Condividi:        

problema redirect HELP

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi andorra24 » 27/03/07 17:08

Fai una scansione con Virit:
http://www.tgsoft.it/files/vnlt6165.exe

e dopo aver fatto la scansione posta un log di hijackthis.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Sponsor
 

Postdi sundek » 28/03/07 05:45

ho fatto la scansione con VirIT ma non ha trovato nulla :( , questo e' lo screenshot della famosa pagina sulla quale finisco sempre redirezionato ogni qualvolta che effettuo una ricerca con Google :aaah

Immagine

questo invece e' il logfile di hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 6.41.02, on 28/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Prevx1\PXAgent.exe
C:\WINDOWS\system32\ASWL2K.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Samsung\Internet Access\Internet Access.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\utente\Documenti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37A3E5E6-FCAE-4827-8C13-7EE958C6FF7A}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{77BAD74C-53E7-4016-B209-00908BC7EC9B}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A18A6F9-58EE-4182-A6D8-85B48508B542}: NameServer = 213.230.155.94 213.230.130.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{AED5289C-C17D-448E-9866-BA70BD43D5C4}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.107 85.255.112.133
O17 - HKLM\System\CS1\Services\Tcpip\..\{37A3E5E6-FCAE-4827-8C13-7EE958C6FF7A}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.107 85.255.112.133
O17 - HKLM\System\CS2\Services\Tcpip\..\{37A3E5E6-FCAE-4827-8C13-7EE958C6FF7A}: NameServer = 85.255.114.107,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.107 85.255.112.133
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Postdi Luke57 » 28/03/07 07:58

Ciao, apri hijackthis, premi "do a system scan only", spunte tutte le voci 017 e premi fix cheked.

Poi scarica SystemScan
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verrà rilasciato in C:\suspectfile il file report.txt.
Vai su:
http://www.easy-share.com
carica il file (premendo Sfoglia e poi il tasto Upload) , ti sarà fornito l'URL per scaricarlo. Incolla in un post tale URL
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi sundek » 28/03/07 13:39

ciao,
hijackthis fatto, mentre per il file report.txt di systemscan non so come fare :oops: , ho provato a caricarlo su diversi siti hosting e non me lo carica bho :x
se xmetti te lo invio con copia incolla per messaggio privato se non lo volete qui
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Postdi Luke57 » 28/03/07 14:09

Ciao, in un post non entra. Riprova a caricarlo
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi sundek » 28/03/07 14:20

me ne sono accorto :cry: mi arrendo lo metto qui(ci provo :P )

systemscan - ver. 2.0.20

Date: 28/03/2007
Time: 9.33.20,37

Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Not Running Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Include hijackthis.log

-------------Users folders -------------

Directory di C:\documents and settings

05/12/2006 19.22 <DIR> All Users
05/12/2006 13.22 <DIR> Default User
14/02/2007 21.39 <DIR> LocalService
14/02/2007 21.39 <DIR> NetworkService
25/03/2007 10.41 <DIR> utente

-------------Recent files (60 days) -------------
NOTE: searched only in C:, C:\WINDOWS, C:\WINDOWS\system32, C:\Programmi\File comuni, C:\WINDOWS\temp



Directory di C:\


27/03/2007 14.04 <DIR> !KillBox
28/03/2007 04.29 <DIR> VEXPLITE
27/03/2007 12.38 <DIR> avenger
28/03/2007 09.33 <DIR> suspectfile
27/03/2007 12.38 <DIR> WINDOWS
23/03/2007 23.39 <DIR> Programmi
27/03/2007 12.36 102 ffeqgbls.txt


Directory di C:\WINDOWS


14/02/2007 21.38 <DIR> $NtUninstallKB904942$
14/02/2007 21.38 <DIR> $NtUninstallKB914440$
29/01/2007 06.57 <DIR> $NtUninstallKB915865$
14/02/2007 21.33 <DIR> $NtUninstallKB925454$(3)
28/03/2007 08.31 <DIR> Temp
22/03/2007 00.02 <DIR> ATK0100
27/03/2007 10.07 <DIR> BDOSCAN8
25/03/2007 18.09 <DIR> system32
14/02/2007 21.38 <DIR> BricoPacks
22/03/2007 00.25 <DIR> Debug
14/02/2007 21.38 <DIR> Registration
28/03/2007 09.33 <DIR> Prefetch
14/02/2007 21.38 <DIR> ie7
16/02/2007 03.17 <DIR> WinSxS
14/02/2007 21.38 <DIR> network diagnostic
22/03/2007 14.25 <DIR> Minidump
28/03/2007 04.29 40.374 ModemLog_SAMSUNG CDMA Modem #3.txt
04/02/2007 08.51 4.166 ModemLog_AC97 SoftV92 Data Fax Modem with SmartCP.txt
14/03/2007 07.01 116 NeroDigital.ini
26/03/2007 03.52 1.062 IE4 Error Log.txt
27/03/2007 08.08 250 gmer.ini
27/03/2007 07.36 528.446 gmer.dll
28/03/2007 07.45 32.276 SchedLgU.Txt
27/03/2007 09.03 9.740 setupapi.log
24/03/2007 04.32 0 Sti_Trace.log
28/03/2007 04.27 227 system.ini
28/03/2007 04.29 0 0.log
24/03/2007 12.01 216 wiadebug.log
24/03/2007 04.32 50 wiaservc.log
28/03/2007 04.27 637 win.ini
28/03/2007 04.29 1.732.351 WindowsUpdate.log


Directory di C:\WINDOWS\system32


14/02/2007 21.38 <DIR> wbem
28/03/2007 04.17 <DIR> drivers
28/03/2007 04.29 <DIR> config
27/03/2007 09.03 <DIR> CatRoot2
15/02/2007 17.53 <DIR> CatRoot
22/03/2007 00.02 <DIR> bak
22/03/2007 01.29 2.934 CONFIG.NT
27/03/2007 07.20 248.696 FNTCACHE.DAT
15/02/2007 19.01 1.476.992 LegitCheckControl.dll
07/03/2007 22.36 12.619.736 MRT.exe
25/03/2007 18.09 41.170 perfc009.dat
25/03/2007 18.09 48.988 perfc010.dat
25/03/2007 18.09 314.842 perfh009.dat
25/03/2007 18.09 348.476 perfh010.dat
25/03/2007 18.09 759.504 PerfStringBackup.INI
29/01/2007 10.58 60.416 tzchange.exe
16/02/2007 03.17 122.268 TZLog.log
15/02/2007 19.00 236.928 WgaLogon.dll
15/02/2007 19.01 337.280 WgaTray.exe
28/03/2007 04.29 2.278 wpa.dbl


Directory di C:\Programmi\File comuni




Directory di C:\WINDOWS\temp


28/03/2007 09.32 <DIR> _avast4_
28/03/2007 04.29 255 WGAErrLog.txt
28/03/2007 04.29 409 WGANotify.settings



-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

[run]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

[run]

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------

[Windows]
"AppInit_DLLs"=""

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"Shell"="Explorer.exe"
"System"="kdhxf.exe"
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"forceunlocklogon"=dword:00000000
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"Background"="0 0 0"
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Senza fili"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Script"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"iedkcs32.dll"
@="Personalizzazione Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installazione software"
"DllName"=expand:"appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="Protezione IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\!SASWinLogon]
"DllName"="C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"

[Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"
"Event"=dword:00000000
"EulaAccepted"=dword:00000001

[Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,44,09,ac,33,71,93,5a,42,ad,d9,ab,97,6e,57,3b,09,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,d4,46,01,13,49,a2,14,e5,\
61,a9,00,ec,97,41,a5,6b,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,0e,\
c6,52,5e,73,85,e6,12,5f,ee,29,e2,5b,dc,63,1c,b0,01,00,00,d2,a4,2d,26,ec,46,\
96,72,b5,cb,18,8c,73,93,62,67,ea,fe,80,af,18,6b,06,5c,f7,fb,77,23,f8,cd,d2,\
ae,f5,e3,e9,e1,94,1f,13,45,2b,8f,56,62,1c,9e,27,fb,0a,63,b1,34,ba,68,7a,ac,\
b5,83,b5,7a,cd,84,27,ed,a2,a7,76,a7,20,3c,8c,e5,4d,ea,2a,3a,cc,0d,50,34,5e,\
22,a7,09,53,23,0a,6b,c6,3a,c9,32,ee,6d,35,02,ad,66,9d,38,5c,1d,23,1b,9b,c4,\
17,ee,92,2b,68,00,2f,49,7f,84,5c,ab,e3,f9,2b,b3,31,2d,f6,86,a3,24,72,4e,f3,\
5d,5e,9d,4c,0e,15,e4,93,29,bd,59,8e,a2,5f,8e,13,1c,e5,bd,f6,19,20,a3,61,cd,\
ee,54,2e,a6,45,fd,63,a4,4f,6d,72,66,c5,5d,4c,1b,f3,5d,58,9d,38,62,e9,09,9c,\
a1,4a,8c,93,b5,16,4a,51,80,ae,96,ea,95,20,4d,59,c9,3d,ed,b9,04,4d,cb,fa,de,\
13,68,31,93,6b,96,2f,6b,25,ca,b5,c4,9d,c7,f3,16,a5,f7,9d,a9,07,ca,40,d2,63,\
21,4e,c2,dd,47,a9,bb,d3,ec,67,fd,7a,72,8d,e4,97,e0,4a,7b,08,40,e5,3e,9f,af,\
74,a3,15,21,42,1f,eb,51,a5,54,60,31,4b,bb,fd,82,65,35,f0,70,ae,f2,9f,bf,eb,\
78,f7,34,39,9c,25,8a,bb,9e,b5,7a,61,53,47,2f,f0,57,d4,8a,c0,f1,3f,57,45,4b,\
99,7f,e7,14,60,39,fb,f5,88,fa,14,33,47,6b,3c,a1,d9,17,2b,85,2e,fa,10,a6,5b,\
c6,b9,7f,75,8b,1e,6d,a9,ac,37,41,69,0c,bc,f8,d5,b3,bc,c5,e6,38,8f,54,e9,91,\
7a,61,de,49,ba,56,f1,10,61,0a,f0,b4,c8,f2,c7,27,ae,d6,ce,6b,77,93,be,4d,99,\
b8,99,be,0a,81,21,cf,b3,54,ec,fc,82,91,57,07,9c,c0,a0,5e,aa,c3,de,ba,1b,b0,\
46,ea,c8,06,7c,32,91,8f,e7,5f,be,b5,87,24,83,84,84,54,69,87,36,2b,b8,cd,12,\
3f,14,00,00,00,87,ea,4d,1a,33,5e,f1,88,e8,e5,87,5a,2f,d7,e3,b1,2d,11,ea,d7

