Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Trojan horse downloader!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Trojan horse downloader!

Postdi mic86 » 13/03/08 15:46

Salve a tutti.

Il mio antivirus (AVG) mi ha trovato questo virus: trojan horse downloader.agent.ABOU
Il file infetto è: windows/system32/csrlaknn.exe

L'AVG non mi permette nè di rimuovere il virus, nè di cancellare il file infetto, nè di mettere il virus in quarantena.
Se provo a cancellare il file manualmente il pc mi dice che è impossibile cancellarlo...

sapreste darmi una mano?
grazie..
mic86
Utente Senior
 
Post: 119
Iscritto il: 12/02/07 10:07

Sponsor
 

Re: Trojan horse downloader!

Postdi Opensource » 14/03/08 08:45

ciao
per eliminare il file disabilita prima il ripristino automatico di sistema (importante per la rimoziona di malware),avvia in modalità provvisoria e cancelli da lì il file.
Comunque ti consiglio prima di postare il log di hijackthis!!!!
Avatar utente
Opensource
Utente Senior
 
Post: 684
Iscritto il: 02/11/06 20:45

Re: Trojan horse downloader!

Postdi mic86 » 15/03/08 09:41

Logfile of HijackThis v1.99.1
Scan saved at 9.27.39, on 15/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\h3g\Desktop\iexplore.exe
C:\Documents and Settings\h3g\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [csrlaknn] "c:\windows\system32\csrlaknn.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4685292484
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sera84sera84.spaces.live.com/Pho ... nPUpld.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/download/D ... ctiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3B6569B-CB94-412B-9054-85FD680392BB}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OneCard - C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: MobiLink IILServer - Novatel Wireless, Inc. - C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
O23 - Service: Print Spooler Service (paqsnm0yu) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)




Una domanda: come faccio ad eliminare il ripristino di sistema?
grazie per l'aiuto...
mic86
Utente Senior
 
Post: 119
Iscritto il: 12/02/07 10:07

Re: Trojan horse downloader!

Postdi Luke57 » 15/03/08 09:58

Ciao, fai in ordine queste operazioni, magari stampa la pagina prima di eseguirle:

apri hijackthis, disonnesso da internete e con le applicazioni chiuse, premi "do a system scan only", cerca e spunta le voci seguenti:
O4 - HKLM\..\Run: [csrlaknn] "c:\windows\system32\csrlaknn.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O23 - Service: Print Spooler Service (paqsnm0yu) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)

premi fix checked.
Chiudi il programma.

scarica SDFIX:
http://downloads.andymanchesta.com/Remo ... /SDFix.exe

- Doppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix
- avvia il sistema in modalità provvisoria ( devi andarci premendo ripetutamente il tasto f8 al boot prima che si carichi windows; nella schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette e confermando con invio).
- Apri la cartella SDFix situata in C:\ e fai un doppio click su RunThis.bat per lanciare lo script
- seleziona Y per avviare la pulizia
- Quando te lo chiederà premi un tasto per riavviare(il sistema sarà piu lungo nell'avviarsi perchè lo script eseguirà l'eliminazione dei file trovati)
- Quando apparirà il desktop il tool terminerà il suo lavoro e visualizzerà il messaggio "Finished"
- Premi un tasto per terminare lo script e ricaricare le icone del desktop
- Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt
Copialo e incollalo in una tua prossima risposta, insieme a un nuovo log di hijackthis.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Trojan horse downloader!

Postdi mic86 » 15/03/08 10:05

grazie mille! lo faccio subito.

un'ultima cosa: il link che mi hai dato nn mi fa scaricare il file...mi porta ad una pagina di errore (404)..cosa faccio?
mic86
Utente Senior
 
Post: 119
Iscritto il: 12/02/07 10:07

Re: Trojan horse downloader!

Postdi Luke57 » 15/03/08 10:13

mic86 ha scritto:grazie mille! lo faccio subito.

un'ultima cosa: il link che mi hai dato nn mi fa scaricare il file...mi porta ad una pagina di errore (404)..cosa faccio?

Ciao, scuusami, prova qui:
http://downloads.andymanchesta.com/Remo ... /SDFix.exe
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Trojan horse downloader!

