Condividi:        

DIALER LOCAL INTERNET che non riesco ad eliminare

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi Luke57 » 09/08/07 07:25

markin25 ha scritto:http://w13.easy-share.com/2898601.html

ecco...
grazie ancora... aspetto presto una soluzione!!!
ciao

Ciao, Scarica The Avenger
http://swandog46.geekstogo.com/avenger.zip

estrai l’archivio nel desktop.

Poi avvia il file Avenger.exe.
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno dello spazio bianco copia ed incolla questo script:


files to move :
C:\Programmi\Apoint\bak\Apoint.exe | C:\Programmi\Apoint\Apoint.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\bak\UsrPrmpt.exe | C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\sony\HotKey Utility\bak\HKserv.exe | C:\Programmi\sony\HotKey Utility\HKserv.exe
C:\Programmi\sony\vaio update 2\bak\VAIOUpdt.exe ! C:\Programmi\sony\vaio update 2\VAIOUpdt.exe
C:\WINDOWS\system32\bak\ezSP_Px.exe | C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe

Folders to delete:
C:\DOCUME~1\Andrea\IMPOST~1\Temp

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | crtfmon



Clicca sul pulsante Done
Adesso clicca sul semaforo con la luce verde
Rispondi Yes 2 volte
Il pc si dovrebbe riavviare,se non si riavvia,riavvialo manualmente

Al riavvio collegati e posta il contenuto del file C:\Avenger.txt
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Sponsor
 

Postdi markin25 » 09/08/07 15:57

ecco... è questo vero!?!!?
quindi ora è tutto risolto????

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vqydbrdp

*******************

Script file located at: \??\C:\ipyknrym.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\DOCUME~1\Andrea\IMPOST~1\Temp deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|crtfmon deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
markin25
Utente Junior
 
Post: 14
Iscritto il: 23/04/07 19:43

Help!

Postdi sofiaalb » 13/08/07 15:21

Ciao ragazzi,purtroppo anch'io ho preso questo dialer "Local Internet" (a volte "Connection") che mi stacca la connessione e si connette al suo num. a pagamento...quindi vorrei chiedere il vostro aiuto..seguendo quanto è stata fatto dagli altri utenti mi sono portato leggermente avanti nel lavoro e ho scaricato hijackthis e fatto lo scan ..ecco il logfile

Logfile of HijackThis v1.99.1
Scan saved at 16.05.54, on 13/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Creative\News\NewsUpd.EXE
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forumfree.net/?c=75878
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {8E79ACB0-914C-23C2-C64E-19525A2536F2} - C:\WINDOWS\pwqkh1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\DAP\DAPIEBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NewsUpd] C:\Programmi\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmi\Creative\Shared Files\CamTray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2057E707-FA09-451B-972F-9CFBA9F2423C} (Tiscali702) - http://www.tiscali.it/cabs/Tiscali702.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thewallofrekiankit.spaces.live.c ... nPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD2FA50-463B-4223-B75F-DB9896431733}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NetQya - Unknown owner - C:\WINDOWS\TEMP\57A.tmp
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe

Poi ho scaricato avenger in attesa che mi possiate dire cosa devo fargli cancellare,scrivendolo nello spazio bianco..vi ringrazio anticipatamente per il vostro aiuto..
Senza di voi tanta gente poco pratica verrebbe sistematicamente truffata...Grazie e nel mentre aspetto il vostro intervento ;)
sofiaalb
Utente Junior
 
Post: 12
Iscritto il: 13/08/07 15:10

Re: Help!

Postdi SkunkWorks 68 » 13/08/07 16:43

sofiaalb ha scritto:Windows XP

Pur non avendo il SP 2(che dovresti installare,come dico sempre a tutti quelli che non hanno XP aggiornato)il log non appare malvagio.
Ci sono 2 stringhe che non mi convincono:
"O2 - BHO: Class - {8E79ACB0-914C-23C2-C64E-19525A2536F2} - C:\WINDOWS\pwqkh1.dll (file missing)"-la .dll è alquanto strana e mi piace poco(è un file missing,però,un residuo...?)
Io la fixerei e vedrei se riesco a trovare la dll con il cerca di Windows(abilitato anche sui files nascosti e di sistema)ed eliminarla,se la trovi,da provvisoria.
"O23 - Service: NetQya - Unknown owner - C:\WINDOWS\TEMP\57A.tmp"
Questo non ho capito a cosa si riferisca.
Riusciresti a fare una scansione antimalware on-line sul sito della Panda?
Con un 56 K o una ISDN e non una ADSL fare gli aggiornamenti e le scansioni on line diventa ormai esasperante(non conosci nessuno con l'ADSL che possa scaricarti il "pacchetto" del SP 2,inoltre ?).
Sarebbe utile anche una passata con Superantispyware.
Ciao
"Quando ti svegli la mattina,pensa quale prezioso privilegio e’ essere vivi:respirare, pensare,provare gioia e amare"(Marco Aurelio).
Avatar utente
SkunkWorks 68
Utente Senior
 
Post: 2336
Iscritto il: 03/03/07 08:55

Postdi Luke57 » 13/08/07 18:08

Ciao, è il gromozon vecchia versione.
scarica questi due tools:

prevx
http://www.prevx.com/gromozon.asp

Tool di rimozione della Symantec:
http://securityresponse.symantec.com/av ... inkopt.exe

Eseguili uno alla volta; disattiva il tuo antivirus durante la scansione.

Quello della prevx fa riavviare il computer e al riavvio viene completata la scansione, al termine della quale viene rilasciato un report che trovi in C:\Gromozon_Removal.log.

Poi esegui il tool della symantec (dalla modalità provvisoria; se
non sai come andarci, premi ripetutamente il tasto F8 all'accensione del computer prima che inizi a caricarsi windows; sulla schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette e premendo invio).

Anche questo tool rilascia un rapporto della scansione nella cartella dove
hai messo il file (Fixlinkopt.log)
Invia anche questo rapporto, poi si vedrà che cosa fare in seguito.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Help!

Postdi sofiaalb » 14/08/07 16:55

Pur non avendo il SP 2(che dovresti installare,come dico sempre a tutti quelli che non hanno XP aggiornato)il log non appare malvagio


Service Pack 2 me lo ha scaricato ma ricordo che quando provai ad installarlo mi dava errore e alla fine nn me lo faceva fare..
Ci sono 2 stringhe che non mi convincono:
"O2 - BHO: Class - {8E79ACB0-914C-23C2-C64E-19525A2536F2} - C:\WINDOWS\pwqkh1.dll (file missing)"-la .dll è alquanto strana e mi piace poco(è un file missing,però,un residuo...?)
Io la fixerei e vedrei se riesco a trovare la dll con il cerca di Windows(abilitato anche sui files nascosti e di sistema)ed eliminarla,se la trovi,da provvisoria.

Allora la .dll nn l'ho trovata purtroppo,credo che sarà un file missing derivante da qualche altro malware o virus eliminato (mi hanno preso come vittima preferita :eeh: :D .. Che faccio fixo la stringa allora con avenger premendo su fix and checked dopo averla selezionata?
"O23 - Service: NetQya - Unknown owner - C:\WINDOWS\TEMP\57A.tmp"
Questo non ho capito a cosa si riferisca.

Questa derivava da LinkOptimizer! Grazie Luke 57!! Sei un genio :D
Riusciresti a fare una scansione antimalware on-line sul sito della Panda?
Con un 56 K o una ISDN e non una ADSL fare gli aggiornamenti e le scansioni on line diventa ormai esasperante(non conosci nessuno con l'ADSL che possa scaricarti il "pacchetto" del SP 2,inoltre ?).
Sarebbe utile anche una passata con Superantispyware.
Ciao

Purtroppo qui il Comune di Taormina non ritiene ancora "normale" mettere l'Adsl nelle frazioni come la mia,nonostante mille lamentele e raccolte firme..Panda mi viene dunque impossibile..

Di seguito metto i log delle due operazioni suggeritemi da Luke 57..Il primo,grozomon non c'era,il secondo invece si...

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni


Trojan.Gromozon does not exist - your system is clean.


Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Restored SeDebugPrivilege to Administrators group
service: NetQya (logon as: .\eaedWxOtAV, passed filters)
service: NetQya (file path: C:\WINDOWS\TEMP\57A.tmp - infected)
file: C:\WINDOWS\TEMP\57A.tmp (deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\NetQya\Security (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\NetQya\Enum (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\NetQya (key deleted)
reg: ...\SpecialAccounts\UserList\eaedWxOtAV (value deleted)
folder: \\?\C:\Documents and Settings\eaedWxOtAV (deleted)
user: eaedWxOtAV (deleted)



Trojan.Linkoptimizer has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 48123
The number of deleted threat files: 1
The number of directories deleted: 1
The number of threat processes terminated: 0
The number of threat threads terminated: 0
The number of registry entries fixed: 4
The number of threat services removed: 1
The number of accounts disabled: 1

The tool initiated a system reboot.

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)


Di seguito posto un nuovo log di hijackthis se può esservi utile,in attesa di sapere se fixare quella stringa..

Logfile of HijackThis v1.99.1
Scan saved at 17.27.35, on 14/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Creative\News\NewsUpd.EXE
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forumfree.net/?c=75878
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {8E79ACB0-914C-23C2-C64E-19525A2536F2} - C:\WINDOWS\pwqkh1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\DAP\DAPIEBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NewsUpd] C:\Programmi\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmi\Creative\Shared Files\CamTray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2057E707-FA09-451B-972F-9CFBA9F2423C} (Tiscali702) - http://www.tiscali.it/cabs/Tiscali702.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thewallofrekiankit.spaces.live.c ... nPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: JOc - Unknown owner - C:\Programmi\File comuni\System\HWJ.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe

P.S. Prima di scrivere su questo forum (che nn conoscevo),avevo ripristinato il computer in un punto di ripristino vecchio (15 maggio)..Non so se è stato utile (spero nn dannoso) cmq solo per farvelo sapere...

Vi ringrazio ancora tutti,fatemi sapere cosa fare adesso,sperando che nn mi ritorni tra le connessioni quella maledetta Local Internet o Connection che mi stacca la connessione (per fortuna me lo fa ogni tanto e sempre dopo 1 oretta circa di connessione)..Nel mentre un saluto dalla Sicilia da Alberto e buon ferragosto..[/quote]
sofiaalb
Utente Junior
 
Post: 12
Iscritto il: 13/08/07 15:10

Postdi Luke57 » 14/08/07 17:56

Ciao, generalmente i tools che hai usato non ripuliscono del tutto il sistema da linkoptimizer come avrai già notato dal log di hijackthis, per cui scarica system scan da qui:
http://www.suspectfile.com/systemscan
mettilo sul desktop, spunti tutte le caselle, premi scan now.
Al termine della scansione, vai in C:\suspectfile e carica la cartella .zip che trovi su questo sito:
http://www.sendmefile.com/
o in altro sito di hosting tipo easysharecom
(una volta inserito verifica che l'inserimento sia andato a buon fine)
fai l’upload della cartella .zip e inserisci nel tuo post successivo il link che ti sarà fornito per poterla vedere.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi sofiaalb » 16/08/07 12:58

sofiaalb
Utente Junior
 
Post: 12
Iscritto il: 13/08/07 15:10

Postdi Luke57 » 16/08/07 14:06

Ciao, Scarica The Avenger
http://swandog46.geekstogo.com/avenger.zip


Poi avvia il file Avenger.exe.
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno dello spazio bianco copia ed incolla questo script:


registry values to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList | yKZz

Registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E79ACB0-914C-23C2-C64E-19525A2536F2}
HKLM\System\CurrentControlSet\Services\JOc


folders to delete:
C:\documents and settings\yKZz
C:\windows\temp
C:\DOCUME~1\Alberto\IMPOST~1\Temp

File sto delete:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR10.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR11.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR12.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR13.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR2.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR3.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR4.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR5.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR6.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR7.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR8.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR9.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRA.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRB.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRC.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRD.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRE.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRF.tmp


Clicca sul pulsante Done
Adesso clicca sul semaforo con la luce verde
Rispondi Yes 2 volte
Il pc si dovrebbe riavviare,se non si riavvia,riavvialo manualmente

Al riavvio collegati e posta il contenuto del file C:\Avenger.txt
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi sofiaalb » 16/08/07 15:07

Ciao Luke ecco il contenuto del logfile di avenger,purtroppo molti file nn è riuscito ad eliminarli..

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ucthlhci

*******************

Script file located at: \??\C:\Documents and Settings\wyojuuva.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\System\CurrentControlSet\Services\JOc deleted successfully.
Folder C:\documents and settings\yKZz deleted successfully.
Folder C:\windows\temp deleted successfully.
Folder C:\DOCUME~1\Alberto\IMPOST~1\Temp deleted successfully.


Folder File sto delete: not found!
Deletion of folder File sto delete: failed!

Could not process line:
File sto delete:
Status: 0xc0000034



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR10.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR10.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR10.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR11.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR11.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR11.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR12.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR12.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR12.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR13.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR13.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR13.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR2.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR2.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR2.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR3.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR3.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR3.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR4.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR4.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR4.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR5.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR5.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR5.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR6.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR6.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR6.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR7.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR7.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR7.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR8.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR8.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR8.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR9.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR9.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR9.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRA.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRA.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRA.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRB.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRB.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRB.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRC.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRC.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRC.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRD.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRD.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRD.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRE.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRE.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRE.tmp
Status: 0xc000003a



Could not open folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRF.tmp for deletion
Deletion of folder C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRF.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRF.tmp
Status: 0xc000003a

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList|yKZz deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E79ACB0-914C-23C2-C64E-19525A2536F2} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Gli altri file possono essere eliminati manualmente cercandoli con Trova di Windows? Aspetto i prossimi passi da fare..come sempre grazie per la disponibilità..
sofiaalb
Utente Junior
 
Post: 12
Iscritto il: 13/08/07 15:10

Postdi SkunkWorks 68 » 16/08/07 17:31

Service Pack 2 me lo ha scaricato ma ricordo che quando provai ad installarlo mi dava errore e alla fine nn me lo faceva fare..