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp;Impostazioni locali\Dati applicazioni\Microsoft\Outlook"
"BuildNumber"=dword:00000a28
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Postdi sundek » 28/03/07 14:22

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe"
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE"

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

[RunOnceEx]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

[RunServices]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

[RunServicesOnce]

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""

[Browser Helper Objects\{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}]
#### HKCR\CLSID\{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}\InprocServer32 @="C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll"
@="Malicious Scripts Scanner"

-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\Shdocvw.dll"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
#### HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\InprocServer32 @="C:\Programmi\SUPERAntiSpyware\SASSEH.DLL"

-------------HKLM\SYSTEM\ControlSet001\Control\Lsa-------------

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"LsaPid"=dword:00000340
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="143309ed"
"Pattern"=hex:9d,c2,f1,a8,59,e9,02,00,f7,9f,f0,b2,f0,98,a3,4a,31,34,33,33,30,\
39,65,64,00,fd,07,00,86,05,00,00,34,fa,07,00,56,82,47,75,20,fa,07,00,40,fd,\
07,00,4c,fd,07,00,09,56,74,01,e4,69,33,52,e2,ed,95,14

[Lsa\GBG]
@Class="09693ee4"
"GrafBlumGroup"=hex:9a,2f,33,30,16,ba,40,d8,c1

[Lsa\JD]
@Class="e2950152"
"Lookup"=hex:12,0e,7a,6e,1a,9e

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="7456ed25"
"SkewMatrix"=hex:c5,d2,3f,eb,c3,78,c5,5c,c6,64,28,f4,cb,56,fd,3a

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:86,a0,52,18,60,18,c7,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"RpcId"=dword:0000ffff
"Time"=hex:00,20,e7,d4,f0,3d,c6,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"RpcId"=dword:00000011
"Time"=hex:00,20,e7,d4,f0,3d,c6,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"RpcId"=dword:00000012
"Time"=hex:00,20,e7,d4,f0,3d,c6,01
"Type"=dword:00000031

-------------HKLM\SYSTEM\ControlSet001\Services\SharedAccess-------------

[SharedAccess]
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00000983

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe"="C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Programmi\Yahoo!\Messenger\YServer.exe"="C:\Programmi\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-------------HKLM\Software\Microsoft\Ole-------------

[Ole]
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------

@="\"%1\" /S"

-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------

@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\Browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\Browseui.dll"

-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
#### HKCR\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\InprocServer32 @="C:\Programmi\Yahoo!\Common\yinsthelper.dll"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Programmi\Java\jre1.5.0\bin\regutils.dll"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@=""
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
#### HKCR\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\InprocServer32 @="C:\Programmi\Yahoo!\Common\yinsthelper.dll"

[Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
#### HKCR\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\InprocServer32 @="C:\Programmi\Yahoo!\Common\yinsthelper.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Modulo ricerca non in linea"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Guida di Internet Explorer"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Strumenti di installazione di Internet Explorer"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
@="Miglioramenti sfoglia"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="Accesso sito MSN"
"ComponentID"="MSN_Auth"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Binding dati Dynamic HTML"
"ComponentID"="Tridata"

[Installed Components\{A17E30C4-A9BA-11D4-8673-60DB54C10000}]
#### HKCR\CLSID\{A17E30C4-A9BA-11D4-8673-60DB54C10000}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\ymmapi.dll"

[Installed Components\{AA218328-0EA8-4D70-8972-E987A9190FF4}]
#### HKCR\CLSID\{AA218328-0EA8-4D70-8972-E987A9190FF4}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\ymmapi.dll"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Font principali di Internet Explorer"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@="Adobe Flash Player 9 ActiveX"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="Guida HTML"
"ComponentID"="HTMLHelp"

[Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
"ComponentID"="Yahoo! Messenger"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Postdi sundek » 28/03/07 14:29

-------------Comparing registry keys CCS1 vs CCS2 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {7A18A6F9-58EE-4182-A6D8-85B48508B542} REG_BINARY 0F0000000000000000000000000000000AD30946F90000000000000000000000000000000AD30946010000000000000000000000000000000AD309462B0000000000000000000000000000000AD309462C0000000000000000000000000000000AD30946060000000000000000000000000000000AD30946
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {7A18A6F9-58EE-4182-A6D8-85B48508B542} REG_BINARY 0F0000000000000000000000000000001DC40946F90000000000000000000000000000001DC40946010000000000000000000000000000001DC409462B0000000000000000000000000000001DC409462C0000000000000000000000000000001DC40946060000000000000000000000000000001DC40946
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBT\Parameters\Interfaces\Tcpip_{7A18A6F9-58EE-4182-A6D8-85B48508B542} NetbiosOptions REG_DWORD 2 (0x2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 2435 (0x983)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 2430 (0x97E)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SysmonLog\Parameters
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{77BAD74C-53E7-4016-B209-00908BC7EC9B} NameServer REG_SZ 85.255.114.107,85.255.112.133
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{7A18A6F9-58EE-4182-A6D8-85B48508B542} NTEContextList REG_MULTI_SZ 0x00000004\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{7A18A6F9-58EE-4182-A6D8-85B48508B542} NTEContextList REG_MULTI_SZ \0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{7A18A6F9-58EE-4182-A6D8-85B48508B542} DhcpIPAddress REG_SZ 217.201.134.231
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{7A18A6F9-58EE-4182-A6D8-85B48508B542} DhcpIPAddress REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{7A18A6F9-58EE-4182-A6D8-85B48508B542} DhcpSubnetMask REG_SZ 255.255.255.255
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{7A18A6F9-58EE-4182-A6D8-85B48508B542} DhcpSubnetMask REG_SZ 0.0.0.0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{7A18A6F9-58EE-4182-A6D8-85B48508B542} NameServer REG_SZ
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{AED5289C-C17D-448E-9866-BA70BD43D5C4} NameServer REG_SZ 85.255.114.107,85.255.112.133

Result compared: Different


-------------Comparing registry keys CCS1 vs CCS3 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


-------------List of running services -------------



000) "Alerter" - Avvisi
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

001) "ALG" - Servizio Gateway di livello applicazione
---> FILE = C:\WINDOWS\System32\alg.exe

002) "ASWLSVC" - ASWLSVC
---> FILE = C:\WINDOWS\system32\ASWLSVC.exe

003) "aswUpdSv" - avast! iAVS4 Control Service
---> FILE = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"

004) "Ati HotKey Poller" - Ati HotKey Poller
---> FILE = C:\WINDOWS\system32\Ati2evxx.exe

005) "AudioSrv" - Audio Windows
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

006) "avast! Antivirus" - avast! Antivirus
---> FILE = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"

007) "BITS" - Servizio trasferimento intelligente in background
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

008) "CryptSvc" - Servizi di crittografia
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

009) "DcomLaunch" - Utilità di avvio processo server DCOM
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch

010) "Dhcp" - Client DHCP
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

011) "dmserver" - Gestione dischi logici
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

012) "Dnscache" - Client DNS
---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService

013) "ERSvc" - Servizio di segnalazione errori
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

014) "Eventlog" - Registro eventi
---> FILE = C:\WINDOWS\system32\services.exe

015) "EventSystem" - Sistema di eventi COM+
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

016) "ewido anti-spyware 4.0 guard" - ewido anti-spyware 4.0 guard
---> FILE = C:\Programmi\ewido anti-spyware 4.0\guard.exe

017) "FastUserSwitchingCompatibility" - Compatibilità di Cambio rapido utente
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

018) "helpsvc" - Guida in linea e supporto tecnico
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

019) "Irmon" - Monitor infrarossi
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

020) "lanmanserver" - Server
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

021) "lanmanworkstation" - Workstation
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

022) "LmHosts" - Helper NetBIOS di TCP/IP
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

023) "MDM" - Machine Debug Manager
---> FILE = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"

024) "Netman" - Connessioni di rete
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

025) "Nla" - NLA (Network Location Awareness)
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

026) "PlugPlay" - Plug and Play
---> FILE = C:\WINDOWS\system32\services.exe

027) "PolicyAgent" - Servizi IPSEC
---> FILE = C:\WINDOWS\system32\lsass.exe

028) "PREVXAgent" - Prevx Agent
---> FILE = "C:\Programmi\Prevx1\PXAgent.exe" -f

029) "ProtectedStorage" - Archiviazione protetta
---> FILE = C:\WINDOWS\system32\lsass.exe

030) "RasMan" - Connection Manager di Accesso remoto
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

031) "RemoteRegistry" - Registro di sistema remoto
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

032) "RpcSs" - RPC (Remote Procedure Call)
---> FILE = C:\WINDOWS\system32\svchost -k rpcss

033) "SamSs" - Gestione account di protezione (SAM)
---> FILE = C:\WINDOWS\system32\lsass.exe

034) "Schedule" - Utilità di pianificazione
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

035) "seclogon" - Accesso secondario
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

036) "SENS" - Notifica eventi di sistema
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

037) "SharedAccess" - Windows Firewall / Condivisione connessione Internet (ICS)
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

038) "ShellHWDetection" - Rilevamento hardware shell
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Postdi sundek » 28/03/07 14:32

039) "Spooler" - Spooler di stampa
---> FILE = C:\WINDOWS\system32\spoolsv.exe

040) "srservice" - Servizio Ripristino configurazione di sistema
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

041) "SSDPSRV" - Servizio di rilevamento SSDP
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

042) "TapiSrv" - Telefonia
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

043) "TermService" - Servizi terminal
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch

044) "Themes" - Temi
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

045) "TrkWks" - Manutenzione collegamenti distribuiti client
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

046) "UMWdf" - Windows User Mode Driver Framework
---> FILE = C:\WINDOWS\system32\wdfmgr.exe

047) "viritsvclite" - Virit eXplorer Lite
---> FILE = C:\VEXPLITE\viritsvc.exe

048) "W32Time" - Ora di Windows
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

049) "WebClient" - WebClient
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

050) "winmgmt" - Strumentazione gestione Windows
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

051) "wscsvc" - Centro sicurezza PC
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

052) "wuauserv" - Aggiornamenti automatici
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

053) "WZCSVC" - Zero Configuration reti senza fili
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs


..:: BOOT REGISTRY ::..