Postdi mic86 » 15/03/08 10:31

SDFix: Version 1.157

Run by h3g on 15/03/2008 at 10.19

Microsoft Windows XP [Versione 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name:
paqsnm0yu

Path:
C:\WINDOWS\system32\j.exe /service

paqsnm0yu - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\autorun.inf - Deleted
C:\WINDOWS\system\smss.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 10:23:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5009f5]
"001060d0cb8d"=hex:09,95,51,a0,69,71,20,aa,dd,32,5d,76,0e,a8,57,6d
"00124759240c"=hex:ec,31,9c,96,d9,eb,01,db,86,c0,ce,71,6d,d8,10,25
"00180f4cea5c"=hex:82,5f,68,11,5b,63,50,36,cf,23,c4,f1,18,61,a3,6f
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0cb8d]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd5009f5]
"001060d0cb8d"=hex:09,95,51,a0,69,71,20,aa,dd,32,5d,76,0e,a8,57,6d
"00124759240c"=hex:ec,31,9c,96,d9,eb,01,db,86,c0,ce,71,6d,d8,10,25
"00180f4cea5c"=hex:82,5f,68,11,5b,63,50,36,cf,23,c4,f1,18,61,a3,6f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d0cb8d]

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\eMule\\emule.exe"="C:\\Programmi\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programmi\\LimeWire\\LimeWire.exe"="C:\\Programmi\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"F:\\LimeWire\\LimeWire.exe"="F:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\86exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\86exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\8exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\8exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\21exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\21exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\55exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\55exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\76exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\76exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\43exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\43exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\37exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\37exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\64exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\64exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\58exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\58exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\27exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\27exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\78exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\78exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\93exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\93exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\71exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\71exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\75exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\75exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\33exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\33exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\84exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\84exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\88exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\88exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\12exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\12exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\13exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\13exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\53exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\53exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\24exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\24exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\70exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\70exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\40exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\40exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\1exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\1exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\59exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\59exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\96exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\96exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\68exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\68exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\52exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\52exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\94exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\94exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\37exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\37exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\22exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\22exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\76exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\76exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\60exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\60exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\71exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\71exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\62exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\62exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\98exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\98exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\14exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\14exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\9exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\9exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\89exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\89exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\14exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\14exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\35exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\35exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\41exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\41exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\43exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\43exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\84exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\84exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\48exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\48exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\53exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\53exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\33exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\33exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\24exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\24exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\10exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\10exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\44exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\44exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\36exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\36exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\13exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\13exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\42exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\42exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\34exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\34exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\67exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\67exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\0exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\0exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\31exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\31exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\29exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\29exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\28exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\28exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\82exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\82exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\35exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\35exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\15exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\15exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\32exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\32exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\7exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\7exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\95exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\95exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\65exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\65exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\57exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\57exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\51exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\51exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\54exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\54exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\81exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\81exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\3exinjs.a9.exe"="C:\\DOCUME~1\\h3g\\IMPOST~1\\Temp\\3exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\6exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\6exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\74exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\74exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\77exinjs.a9.exe"="C:\\DOCUME~1\\Serpe\\IMPOST~1\\Temp\\77exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\WINDOWS\\system32\\mstsc.exe"="C:\\WINDOWS\\system32\\mstsc.exe:*:Enabled:Connessione desktop remoto"
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"="C:\\Programmi\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 19 Aug 2004 60,416 A.SH. --- "C:\Programmi\Outlook Express\msimn.exe"
Sun 27 Jan 2008 643,072 ...H. --- "C:\Documents and Settings\h3g\Dati applicazioni\Microsoft\Word\~WRL1155.tmp"
Sun 27 Jan 2008 629,760 ...H. --- "C:\Documents and Settings\h3g\Dati applicazioni\Microsoft\Word\~WRL2555.tmp"

Finished!















Logfile of HijackThis v1.99.1
Scan saved at 10.29.30, on 15/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programmi\HPQ\IAM\bin\asghost.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\h3g\Desktop\iexplore.exe
C:\Documents and Settings\h3g\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4685292484
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sera84sera84.spaces.live.com/Pho ... nPUpld.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/download/D ... ctiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3B6569B-CB94-412B-9054-85FD680392BB}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OneCard - C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: MobiLink IILServer - Novatel Wireless, Inc. - C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)




fatto..! è tutto apposto?
mic86
Utente Senior
 
Post: 119
Iscritto il: 12/02/07 10:07

Re: Trojan horse downloader!

Postdi Luke57 » 15/03/08 10:33

Ciao,sembra di sì.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Trojan horse downloader!

Postdi mic86 » 15/03/08 10:34

grazie per l'aiuto! :)
mic86
Utente Senior
 
Post: 119
Iscritto il: 12/02/07 10:07


Torna a Sicurezza e Privacy


Topic correlati a "Trojan horse downloader!":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti