecco il file txt

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\stcosnnd

*******************

Script file located at: \??\C:\qsefaxsn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\iftotxkh.dll deleted successfully.
File C:\WINDOWS\system32\nwfmxxrh.dll deleted successfully.
File C:\WINDOWS\system32\ddcdecd.dll deleted successfully.
File C:\WINDOWS\system32\awtuvut.dll deleted successfully.
File C:\WINDOWS\system32\mljkhhe.dll deleted successfully.
File C:\WINDOWS\system32\jkkhedb.dll deleted successfully.
File C:\WINDOWS\system32\aulmpeqy.dll deleted successfully.


File c:\windows\system32\svcbqhte.exe not found!
Deletion of file c:\windows\system32\svcbqhte.exe failed!

Could not process line:
c:\windows\system32\svcbqhte.exe
Status: 0xc0000034

Folder C:\Windows\temp deleted successfully.
Folder C:\Windows\tasks deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|a4638241 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40ecc0fb-9f0d-48a1-b510-071daeeac0fb} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40ecc0fb-9f0d-48a1-b510-071daeeac0fb} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.




senti mi puoi dire sinceramente in che condizioni è il mio pc????

e poi mi potresti consigliare un antispyware davvero buono e gratutito, non come l'avg che non trova nulla e mi rallenta tutto, grazie!!!!!
Salentino76
Utente Junior
 
Post: 99
Iscritto il: 11/12/06 20:02
Località: Lecce

Postdi Luke57 » 12/11/07 15:34

Ciao, il computer dovrebbe essere quasi a posto, i files infetti sono stati eliminati. Apri hijackthis, premi "do a system scan only", se trovi questa voce:
O2 - BHO: {bf0caeea-d170-015b-1a84-d0f9bf0cce04} - {40ecc0fb-9f0d-48a1-b510-071daeeac0fb} - C:\WINDOWS\system32\nwfmxxrh.dll (file missing o no file)

spuntala e premi fix checked.
Scarica da qui
http://www.superantispyware.com/downloa ... PYWAREFREE
edizione free. Lo installi, lo aggiorni con check for updates e fai una scansione completa. Per 30 gg. ha anche la funzione real time, poi, una volta aggiornato, è utilissimo per le scansioni.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Salentino76 » 12/11/07 15:43

grazie amico di tutto, se avrò bisogno ti ricontatterò, per quanto riguarda l'antuspyware ho installato spyware terminator, secondo te comè????
Salentino76
Utente Junior
 
Post: 99
Iscritto il: 11/12/06 20:02
Località: Lecce

Postdi Salentino76 » 12/11/07 15:53

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.49.56, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\BITWARE\NT\bwprnmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\BTTray.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Roper\AIRBLU~1\BTSTAC~1.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\GIANFRANCO\Desktop\programmi antivirus\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24E17EE2-1056-414F-BB5B-33547465EB1C}: NameServer = 193.12.150.2 212.247.152.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{24E17EE2-1056-414F-BB5B-33547465EB1C}: NameServer = 193.12.150.2 212.247.152.2
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 8608 bytes


dimenticavo di postarti il nuovo log ciaoooooooo
Salentino76
Utente Junior
 
Post: 99
Iscritto il: 11/12/06 20:02
Località: Lecce

Postdi Salentino76 » 12/11/07 16:25

ciao luke scusami, ma perfala completa ti posto il risultato della scansione fatta con antispyware terminaror, mi sapresti consigliare che devo fare????sinceramente non mi sembra di avere virus, però prima di cancellare questi files vorrei un tuo consiglio:


Threat Name: AdWare.Virtumonde.ahr
Detected Item: C:\Documents and Settings\GIANFRANCO\Desktop\programmi antivirus\backups\backup-20071112-014345-536.dll
Detected Item: C:\Documents and Settings\GIANFRANCO\Desktop\programmi antivirus\backups\backup-20071112-014537-540.dll
Detected Item: C:\Documents and Settings\GIANFRANCO\Desktop\programmi antivirus\backups\backup-20071112-032712-151.dll
Detected Item: C:\Documents and Settings\GIANFRANCO\Desktop\programmi antivirus\backups\backup-20071112-040239-903.dll

Threat Name: Affiliate tracking cookie

Threat Name: Invalid Startup Items
Detected Item: HKCU%5CSOFTWARE%5CMicrosoft%5CWindows%5CCurrentVersion%5CRun BgMonitor%5F{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C%3A%5CProgrammi%5CFile%20comuni%5CAhead%5Clib%5CNMBgMonitor%2Eexe"



ciao e grazie ancora
Salentino76
Utente Junior
 
Post: 99
Iscritto il: 11/12/06 20:02
Località: Lecce

Postdi Luke57 » 12/11/07 17:25

Ciao, cancella pure, sono i backups delle scansioni precedenti.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Salentino76 » 13/11/07 13:41

ciao luke ho provato a cancellare i files critici che spyware terminator mi ha trovato, ma c'è uno che mi dice che è impossibile rimuovere, è questo:


04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} : : C:\Programmi\File comuni\AHEAD\LIB\NMBGMONITOR.EXE

ma di che si tratta??????



Threat Name: Invalid Startup Items
Detected Item: HKCU%5CSOFTWARE%5CMicrosoft%5CWindows%5CCurrentVersion%5CRun BgMonitor%5F{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C%3A%5CProgrammi%5CFile%20comuni%5CAhead%5Clib%5CNMBgMonitor%2Eexe"



può essere un file normale che non debba togliere ma che l'antispyware vede come virus??????insomma fammi sapere ciaooooo
ogni volta che faccio la scasione mi viene fuori!!!!!
Salentino76
Utente Junior
 
Post: 99
Iscritto il: 11/12/06 20:02
Località: Lecce

Postdi Luke57 » 13/11/07 15:16

Ciao, è un file legittimo, appartiene a Nero, lascialo stare.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Salentino76 » 13/11/07 16:54

grazie davvero, sei troppo forte, ma senti un attimo, come faccio a sapere quando l'antispyware mi trova un file secondo lui critico, che poi non lo è????insomma, quindi non è detto che tutti i files critici che trova siano tali!!!!!
Salentino76
Utente Junior
 
Post: 99
Iscritto il: 11/12/06 20:02
Località: Lecce


Torna a Sicurezza e Privacy


Topic correlati a "PROBLEMA SPYWARE":


Chi c’è in linea

Visitano il forum: Nessuno e 47 ospiti