0) "HControl"
---> CMD = C:\WINDOWS\ATK0100\HControl.exe
---> FILE = C:\WINDOWS\ATK0100\HControl.exe

1) "avast!"
---> CMD = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---> FILE = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

2) "VIRIT LITE MONITOR"
---> CMD = C:\VEXPLITE\MONLITE.EXE
---> FILE = C:\VEXPLITE\MONLITE.EXE


-------------List of NOT running services -------------

000) "AppMgmt" - Gestione applicazione
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

001) "avast! Mail Scanner" - avast! Mail Scanner
---> FILE = "C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service

002) "avast! Web Scanner" - avast! Web Scanner
---> FILE = "C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service

003) "Browser" - Browser di computer
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

004) "CiSvc" - Servizio di indicizzazione
---> FILE = C:\WINDOWS\system32\cisvc.exe

005) "ClipSrv" - ClipBook
---> FILE = C:\WINDOWS\system32\clipsrv.exe

006) "COMSysApp" - Applicazione di sistema COM+
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

007) "dmadmin" - Servizio amministrativo di Gestione disco logico
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com

008) "HidServ" - Accesso periferica Human Interface
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

009) "HTTPFilter" - SSL HTTP
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter

010) "ImapiService" - Servizio COM di masterizzazione CD IMAPI
---> FILE = C:\WINDOWS\system32\imapi.exe

011) "Messenger" - Messenger
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

012) "mnmsrvc" - Condivisione desktop remoto di NetMeeting
---> FILE = C:\WINDOWS\system32\mnmsrvc.exe

013) "MSDTC" - Distributed Transaction Coordinator
---> FILE = C:\WINDOWS\system32\msdtc.exe

014) "MSIServer" - Windows Installer
---> FILE = C:\WINDOWS\system32\msiexec.exe /V

015) "NetDDE" - DDE di rete
---> FILE = C:\WINDOWS\system32\netdde.exe

016) "NetDDEdsdm" - DDE DSDM di rete
---> FILE = C:\WINDOWS\system32\netdde.exe

017) "Netlogon" - Accesso rete
---> FILE = C:\WINDOWS\system32\lsass.exe

018) "NtLmSsp" - Provider supporto protezione LM NT
---> FILE = C:\WINDOWS\system32\lsass.exe

019) "NtmsSvc" - Archivi rimovibili
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

020) "ose" - Office Source Engine
---> FILE = "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"

021) "RasAuto" - Auto Connection Manager di Accesso remoto
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

022) "RDSessMgr" - Gestione sessione di assistenza mediante desktop remoto
---> FILE = C:\WINDOWS\system32\sessmgr.exe

023) "RemoteAccess" - Routing e Accesso remoto
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

024) "RpcLocator" - RPC Locator
---> FILE = C:\WINDOWS\system32\locator.exe

025) "RSVP" - QoS RSVP
---> FILE = C:\WINDOWS\system32\rsvp.exe

026) "SCardSvr" - smart card
---> FILE = C:\WINDOWS\System32\SCardSvr.exe

027) "stisvc" - Acquisizione di immagini di Windows (WIA)
---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc

028) "SwPrv" - MS Software Shadow Copy Provider
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{50B99419-9B9A-4B2C-A86A-56875626B9E3}

029) "SysmonLog" - Avvisi e registri di prestazioni
---> FILE = C:\WINDOWS\system32\smlogsvc.exe

030) "TlntSvr" - Telnet
---> FILE = C:\WINDOWS\system32\tlntsvr.exe

031) "upnphost" - Host di periferiche Plug and Play universali
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

032) "UPS" - Gruppo di continuità
---> FILE = C:\WINDOWS\System32\ups.exe

033) "VSS" - Copia replicata del volume
---> FILE = C:\WINDOWS\System32\vssvc.exe

034) "WmdmPmSN" - Servizio Numero di serie per dispositivi multimediali portatili
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

035) "Wmi" - Estensioni driver di Strumentazione gestione Windows
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

036) "WmiApSrv" - Scheda WMI Performance
---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe

037) "xmlprov" - Servizio Provisioning di rete
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

-------------Svchost Instances-------------
### HTTPFilter:
HTTPFilter
C:\WINDOWS\System32\w3ssl.dll

### LocalService:
Alerter
C:\WINDOWS\system32\alrsvc.dll

WebClient
C:\WINDOWS\System32\webclnt.dll

LmHosts
C:\WINDOWS\System32\lmhsvc.dll

RemoteRegistry
C:\WINDOWS\system32\regsvc.dll

upnphost
C:\WINDOWS\System32\upnphost.dll

SSDPSRV
C:\WINDOWS\System32\ssdpsrv.dll

### NetworkService:
DnsCache
C:\WINDOWS\System32\dnsrslvr.dll

### netsvcs:
6to4
No File Listed

AppMgmt
C:\WINDOWS\System32\appmgmts.dll

AudioSrv
C:\WINDOWS\System32\audiosrv.dll

Browser
C:\WINDOWS\System32\browser.dll

CryptSvc
C:\WINDOWS\System32\cryptsvc.dll

DMServer
C:\WINDOWS\System32\dmserver.dll

DHCP
C:\WINDOWS\System32\dhcpcsvc.dll

ERSvc
C:\WINDOWS\System32\ersvc.dll

EventSystem
C:\WINDOWS\system32\es.dll

FastUserSwitchingCompatibility

HidServ
No File Listed

No File Listed

Iprip
No File Listed

Irmon
C:\WINDOWS\System32\irmon.dll

LanmanServer
C:\WINDOWS\System32\srvsvc.dll

LanmanWorkstation
C:\WINDOWS\System32\wkssvc.dll

Messenger
C:\WINDOWS\System32\msgsvc.dll

Netman
C:\WINDOWS\System32\netman.dll

C:\WINDOWS\System32\mswsock.dll

Ntmssvc
C:\WINDOWS\system32\ntmssvc.dll

NWCWorkstation
No File Listed

Nwsapagent
No File Listed

Rasauto
C:\WINDOWS\System32\rasauto.dll

Rasman
C:\WINDOWS\System32\rasmans.dll

Remoteaccess
C:\WINDOWS\System32\mprdim.dll

Schedule
C:\WINDOWS\system32\schedsvc.dll

Seclogon
C:\WINDOWS\System32\seclogon.dll

C:\WINDOWS\system32\sens.dll

Sharedaccess
C:\WINDOWS\System32\ipnathlp.dll

SRService
C:\WINDOWS\system32\srsvc.dll

Tapisrv
C:\WINDOWS\System32\tapisrv.dll

Themes

TrkWks
C:\WINDOWS\system32\trkwks.dll

W32Time
C:\WINDOWS\system32\w32time.dll

WZCSVC
C:\WINDOWS\System32\wzcsvc.dll


WmdmPmSp
No File Listed

winmgmt
C:\WINDOWS\system32\wbem\WMIsvc.dll

wscsvc
C:\WINDOWS\system32\wscsvc.dll

xmlprov
C:\WINDOWS\System32\xmlprov.dll

BITS
C:\WINDOWS\system32\qmgr.dll

wuauserv
C:\WINDOWS\system32\wuauserv.dll

ShellHWDetection

helpsvc
C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

WmdmPmSN
C:\WINDOWS\system32\MsPMSNSv.dll

### DcomLaunch:
DcomLaunch
C:\WINDOWS\system32\rpcss.dll

TermService
C:\WINDOWS\System32\termsrv.dll

### rpcss:
RpcSs
C:\WINDOWS\system32\rpcss.dll

### imgsvc:
StiSvc
C:\WINDOWS\system32\wiaservc.dll

### termsvcs:
TermService
C:\WINDOWS\System32\termsrv.dll


-------------loaded Dlls -------------
NOTE: already known legit dlls are not shown

------------------------------------------------------------------------------
System pid: 4
Command line: <no command line>

------------------------------------------------------------------------------
smss.exe pid: 696
Command line: \SystemRoot\System32\smss.exe


------------------------------------------------------------------------------
csrss.exe pid: 752
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75af0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll
0x75b00000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\basesrv.dll
0x75b10000 0x4a000 5.01.2600.2751 C:\WINDOWS\system32\winsrv.dll
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Postdi sundek » 28/03/07 14:35

winlogon.exe pid: 776
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x77690000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x47000 1.00.0000.1030 C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
0x012b0000 0x18000 6.14.0010.4107 C:\WINDOWS\system32\Ati2evxx.dll
0x014c0000 0x3b000 1.07.0017.0000 C:\WINDOWS\system32\WgaLogon.dll
0x74e80000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemprox.dll
0x75220000 0x37000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemcomn.dll
0x74e60000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x75630000 0x76000 5.01.2600.2180 C:\WINDOWS\system32\wbem\fastprox.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76760000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll

------------------------------------------------------------------------------
services.exe pid: 820
Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path
0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe
0x77b40000 0x53000 5.01.2600.2180 C:\WINDOWS\system32\SCESRV.dll
0x77690000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x7dbb0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll
0x5fbb0000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x772d0000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\eventlog.dll

------------------------------------------------------------------------------
lsass.exe pid: 832
Command line: C:\WINDOWS\system32\lsass.exe

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe
0x753e0000 0xb5000 5.01.2600.2976 C:\WINDOWS\system32\LSASRV.dll
0x76760000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x743d0000 0x6e000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll
0x76750000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll
0x71c80000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x74440000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll
0x76780000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\w32time.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767b0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x74300000 0xf000 5.01.2600.2180 C:\WINDOWS\system32\wdigest.dll
0x74390000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\scecli.dll
0x74360000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\ipsecsvc.dll
0x77690000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x756d0000 0xce000 5.01.2600.2180 C:\WINDOWS\system32\oakley.DLL
0x742f0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\WINIPSEC.DLL
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
0x74320000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll
0x74340000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll

------------------------------------------------------------------------------
ati2evxx.exe pid: 1020
Command line: C:\WINDOWS\system32\Ati2evxx.exe

Base Size Version Path
0x00400000 0x69000 6.14.0010.4107 C:\WINDOWS\system32\Ati2evxx.exe
0x00bb0000 0xc000 6.14.0010.2495 C:\WINDOWS\system32\Ati2edxx.dll
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
svchost.exe pid: 1036
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76a40000 0x63000 5.01.2600.2726 c:\windows\system32\rpcss.dll
0x766c0000 0x54000 5.01.2600.2180 c:\windows\system32\termsrv.dll
0x74f00000 0x6000 5.01.2600.2180 c:\windows\system32\ICAAPI.dll
0x77690000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x750a0000 0x1f000 5.01.2600.2180 c:\windows\system32\mstlsapi.dll
0x76ae0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL

------------------------------------------------------------------------------
svchost.exe pid: 1096
Command line: C:\WINDOWS\system32\svchost -k rpcss

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76a40000 0x63000 5.01.2600.2726 c:\windows\system32\rpcss.dll
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76f70000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76f80000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll

------------------------------------------------------------------------------
svchost.exe pid: 1140
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76d40000 0x1e000 5.01.2600.2912 c:\windows\system32\dhcpcsvc.dll
0x76ee0000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x663e0000 0xc000 5.01.2600.2180 c:\windows\system32\irmon.dll
0x775f0000 0x6e000 5.01.2600.2180 c:\windows\system32\wzcsvc.dll
0x76cf0000 0x4000 5.01.2600.2180 c:\windows\system32\WMI.dll
0x5e270000 0x10f000 5.01.2600.2780 c:\windows\system32\ESENT.dll
0x76ae0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x59100000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\wshirda.dll
0x76b90000 0x1f000 5.01.2600.2180 C:\WINDOWS\System32\rastls.dll
0x76890000 0x83000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x76e50000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\rasman.dll
0x76e70000 0x2f000 5.01.2600.2180 C:\WINDOWS\System32\TAPI32.dll
0x767b0000 0x27000 5.01.2600.2180 C:\WINDOWS\System32\SCHANNEL.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\System32\MSVCP60.dll
0x72fa0000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\WZCSAPI.DLL
0x76ca0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\raschap.dll
0x76840000 0x33000 5.01.2600.2180 c:\windows\system32\schedsvc.dll
0x76760000 0x13000 5.01.2600.2180 c:\windows\system32\NTDSAPI.dll
0x74ee0000 0x5000 6.00.2900.2180 C:\WINDOWS\System32\MSIDLE.DLL
0x70de0000 0xd000 5.01.2600.2180 c:\windows\system32\audiosrv.dll
0x76e00000 0x23000 5.01.2600.2976 c:\windows\system32\wkssvc.dll
0x6ff20000 0x64000 6.06.2600.2180 c:\windows\system32\qmgr.dll
0x76740000 0x9000 6.00.2900.2180 c:\windows\system32\SHFOLDER.dll
0x4d530000 0x58000 5.01.2600.2180 c:\windows\system32\WINHTTP.dll
0x76cd0000 0x12000 5.01.2600.2180 c:\windows\system32\cryptsvc.dll
0x76b30000 0x32000 5.01.2600.2180 c:\windows\system32\certcli.dll
0x74f10000 0x9000 5.01.2600.2180 c:\windows\system32\ersvc.dll
0x74f20000 0x9000 2600.2180.0503.0000 c:\windows\system32\dmserver.dll
0x776e0000 0x41000 2001.12.4414.0308 c:\windows\system32\es.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x74ed0000 0xc000 5.01.2600.2180 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x75020000 0x1a000 5.01.2600.2577 c:\windows\system32\srvsvc.dll
0x77cd0000 0x33000 5.01.2600.2743 c:\windows\system32\netman.dll
0x763b0000 0x1a9000 5.01.2600.2180 c:\windows\system32\netshell.dll
0x76bc0000 0x2e000 5.01.2600.2180 c:\windows\system32\credui.dll
0x73c90000 0x8000 5.01.2600.2180 c:\windows\system32\seclogon.dll
0x75130000 0x2e000 5.01.2600.2180 c:\windows\system32\srsvc.dll
0x74a60000 0x8000 6.00.2900.2180 c:\windows\system32\POWRPROF.dll
0x75000000 0x19000 5.01.2600.2180 c:\windows\system32\trkwks.dll
0x72260000 0xd000 5.01.2600.2180 c:\windows\system32\sens.dll
0x76780000 0x2d000 5.01.2600.2180 c:\windows\system32\w32time.dll
0x4f120000 0x28000 5.01.2600.2180 c:\windows\system32\wbem\wmisvc.dll
0x75370000 0x6d000 5.01.2600.2180 C:\WINDOWS\system32\VSSAPI.DLL
0x772f0000 0x15000 5.01.2600.2180 c:\windows\system32\browser.dll
0x4c0e0000 0x17000 5.01.2600.2180 c:\windows\system32\wscsvc.dll
0x50000000 0x5000 5.04.3790.2180 c:\windows\system32\wuauserv.dll
0x75220000 0x37000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemcomn.dll
0x66910000 0x56000 5.01.2600.2180 c:\windows\system32\ipnathlp.dll
0x77690000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x50040000 0x14a000 5.08.0000.2469 C:\WINDOWS\system32\wuaueng.dll
0x751f0000 0x29000 6.00.2900.2180 C:\WINDOWS\System32\ADVPACK.dll
0x750e0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\Cabinet.dll
0x604f0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\mspatcha.dll
0x76630000 0x85000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\wbemcore.dll
0x752a0000 0x3f000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\esscli.dll
0x75630000 0x76000 5.01.2600.2180 C:\WINDOWS\System32\Wbem\FastProx.dll
0x760a0000 0x13c000 2001.12.4414.0308 C:\WINDOWS\system32\comsvcs.dll
0x750c0000 0x14000 2001.12.4414.0308 C:\WINDOWS\system32\colbact.DLL
0x75080000 0x13000 2001.12.4414.0311 C:\WINDOWS\system32\MTXCLU.DLL
0x76d60000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\CLUSAPI.DLL
0x75040000 0x12000 5.01.2600.2180 C:\WINDOWS\System32\RESUTILS.DLL
0x74fb0000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wmiutils.dll
0x75190000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\wbem\repdrvfs.dll
0x59bd0000 0x6d000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wmiprvsd.dll
0x5fbb0000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x75320000 0x46000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemess.dll
0x76f80000 0x6000 5.01.2600.2938 C:\WINDOWS\System32\rasadhlp.dll
0x5fb80000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\wbem\ncprov.dll
0x75590000 0x9c000 5.01.2600.2180 C:\WINDOWS\system32\netcfgx.dll
0x7dee0000 0x31000 5.01.2600.2936 C:\WINDOWS\System32\rasmans.dll
0x742f0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\WINIPSEC.DLL
0x73350000 0x40000 5.01.2600.2716 c:\windows\system32\tapisrv.dll
0x75ef0000 0x11000 5.01.2600.2180 C:\WINDOWS\System32\rastapi.dll
0x58080000 0x36000 5.01.2600.2180 C:\WINDOWS\System32\unimdm.tsp
0x71f90000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\uniplat.dll
0x5b480000 0x16000 5.01.2600.2180 C:\WINDOWS\System32\unimdmat.dll
0x58100000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\kmddsp.tsp
0x580e0000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\ndptsp.tsp
0x58110000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\ipconf.tsp
0x58130000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\h323.tsp
0x58120000 0xa000 5.01.2600.2180 C:\WINDOWS\System32\hidphone.tsp
0x68dd0000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\HID.DLL
0x721d0000 0x35000 5.01.2600.2180 C:\WINDOWS\System32\rasppp.dll
0x72420000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\ntlsapi.dll
0x71c80000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x76750000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\cryptdll.dll
0x76da0000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\upnp.dll
0x74e90000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\SSDPAPI.dll
0x754e0000 0xa8000 5.01.2600.2180 C:\WINDOWS\System32\RASDLG.dll
0x50640000 0xc000 5.08.0000.2469 C:\WINDOWS\system32\wups.dll
0x75d50000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\mlang.dll
0x4cbd0000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\xmlprovi.dll
0x74e60000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x5e200000 0x9000 6.06.2600.2180 C:\WINDOWS\system32\qmgrprxy.dllsvchost.exe pid: 1244
Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76730000 0xd000 5.01.2600.2180 c:\windows\system32\dnsrslvr.dll
0x76ee0000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------
svchost.exe pid: 1300
Command line: C:\WINDOWS\system32\svchost.exe -k LocalService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74bd0000 0x6000 5.01.2600.2180 c:\windows\system32\lmhsvc.dll
0x5aae0000 0x15000 5.01.2600.2821 c:\windows\system32\webclnt.dll
0x70ff0000 0x8000 5.01.2600.2180 c:\windows\system32\alrsvc.dll
0x76ab0000 0x12000 5.01.2600.2180 c:\windows\system32\regsvc.dll
0x76920000 0x14000 5.01.2600.2180 c:\windows\system32\ssdpsrv.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------
spoolsv.exe pid: 1632
Command line: C:\WINDOWS\system32\spoolsv.exe

Base Size Version Path
0x01000000 0x10000 5.01.2600.2696 C:\WINDOWS\system32\spoolsv.exe
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76f80000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x75b60000 0x57000 5.01.2600.2180 C:\WINDOWS\system32\localspl.dll
0x74210000 0xf000 0.03.0000.0000 C:\WINDOWS\system32\cnbjmon.dll
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x00970000 0x8000 0.03.1897.0000 C:\WINDOWS\system32\mdimon.dll
0x00980000 0x8000 0.03.1897.0000 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
0x76f70000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76210000 0x23000 5.01.2600.2180 C:\WINDOWS\system32\win32spl.dll
0x71c10000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\NETRAP.dll
0x76760000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x74280000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\inetpp.dll
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Postdi sundek » 28/03/07 14:36

------------------------------------------------------------------------------
ASWLSVC.exe pid: 1732
Command line: C:\WINDOWS\system32\ASWLSVC.exe

Base Size Version Path
0x00400000 0x83000 C:\WINDOWS\system32\ASWLSVC.exe
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
aswUpdSv.exe pid: 1776
Command line: "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"

Base Size Version Path
0x00400000 0xd000 C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
0x64100000 0x27000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\aswCmnS.dll
0x64000000 0x12000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\aswCmnOS.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x64080000 0x1e000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\aswCmnB.dll
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
ashServ.exe pid: 1792
Command line: "C:\Programmi\Alwil Software\Avast4\ashServ.exe"

Base Size Version Path
0x00400000 0x20000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\ashServ.exe
0x64580000 0xa2000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\aswAux.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x64080000 0x1e000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\aswCmnB.dll
0x64000000 0x12000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\aswCmnOS.dll
0x64280000 0x10e000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\aswEngin.dll
0x64200000 0x14000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\aswScan.dll
0x64100000 0x27000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\aswCmnS.dll
0x64500000 0x3c000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\ashBase.dll
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x64800000 0x1b000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\ashTask.dll
0x64400000 0x9000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\aswInteg.dll
0x64a00000 0x7000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\aswIdle.dll
0x65000000 0x35000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\Aavm4h.dll
0x59e60000 0xa1000 5.01.2600.2180 C:\WINDOWS\system32\dbghelp.dll
0x66080000 0x10000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\Italian\Base.dll
0x6a000000 0x4b000 2.05.0000.0000 C:\Programmi\Alwil Software\Avast4\UNACEV2.DLL
0x65380000 0xc000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\AhResMai.dll
0x65880000 0xc000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\ahResMes.dll
0x65980000 0xb000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\AhResNS.dll
0x65280000 0xb000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\AhResOut.dll
0x658c0000 0xc000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\ahResP2P.dll
0x65180000 0x16000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\AhResStd.dll
0x65a00000 0xf000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\AhResWS.dll
0x64880000 0x39000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\ashSSqlt.dll
0x76e50000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76e70000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76f70000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76f80000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x5eba0000 0xa000 5.01.2600.2180 C:\WINDOWS\system32\perfos.dll

------------------------------------------------------------------------------
guard.exe pid: 1840
Command line: "C:\Programmi\ewido anti-spyware 4.0\guard.exe"

Base Size Version Path
0x00400000 0x2c000 4.00.0000.0172 C:\Programmi\ewido anti-spyware 4.0\guard.exe
0x10000000 0xe3000 4.00.0000.0172 C:\Programmi\ewido anti-spyware 4.0\engine.dll
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
MDM.EXE pid: 1868
Command line: "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"

Base Size Version Path
0x00400000 0x4d000 7.00.9466.0000 C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x51810000 0x6000 7.00.9466.0000 C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\1040\mdmui.dll

------------------------------------------------------------------------------
PXAgent.exe pid: 1940
Command line: "C:\Programmi\Prevx1\PXAgent.exe" -f


------------------------------------------------------------------------------
ASWL2K.exe pid: 300
Command line: "C:\WINDOWS\system32\ASWL2K.exe"

Base Size Version Path
0x00400000 0x86000 C:\WINDOWS\system32\ASWL2K.exe
0x10000000 0x11000 5.00.0013.0050 C:\WINDOWS\system32\ASUSW32N50.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
wdfmgr.exe pid: 436
Command line: C:\WINDOWS\system32\wdfmgr.exe

Base Size Version Path
0x01000000 0xc000 5.02.3790.1230 C:\WINDOWS\system32\wdfmgr.exe
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
alg.exe pid: 836
Command line: C:\WINDOWS\System32\alg.exe

Base Size Version Path
0x01000000 0xd000 5.01.2600.2180 C:\WINDOWS\System32\alg.exe
0x76ae0000 0x11000 3.05.2284.0000 C:\WINDOWS\System32\ATL.DLL
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll

------------------------------------------------------------------------------
ati2evxx.exe pid: 2244
Command line: Ati2evxx.exe -Client

Base Size Version Path
0x00400000 0x69000 6.14.0010.4107 C:\WINDOWS\system32\Ati2evxx.exe
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x00ec0000 0xc000 6.14.0010.2495 C:\WINDOWS\system32\Ati2edxx.dll

------------------------------------------------------------------------------
explorer.exe pid: 2356
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0xff000 6.00.2900.2180 C:\WINDOWS\Explorer.EXE
0x76890000 0x83000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x5ba40000 0x72000 6.00.2900.2180 C:\WINDOWS\system32\themeui.dll
0x76330000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x60060000 0x33000 5.01.2600.2180 C:\WINDOWS\system32\msutb.dll
0x746b0000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x76950000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76ae0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x763b0000 0x1a9000 5.01.2600.2180 C:\WINDOWS\system32\NETSHELL.dll
0x76bc0000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x74a80000 0xa000 6.00.2900.2180 C:\WINDOWS\system32\BatMeter.dll
0x74a60000 0x8000 6.00.2900.2180 C:\WINDOWS\system32\POWRPROF.dll
0x72fa0000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\WZCSAPI.DLL
0x76e50000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76e70000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x10000000 0x1b9000 2.00.0000.0007 C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Programmi\File comuni\Ahead\Lib\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Programmi\File comuni\Ahead\Lib\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Programmi\File comuni\Ahead\Lib\MSVCP71.dll
0x62860000 0x4d000 8.00.0000.9005 C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll
0x60b30000 0x18000 8.00.0000.8975 C:\Programmi\OpenOffice.org 2.0\program\uwinapi.dll
0x4ebd0000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x62410000 0x8e000 4.05.2003.0120 C:\Programmi\OpenOffice.org 2.0\program\stlport_vc7145.dll
0x02190000 0x1c000 7.00.0000.0000 C:\Programmi\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x021c0000 0x13000 4.00.0000.0172 C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll
0x021f0000 0x14000 1.00.0000.1008 C:\Programmi\SUPERAntiSpyware\SASSEH.DLL
0x01730000 0x13000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x6c6b0000 0x4d000 5.01.2600.2180 C:\WINDOWS\system32\DUSER.dll
0x75f10000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71ba0000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71c60000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71c20000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x71c10000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\NETRAP.dll
0x75f20000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x4f4b0000 0x5f000 5.01.2600.2180 C:\WINDOWS\system32\wzcdlg.dll
0x4d530000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x02ed0000 0x8c000 6.00.2900.2180 C:\WINDOWS\system32\shdoclc.dll
0x73aa0000 0x15000 5.01.2600.2709 C:\WINDOWS\system32\mscms.dll
0x71cd0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\Actxprxy.dll
0x01b40000 0xe000 7.00.0007.0142 C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x5cf20000 0x6e000 6.00.2900.2180 C:\WINDOWS\system32\shimgvw.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
0x030c0000 0x14000 2.00.0000.0000 C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x045e0000 0x102000 7.10.3077.0000 C:\Programmi\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x01580000 0xf000 1.00.0000.1004 C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
0x64000000 0x30000 2005.01.0001.0004 C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
0x046f0000 0xa8000 3.00.0000.0000 C:\Programmi\TUGZip\TzShell.dll
0x5f210000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x04c20000 0x1a8000 1.00.0002.0000 C:\Programmi\TUGZip\Plugins\TzArchive10.tgp
0x750e0000 0x14000 5.01.2600.2180 C:\WINDOWS\system32\cabinet.dll
0x03540000 0x30000 C:\WINDOWS\system32\unrar3.dll
0x04450000 0x15000 1.00.0002.0000 C:\Programmi\TUGZip\Plugins\TzImage10.tgp
0x04480000 0x1f000 4.00.0000.0172 C:\Programmi\ewido anti-spyware 4.0\context.dll
0x64f00000 0x12000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\ashShell.dll
0x5b370000 0x15000 5.01.2600.2180 C:\WINDOWS\system32\usbui.dll

------------------------------------------------------------------------------
ashDisp.exe pid: 2716
Command line: "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"

Base Size Version Path
0x00400000 0x19000 4.07.0936.0000 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
0x64000000 0x12000 4.07.0936.0000 C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x64500000 0x3c000 4.07.0936.0000 C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll
0x64080000 0x1e000 4.07.0936.0000 C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll
0x64100000 0x27000 4.07.0936.0000 C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x64800000 0x1b000 4.07.0936.0000 C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll
0x64580000 0xa2000 4.07.0936.0000 C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll
0x65000000 0x35000 4.07.0936.0000 C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll
0x59e60000 0xa1000 5.01.2600.2180 C:\WINDOWS\system32\dbghelp.dll
0x66080000 0x10000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\Italian\Base.dll
0x66100000 0x25f000 4.07.0936.0000 C:\Programmi\Alwil Software\Avast4\Italian\Lang.dll
0x7c140000 0x103000 7.10.3077.0000 C:\WINDOWS\system32\MFC71.DLL
0x65100000 0x8000 4.07.0936.0000 C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll
0x65400000 0x11000 4.07.0936.0000 c:\programmi\alwil software\avast4\ahruimai.dll
0x64b00000 0x48000 4.07.0936.0000 C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll
0x64c80000 0xde000 1.09.0004.0000 C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll
0x65900000 0xa000 4.07.0936.0000 c:\programmi\alwil software\avast4\ahruimes.dll
0x659c0000 0xa000 4.07.0936.0000 c:\programmi\alwil software\avast4\ahruins.dll
0x65300000 0x17000 4.07.0936.0000 c:\programmi\alwil software\avast4\ahruiout.dll
0x65940000 0xa000 4.07.0936.0000 c:\programmi\alwil software\avast4\ahruip2p.dll
0x65200000 0x11000 4.07.0936.0000 c:\programmi\alwil software\avast4\ahruistd.dll
0x65a40000 0x12000 4.07.0936.0000 c:\programmi\alwil software\avast4\ahruiws.dll

------------------------------------------------------------------------------
Internet Access.exe pid: 2752
Command line: "C:\Programmi\Samsung\Internet Access\Internet Access.exe"

Base Size Version Path
0x00400000 0xe0000 1.00.0000.0001 C:\Programmi\Samsung\Internet Access\Internet Access.exe
0x10000000 0xd000 1.00.0000.0001 C:\Programmi\Samsung\Internet Access\WizardComm.dll
0x00360000 0xb000 1.00.0000.0001 C:\Programmi\Samsung\Internet Access\XPButton.dll
0x73d10000 0xf2000 6.00.8665.0000 C:\Programmi\Samsung\Internet Access\MFC42.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x76e50000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76e70000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x61e00000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x00bd0000 0x1b000 2.00.0000.0000 C:\Programmi\Samsung\Internet Access\Lang\LANG0410.dll

------------------------------------------------------------------------------
VIRITSVC.EXE pid: 428
Command line: C:\VEXPLITE\viritsvc.exe

Base Size Version Path
0x00400000 0x53000 1.01.0000.0001 C:\VEXPLITE\viritsvc.exe
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
IEXPLORE.EXE pid: 3488
Command line: "C:\Programmi\Internet Explorer\iexplore.exe"

Base Size Version Path
0x00400000 0x19000 6.00.2900.2180 C:\Programmi\Internet Explorer\iexplore.exe
0x76890000 0x83000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x20000000 0x13000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x010f0000 0x8c000 6.00.2900.2180 C:\WINDOWS\system32\shdoclc.dll
0x75d50000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\mlang.dll
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x76e50000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76e70000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76f80000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x7dbe0000 0x2f5000 6.00.2900.3059 C:\WINDOWS\system32\MShtml.dll
0x02650000 0x27000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x75c00000 0x6e000 5.06.0000.8831 C:\WINDOWS\system32\jscript.dll
0x66d50000 0xc000 6.00.2900.2180 C:\WINDOWS\system32\ImgUtil.dll
0x6c2d0000 0x36000 6.03.2900.3059 C:\WINDOWS\system32\dxtrans.dll
0x76ae0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x6d950000 0xa000 5.03.2600.2180 C:\WINDOWS\system32\ddrawex.dll
0x736d0000 0x49000 5.03.2600.2180 C:\WINDOWS\system32\DDRAW.dll
0x6c310000 0x5a000 6.03.2900.3059 C:\WINDOWS\system32\dxtmsft.dll
0x73270000 0x67000 5.06.0000.8820 C:\WINDOWS\system32\vbscript.dll
0x73d40000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61e00000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x767b0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x71cd0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\Actxprxy.dll
0x5e750000 0xc000 6.00.2900.3059 C:\WINDOWS\system32\pngfilt.dll

------------------------------------------------------------------------------
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Postdi sundek » 28/03/07 14:38

AcroRd32.exe pid: 2956
Command line: "C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" /o /eo /l

Base Size Version Path
0x00400000 0x10000 7.00.0008.0218 C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x07000000 0x1b000 1.01.0018.0001 C:\Programmi\Adobe\Acrobat 7.0\Reader\BIB.dll
0x03000000 0x944000 7.00.0008.0218 C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.dll
0x06000000 0x1aa000 4.14.0045.0001 C:\Programmi\Adobe\Acrobat 7.0\Reader\AGM.dll
0x08000000 0x200000 5.01.0041.0001 C:\Programmi\Adobe\Acrobat 7.0\Reader\CoolType.dll
0x05000000 0x85000 2.07.0028.0001 C:\Programmi\Adobe\Acrobat 7.0\Reader\ACE.dll
0x10000000 0x1f9000 7.00.0008.0218 c:\programmi\adobe\acrobat 7.0\reader\rdlang32.ita
0x29800000 0x47000 7.00.0007.0142 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Accessibility.api
0x20800000 0x6c3000 7.00.0008.0218 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm.api
0x22100000 0x23d000 7.00.0007.0142 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Annots.api
0x45800000 0xb6000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Checkers.api
0x23000000 0xf1000 7.00.0008.0218 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\DigSig.api
0x26800000 0x191000 7.00.0000.1333 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\eBook.api
0x23800000 0x100000 7.00.0008.0218 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\EScript.api
0x24000000 0x21000 7.00.0008.0218 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\EWH32.api
0x31800000 0xd000 7.00.0000.1333 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\HLS.api
0x25800000 0x15000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\IA32.api
0x53000000 0x5f000 7.00.0000.41005 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer.API
0x27800000 0xc000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\LegalPDF.api
0x29000000 0x307000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\MakeAccessible.api
0x2d800000 0x12a000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia.api
0x2b800000 0x60000 7.00.0007.0142 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\PDDom.api
0x43800000 0xeb000 7.00.0000.1333 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks.api
0x28000000 0x427000 7.00.0008.0218 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\PPKLite.api
0x28800000 0x57000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\reflow.api
0x32000000 0x42000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\SaveAsRTF.api
0x2a300000 0x3a000 7.00.0000.1333 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Search.api
0x2a000000 0x18000 7.00.0000.1333 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Search5.api
0x2a800000 0x1c000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\SendMail.api
0x2d000000 0xa5000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Soap.api
0x2b000000 0x4c000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Spelling.api
0x30800000 0x4f000 7.00.0008.0218 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Updater.api
0x2e000000 0x27000 7.00.0007.0142 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\weblink.api
0x01110000 0x7000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Spelling.ITA
0x01120000 0x83000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\PPKLite.ITA
0x011b0000 0xc000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Accessibility.ITA
0x011c0000 0x6b000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm.ITA
0x01230000 0xa6000 7.00.0007.0142 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Annots.ITA
0x016e0000 0x1f000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Checkers.ITA
0x01700000 0x21000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\DigSig.ITA
0x01730000 0x49000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\eBook.ITA
0x01780000 0x15000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\EScript.ITA
0x017a0000 0x4000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\EWH32.ITA
0x017b0000 0x5000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\HLS.ITA
0x017c0000 0xb000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\MakeAccessible.ITA
0x017d0000 0x1e000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia.ITA
0x017f0000 0x4000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\PDDom.ITA
0x01800000 0x84000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks.ITA
0x01890000 0x4000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\reflow.ITA
0x018a0000 0x6000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\SaveAsRTF.ITA
0x018b0000 0x8000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Search.ITA
0x018c0000 0x4000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Search5.ITA
0x018d0000 0x6000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\SendMail.ITA
0x018e0000 0x10000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Soap.ITA
0x018f0000 0x9000 7.00.0000.1376 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Updater.ITA
0x01900000 0x8000 7.00.0005.0172 C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\weblink.ITA
0x76890000 0x83000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x022b0000 0x2b000 3.01.0000.0009 C:\Programmi\Adobe\Acrobat 7.0\Reader\esdupdate.dll
0x76e50000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76e70000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76f80000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x73aa0000 0x15000 5.01.2600.2709 C:\WINDOWS\system32\mscms.dll

------------------------------------------------------------------------------
msnmsgr.exe pid: 1412
Command line: "C:\Programmi\MSN Messenger\msnmsgr.exe"

Base Size Version Path
0x00400000 0x6dc000 7.05.0324.0000 C:\Programmi\MSN Messenger\msnmsgr.exe
0x76590000 0x13000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTNET.dll
0x4d530000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\WINHTTP.dll
0x72240000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\SensApi.dll
0x73e80000 0x5c000 5.03.2600.2180 C:\WINDOWS\system32\DSOUND.dll
0x002a0000 0x9e000 3.200.0060.0001 C:\Programmi\MSN Messenger\msidcrl.dll
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x69200000 0x1b7000 7.05.0324.0000 C:\Programmi\MSN Messenger\MSGSLANG.DLL
0x776e0000 0x41000 2001.12.4414.0308 C:\WINDOWS\system32\es.dll
0x74dc0000 0x6c000 5.30.0023.1228 C:\WINDOWS\system32\RICHED20.dll
0x76330000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.DLL
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76f80000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x767b0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll
0x76e50000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76e70000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
0x76f70000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
0x76600000 0x11000 6.05.2600.2180 C:\WINDOWS\system32\devenum.dll
0x73620000 0x7000 6.05.2600.2180 C:\WINDOWS\system32\msdmo.dll
0x76890000 0x83000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x5e200000 0x9000 6.06.2600.2180 C:\WINDOWS\system32\qmgrprxy.dll
0x03b60000 0x8c000 6.00.2900.2180 C:\WINDOWS\system32\shdoclc.dll
0x75d50000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\mlang.dll

------------------------------------------------------------------------------
notepad.exe pid: 1160
Command line: "C:\WINDOWS\system32\NOTEPAD.EXE" C:\Documents and Settings\utente\Documenti\stamp.txt

Base Size Version Path
0x01000000 0x14000 5.01.2600.2180 C:\WINDOWS\system32\NOTEPAD.EXE
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL

------------------------------------------------------------------------------
IEXPLORE.EXE pid: 2908
Command line: "C:\Programmi\Internet Explorer\iexplore.exe"

Base Size Version Path
0x00400000 0x19000 6.00.2900.2180 C:\Programmi\Internet Explorer\iexplore.exe
0x76890000 0x83000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTUI.dll
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x20000000 0x13000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x010f0000 0x8c000 6.00.2900.2180 C:\WINDOWS\system32\shdoclc.dll
0x75d50000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\mlang.dll
0x719d0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76e50000 0x12000 5.01.2600.2180 C:\WINDOWS\system32\rasman.dll
0x76e70000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\TAPI32.dll
0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76f80000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
0x7dbe0000 0x2f5000 6.00.2900.3059 C:\WINDOWS\system32\MShtml.dll
0x02350000 0x27000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x75c00000 0x6e000 5.06.0000.8831 C:\WINDOWS\system32\jscript.dll
0x66d50000 0xc000 6.00.2900.2180 C:\WINDOWS\system32\ImgUtil.dll
0x5e750000 0xc000 6.00.2900.3059 C:\WINDOWS\system32\pngfilt.dll
0x71cd0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\Actxprxy.dll
0x76950000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
0x76ae0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

------------------------------------------------------------------------------
systemscan.exe pid: 2216
Command line: "C:\Documents and Settings\utente\Desktop\systemscan.exe"

Base Size Version Path
0x00400000 0x24000 C:\Documents and Settings\utente\Desktop\systemscan.exe
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.DLL
0x74dc0000 0x6c000 5.30.0023.1228 C:\WINDOWS\system32\RICHED20.dll

------------------------------------------------------------------------------
runme.exe pid: 2588
Command line: "C:\DOCUME~1\utente\IMPOST~1\Temp\RarSFX0\runme.exe"

Base Size Version Path
0x00400000 0x46000 2.00.0000.0020 C:\DOCUME~1\utente\IMPOST~1\Temp\RarSFX0\runme.exe
0x73390000 0x154000 6.00.0096.0090 C:\WINDOWS\system32\MSVBVM60.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x73510000 0x25000 5.06.0000.8820 C:\WINDOWS\system32\scrrun.dll
0x73d40000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61e00000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL

------------------------------------------------------------------------------
wmiprvse.exe pid: 3168
Command line: C:\WINDOWS\system32\wbem\wmiprvse.exe

Base Size Version Path
0x01000000 0x38000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wmiprvse.exe
0x75220000 0x37000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemcomn.dll
0x75630000 0x76000 5.01.2600.2180 C:\WINDOWS\system32\wbem\FastProx.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76760000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x5fbb0000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\NCObjAPI.DLL
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74e80000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemprox.dll
0x74e60000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x74fb0000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wmiutils.dll
0x5c1b0000 0x18000 5.01.2600.2180 C:\WINDOWS\system32\wbem\stdprov.dll
0x752a0000 0x3f000 5.01.2600.2180 C:\WINDOWS\system32\wbem\esscli.dll

------------------------------------------------------------------------------
cmd.exe pid: 3408
Command line: cmd /c listdlls.exe >> %systemdrive%\suspectfile\report.row

Base Size Version Path
0x4ad00000 0x63000 5.01.2600.2180 C:\WINDOWS\system32\cmd.exe
0x5cf90000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x596b0000 0x1ca000 5.01.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

------------------------------------------------------------------------------
Command line: listdlls.exe

Base Size Version Path
0x00400000 0x11000 2.25.0000.0000 C:\DOCUME~1\utente\IMPOST~1\Temp\RarSFX0\LISTDLLS.exe
0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

-------------NTFS ADS -------------



Error opening C:\pagefile.sys:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

C:\Documents and Settings\All Users\Dati applicazioni\TEMP:

C:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\All Users\Documenti\Musica\Musica campione\Thumbs.db:
:encryptable:$DATA 0
.
Error opening C:\Documents and Settings\LocalService\NTUSER.DAT:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\Documents and Settings\LocalService\ntuser.dat.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\Documents and Settings\NetworkService\NTUSER.DAT:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\Documents and Settings\NetworkService\ntuser.dat.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\Documents and Settings\utente\ntuser.dat:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\Documents and Settings\utente\NTUSER.DAT.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\Documents and Settings\utente\Dati applicazioni\Adobe\Acrobat\7.0\Updater\udlog.txt:
Impossibile accedere al file. Il file è utilizzato da un altro processo.
..
C:\Documents and Settings\utente\Desktop\3_monkeys.zip:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Desktop\avenger.zip:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Desktop\gmer110.zip:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Desktop\Internet Explorer 7.rar:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Desktop\interrogazione guicciardini.rar:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Desktop\KillBox.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Desktop\Raf_-_In_tutti_i_miei_giorni.htm:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Desktop\systemscan.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Desktop\vnlt6165.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Desktop\ZoneAlarmIt.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\capIVX.zip:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\IEFix.zip:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\La Vita è.....pps%20:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\manuale_di_conversione_dvd-divx-xvid_e_video_editing_v[1].2.00.zip:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\MODULO 4 STORIA da loris.rar:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\Power_Translator_9_ITA.iso:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\schedaLACHIMERA di vassalli.zip:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\File ricevuti\IMG_0007.JPG:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\File ricevuti\Immagine.JPG:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\File ricevuti\P0115_203225.jpg:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\File ricevuti\P0123_030920.jpg:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\File ricevuti\P1022_155755.jpg:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\File ricevuti\P1210_212539.jpg:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\File ricevuti\palloso.rtf:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\File ricevuti\PATTINI.xls:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\File ricevuti\piscitellate.3gp:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\File ricevuti\senzalegge.wmv:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\Immagini\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\utente\Documenti\Immagini\Animali\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\utente\Documenti\Immagini\Delfini\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\utente\Documenti\Immagini\Foto\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\utente\Documenti\Immagini\Immagini\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\utente\Documenti\Immagini\sfondi\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\utente\Documenti\Musica\MUSICA\10-alex_baroni-e_ti_faro_a.mp3:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\Musica\MUSICA\xfiles2.mid:
:SummaryInformation:$DATA 88
:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}:$DATA 0

C:\Documents and Settings\utente\Documenti\My eBooks\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\utente\Documenti\pps\Natale2006.pps:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\utente\Documenti\pps\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\utente\Documenti\Video\Thumbs.db:
:encryptable:$DATA 0

Error opening C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Postdi sundek » 28/03/07 14:39

...

...

...

...

...

...

...

...

...

...

...
C:\Documents and Settings\utente\Preferiti\AltaVista - Babel Fish Traduzione.url:

C:\Documents and Settings\utente\Preferiti\Forums Atari Europe.url:

C:\Documents and Settings\utente\Preferiti\ImageShack® - Hosting.url:

C:\Documents and Settings\utente\Preferiti\Libero.url:

C:\Documents and Settings\utente\Preferiti\pc-facile.com Indice.url:

C:\Documents and Settings\utente\Preferiti\Punto Informatico, il quotidiano di Internet dal 1996.url:

C:\Documents and Settings\utente\Preferiti\Software freeware, shareware e commerciale.url:

C:\Documents and Settings\utente\Preferiti\SuspectFile Forum Index.url:

C:\Documents and Settings\utente\Preferiti\WRESTLING NEWS - Tutto Le News Sul Wrestling, In Tempo Reale, 24 Ore Su 24!.url:

C:\Documents and Settings\utente\Preferiti\ :favicon:$DATA 3638


...

...

...

...

...

...

...

...

...

...

...

...


C:\System Volume Information\_restore{DA1B7651-C22A-41CB-802C-6CB418C516C7}\RP66\A0030405.exe:
:Zone.Identifier:$DATA 26
...

...

...

...

...
Error opening C:\WINDOWS\SoftwareDistribution\EventCache\{1A610809-D49B-4771-9B2C-10EAACBD6AA3}.bin:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


...
Error opening C:\WINDOWS\system32\config\default:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\WINDOWS\system32\config\default.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\WINDOWS\system32\config\SAM:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\WINDOWS\system32\config\SAM.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\WINDOWS\system32\config\SECURITY:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\WINDOWS\system32\config\SECURITY.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\WINDOWS\system32\config\software:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\WINDOWS\system32\config\software.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\WINDOWS\system32\config\system:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error opening C:\WINDOWS\system32\config\system.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.
Impossibile accedere al file. Il file è utilizzato da un altro processo.

-------------Encrypting File System dumping-------------

-------------Hidden Files -------------

detected NTDLL code modification:
ZwQueryDirectoryFile

Scannig hidden processes ...

Scannig hidden services ...

Scannig hidden autostart entries ...

Scannig hidden files ...

C:\WINDOWS\system32\kdhxf.exe

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

-------------Checking Rustock rootkit-------------

-------------hijackthis.log-------------

--------------------------
Scan completed in 2,1 minutes
End of report
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Postdi Luke57 » 29/03/07 07:26

Ciao, apri Gmer.exe, spunta le caselle ADS e files, fai uno scan, al termine quando ha individuato
File C:\WINDOWS\system32\kdhxf.exe
Click tasto dx e scegli Delete.

Apri il registro di sistema:
start>esegui>regedit (lo digiti nello spazio)>OK
Ciccando sul segno + accanto alle singole voci, segui questo percorso:

HKEY_LOCAL_MACHINE
Software
Microsoft
Windows NT
CurrentVersion\Winlogon
Winlogon
Click su quest’ultima cartella, indidui la stringa

"System"="kdhxf.exe"
doppio click su di essa, nella finestra Modifica stringa vai nello spazio Dati valore e cancelli la voce
kdhxf.exe, selezionandola e premendo Canc>OK. Chiudi il registro.


scarica Findawf da qui:
http://noahdfear.geekstogo.com/FindAWF.exe

Esegui il file, si aprirà una finestra dos, premi invio per continuare, finito tutto si aprirà il block notes, copia e incolla il contenuto in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi sundek » 29/03/07 09:41

Ciao, apri Gmer.exe, spunta le caselle ADS e files, fai uno scan,


dunque primo problema:

nella vers 1.0.10.10122 ke ho io di GMER la casellina ADS non c'e', ho consultato 1 guida in rete x vedere se riuscivo a trovarla, ma nulla, non esiste, la casellina ADS c'e' solo nella versione 1.0.12, ad ogni modo ho spuntato tutto quello ke c'era da spuntare tra le caselline restanti.

al termine quando ha individuato
File C:\WINDOWS\system32\kdhxf.exe
Click tasto dx e scegli Delete.


secondo problema:

ho seguito quanto mi hai scritto alla lettera, ma mi appare questo:

File "C:\WINDOWS\system32\kdhxf.exe" couldn't be deleted.Error 0xC0000043!


Per il resto ho eseguito tutto, eccoti il log di FindAWF


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 845E-E973

Directory di C:\WINDOWS\ATK0100\BAK

04/11/2004 00.48 94.208 HControl.exe
1 File 94.208 byte
2 Directory 22.150.627.328 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 845E-E973

Directory di C:\WINDOWS\SYSTEM32\BAK

02/03/2006 14.00 15.360 ctfmon.exe
1 File 15.360 byte
2 Directory 22.150.627.328 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 845E-E973

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

15/01/2007 19.28 108.160 ashDisp.exe
1 File 108.160 byte
2 Directory 22.150.623.232 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 845E-E973

Directory di C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

29/03/2007 03.57 10 emptygrps.xvirgolax.ini
30/11/2006 22.49 4.662.776 YahooMessenger.exe
2 File 4.662.786 byte
6 Directory 22.150.623.232 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

24076 22 Mar 2007 "C:\WINDOWS\ATK0100\HControl.exe"
94208 4 Nov 2004 "C:\WINDOWS\ATK0100\bak\HControl.exe"
15360 2 Mar 2006 "C:\WINDOWS\system32\ctfmon.exe"
15360 2 Mar 2006 "C:\WINDOWS\system32\bak\ctfmon.exe"
108160 15 Jan 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
108160 15 Jan 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
10 17 Mar 2007 "C:\Programmi\Yahoo!\Messenger\emptygrps.xvirgolax.ini"
10 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\emptygrps.xvirgolax.ini"
24076 22 Mar 2007 "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe"
4662776 30 Nov 2006 "C:\Programmi\Yahoo!\Messenger\bak\YahooMessenger.exe"
1281 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\audiblemenu.xml"
1281 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\audiblemenu.xml"
752 17 Mar 2007 "C:\Programmi\Yahoo!\Messenger\Cache\audiblerevoked.xml"
752 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\audiblerevoked.xml"
5036 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\content-tabs.xml"
5036 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\content-tabs.xml"
69 19 Mar 2007 "C:\Programmi\Yahoo!\Messenger\Cache\.conversationhistory.xml"
69 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\.conversationhistory.xml"
16333 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\countries.xml"
16333 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\countries.xml"
914 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\default-plugins.xml"
914 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\default-plugins.xml"
7591 2 Mar 2006 "C:\Programmi\Movie Maker\Shared\Filters.xml"
2793 17 Mar 2007 "C:\Programmi\Yahoo!\Messenger\Cache\filters.xml"
2793 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\filters.xml"
3520 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\games.xml"
3520 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\games.xml"
1467 17 Mar 2007 "C:\Programmi\Yahoo!\Messenger\Cache\imvironments.xml"
1650 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\imvironments.xml"
558 17 Mar 2007 "C:\Programmi\Yahoo!\Messenger\Cache\JRWcpp9X_4P9M_PvjxDEIQ--.slotmgr.ini"
71 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\JRWcpp9X_4P9M_PvjxDEIQ--.slotmgr.ini"
0 17 Mar 2007 "C:\Programmi\Yahoo!\Messenger\Cache\JRWcpp9X_4P9M_PvjxDEIQ--.ProfileMap.dat.tmp"
0 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\JRWcpp9X_4P9M_PvjxDEIQ--.ProfileMap.dat.tmp"
4812 17 Mar 2007 "C:\Programmi\Yahoo!\Messenger\Cache\JRWcpp9X_4P9M_PvjxDEIQ--.ab.xml"
4812 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\JRWcpp9X_4P9M_PvjxDEIQ--.ab.xml"
27 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\JRWcpp9X_4P9M_PvjxDEIQ--.gameprowler.xml"
872 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\JRWcpp9X_4P9M_PvjxDEIQ--.chatCategories.xml"
252 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\JRWcpp9X_4P9M_PvjxDEIQ--.webcam.xml"
128 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\JRWcpp9X_4P9M_PvjxDEIQ--.conversationhistory.xml"
661 17 Mar 2007 "C:\Programmi\Yahoo!\Messenger\Cache\logos.xml"
661 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\logos.xml"
774 17 Mar 2007 "C:\Programmi\Yahoo!\Messenger\Cache\marketing.xml"
774 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\marketing.xml"
2256 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\partner.xml"
2256 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\partner.xml"
1406 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\revoked-plugins.xml"
1406 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\revoked-plugins.xml"
1230 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\safeobjects.xml"
1230 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\safeobjects.xml"
2411 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\searchbar.xml"
2411 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\searchbar.xml"
16728 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\searchcategories.xml"
16728 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\searchcategories.xml"
1089 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\sidepanel-plugins.xml"
1089 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\sidepanel-plugins.xml"
565 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\sms.xml"
565 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\sms.xml"
951 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\system.xml"
951 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\system.xml"
470 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\urls.xml"
470 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\urls.xml"
3109 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\userfeedback.xml"
3109 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\userfeedback.xml"
4520 21 Mar 2007 "C:\Programmi\Yahoo!\Messenger\logs\billing_utente.log"
172 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\logs\billing_utente.log"
6955 21 Mar 2007 "C:\Programmi\Yahoo!\Messenger\logs\client_utente.log"
608 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\logs\client_utente.log"
9982 21 Mar 2007 "C:\Programmi\Yahoo!\Messenger\logs\network_utente.log"
4108 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\logs\network_utente.log"
3969 9 Feb 2007 "C:\Programmi\Yahoo!\Messenger\Cache\Avatars\1gq7bFTL0AAMB-CFD-A65pc1iGw==.medium.png"
3969 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\Avatars\1gq7bFTL0AAMB-CFD-A65pc1iGw==.medium.png"
31657 9 Feb 2007 "C:\Programmi\Yahoo!\Messenger\Cache\Avatars\1gq7bFTL0AAMB-CFD-A65pc1iGw==.full.swf"
31657 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\Avatars\1gq7bFTL0AAMB-CFD-A65pc1iGw==.full.swf"
829 9 Feb 2007 "C:\Programmi\Yahoo!\Messenger\Cache\Avatars\1gq7bFTL0AAMB-CFD-A65pc1iGw==.small.png"
829 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\Avatars\1gq7bFTL0AAMB-CFD-A65pc1iGw==.small.png"
600 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\branding\1small_1.gif"
600 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\branding\1small_1.gif"
668 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Cache\branding\2small_1.gif"
668 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\branding\2small_1.gif"
603 17 Mar 2007 "C:\Programmi\Yahoo!\Messenger\Cache\branding\9small_1.gif"
603 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\branding\9small_1.gif"
14352 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\SearchBar\sbnew.swf"
1308 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Cache\SearchBar\sbnew.xml"
163 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Games\icons\bg_1.gif"
163 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Games\icons\bg_1.gif"
225 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Games\icons\ch_1.gif"
225 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Games\icons\ch_1.gif"
180 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Games\icons\ck_1.gif"
180 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Games\icons\ck_1.gif"
288 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Games\icons\do_1.gif"
288 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Games\icons\do_1.gif"
226 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Games\icons\lt_1.gif"
226 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Games\icons\lt_1.gif"
367 24 Dec 2006 "C:\Programmi\Yahoo!\Messenger\Games\icons\pl_1.gif"
367 29 Mar 2007 "C:\Programmi\Yahoo!\Messenger\bak\Games\icons\pl_1.gif"


end of report
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Postdi Luke57 » 29/03/07 11:58

Ciao, devi utilizzare Avenger inserendo questo script

Files to delete:
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Yahoo!\Messenger\emptygrps.xvirgolax.ini
C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\kdhxf.exe

Files to move:
C:\WINDOWS\ATK0100\bak\HControl.exe | C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe | C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Yahoo!\Messenger\bak\emptygrps.xvirgolax.ini | C:\Programmi\Yahoo!\Messenger\emptygrps.xvirgolax.ini
C:\Programmi\Yahoo!\Messenger\bak\YahooMessenger.exe | C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe



Poi elimina tutta la cache di Messenger, se vuoi conservarla devi sostituire il file sano che si trova nella cartella bak a quello infetto nella stesa directory, ad esempio:
Copi il file C:\Programmi\Yahoo!\Messenger\bak\Cache\SearchBar\sbnew.xml e lo incolli, sovrascrivendolo, nella cartella C:\Programmi\Yahoo!\Messenger\\Cache\SearchBar
E così via…..
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi sundek » 29/03/07 16:42

ho inserito quello che mi hai scritto in Avenger

Files to delete:
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Yahoo!\Messenger\emptygrps.xvirgolax.ini
C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\kdhxf.exe

Files to move:
C:\WINDOWS\ATK0100\bak\HControl.exe | C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe | C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Yahoo!\Messenger\bak\emptygrps.xvirgolax.ini | C:\Programmi\Yahoo!\Messenger\emptygrps.xvirgolax.ini
C:\Programmi\Yahoo!\Messenger\bak\YahooMessenger.exe | C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe


ma il risultato e' questo:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xmtmbsnb

*******************

Script file located at: prxbxaap

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!

cosi' ho provato con Killbox ad inserire una voce per volta e per ogni voce mi ha dato questo:
PendingFileRenameOperations Registry Data has been Removed by External Process!
OK

ho eliminato la cartella Cache di Messenger
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Postdi Luke57 » 29/03/07 16:58

Ciao, fallo manualmente dalla modalità provvisoria, per evitare intoppi.
A titolo di esempio:
Copia il file C:\WINDOWS\ATK0100\bak\HControl.exe e incollalo sovrascrivendolo nella cartella C:\WINDOWS\ATK0100
Copia il file C:\WINDOWS\system32\bak\ctfmon.exe e incollalo sovrascrivendolo nella cartella C:\WINDOWS\system32
Copia il file C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
e incollalo sovrascrivendolo nella cartella C:\Programmi\Alwil Software\Avast4
e così via.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi sundek » 30/03/07 07:46

:oops: skusa se ti faccio impazzire ma non ho capito molto della procedura che mi hai indicato :( o meglio sono andato in mod. provvisoria ho cliccato sul disco C sono entrato nelle varie cartelle da te indicate(3) poi col mouse ho selezionato copia e poi incolla, ma non so se ho fatto bene :-? , nel senso che mi parli di sovrascrivere, io sinceramente non ho capito come devo fare :cry: mai fatte queste cose...non c'e' una procedura piu' elementare? :oops:
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Postdi Luke57 » 30/03/07 09:26

Ciao, avvii in modalità provvisoria
( Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows.
Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

Segui questo percorso

C:\WINDOWS\ATK0100\bak
apri la cartella bak, copi il file HControl.exe | apri la cartella C:\WINDOWS\ATK0100, con il tasto dx del mouse scegli incolla, ti apparirà un messaggio tipo"Vuoi sostituire la copia del file.....? scegli SI'.

Poi apri la cartella C:\WINDOWS\system32\bak, trovi il file
ctfmon.exe , lo copi, vai ndella cartella
C:\WINDOWS\system32, con il tasto dx del mouse scegli incolla, ti apparirà un messaggio tipo"Vuoi sostituire la copia del file.....? scegli SI'.

Apri la cartella C:\Programmi\Alwil Software\Avast4\bak, trovi il file ashDisp.exe , lo copi, vai nella cartella
C:\Programmi\Alwil Software\Avast4, con il tasto dx del mouse scegli incolla, ti apparirà un messaggio tipo"Vuoi sostituire la copia del file.....? scegli SI'.

Apri la cartella C:\Programmi\Yahoo!\Messenger\bak, trovi il file emptygrps.xvirgolax.ini , lo copi, vai nella cartella
C:\Programmi\Yahoo!\Messenger, con il tasto dx del mouse scegli incolla, ti apparirà un messaggio tipo"Vuoi sostituire la copia del file.....? scegli SI'.

Apri la cartella C:\Programmi\Yahoo!\Messenger\bak, trovi il file
YahooMessenger.exe , lo copi, vai nella cartella
C:\Programmi\Yahoo!\Messenger, con il tasto dx del mouse scegli incolla, ti apparirà un messaggio tipo"Vuoi sostituire la copia del file.....? scegli SI'.

Fatto tutto questo correttamente, elimini le seguenti cartelle:
C:\WINDOWS\ATK0100\bak
C:\WINDOWS\system32\bak
C:\Programmi\Alwil Software\Avast4\bak
C:\Programmi\Yahoo!\Messenger\bak

Non saprei spiegartelo in altro modo.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "problema redirect HELP":

problema blocco note
Autore: carlin
Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 38 ospiti