E allora c'era già qualcosa che non andava prima...(vuoi un driver che faceva casino-capitato anche a me;rarissimi sono i casi in cui è necessario aggiornare il BIOS della scheda madre,in genere su macchine vecchiotte,se disponibile un aggiornamento).
Al solito bisognerebbe installare( partendo con il CD già con il SP 2 integrato,meglio) e poi connettersi ad internet...ed eseguire tutti i successivi aggiornamenti.
Il sistema è originale e regolarmente licenziato?
Con il XP senza i service packs in rete è praticamente impossibile stare(continuerò a ripeterlo).
Ciao
"Quando ti svegli la mattina,pensa quale prezioso privilegio e’ essere vivi:respirare, pensare,provare gioia e amare"(Marco Aurelio).
Avatar utente
SkunkWorks 68
Utente Senior
 
Post: 2336
Iscritto il: 03/03/07 08:55

Postdi Luke57 » 16/08/07 21:06

Ciao, ho sbagliato lo script per la cancellazione dei files, riutilizza avenger e inserisci questo script:


Files to delete:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR10.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR11.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR12.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR13.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR2.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR3.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR4.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR5.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR6.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR7.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR8.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR9.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRA.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRB.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRC.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRD.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRE.tmp
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRF.tmp


Vedrai che riuscirai a eliminarli.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi sofiaalb » 16/08/07 21:08

E allora c'era già qualcosa che non andava prima...(vuoi un driver che faceva casino-capitato anche a me;rarissimi sono i casi in cui è necessario aggiornare il BIOS della scheda madre,in genere su macchine vecchiotte,se disponibile un aggiornamento).
Al solito bisognerebbe installare( partendo con il CD già con il SP 2 integrato,meglio) e poi connettersi ad internet...ed eseguire tutti i successivi aggiornamenti.
Il sistema è originale e regolarmente licenziato?
Con il XP senza i service packs in rete è praticamente impossibile stare(continuerò a ripeterlo).
Ciao

Ciao,il computer è un pò vecchio di anni,ma è pur sempre un Pentium 4...il sistema è originale e regolarmente licenziato..alla fine dell'installazione però mi dice che c'è un problem sulla licenza mi pare (come se nn fosse originale..ma in realtà lo è)poi tutti gli altri aggiornamenti automatici li installa tranquillamente quindi non so..per fortuna mi connetto solo in estate da questo pc quando torno a casa,ma ogni volta è sempre una battaglia,hai proprio ragione...
sofiaalb
Utente Junior
 
Post: 12
Iscritto il: 13/08/07 15:10

Postdi sofiaalb » 17/08/07 01:48

X luke : sorry ma nemmeno stavolta sono riuscito ad eliminarli,quindi l'errore non era sul "file sto delete" al posto di file to delete"..che faccio?


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\torpvsjs

*******************

Script file located at: \??\C:\tbsyectw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR10.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR10.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR10.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR11.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR11.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR11.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR12.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR12.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR12.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR13.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR13.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR13.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR2.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR2.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR2.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR3.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR3.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR3.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR4.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR4.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR4.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR5.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR5.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR5.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR6.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR6.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR6.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR7.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR7.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR7.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR8.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR8.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR8.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR9.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR9.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXR9.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRA.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRA.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRA.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRB.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRB.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRB.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRC.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRC.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRC.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRD.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRD.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRD.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRE.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRE.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRE.tmp
Status: 0xc0000034



File C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRF.tmp not found!
Deletion of file C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRF.tmp failed!

Could not process line:
C:\Documents and Settings\Alberto\Impostazioni locali\Temp\PXRF.tmp
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
sofiaalb
Utente Junior
 
Post: 12
Iscritto il: 13/08/07 15:10

Postdi Luke57 » 17/08/07 10:25

Ciao, i files sembra che non ci siano più.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi sofiaalb » 01/09/07 15:06

Luke57 ha scritto:Ciao, i files sembra che non ci siano più.


Ciao Luke purtroppo a distanza di 2 settimane è nuovamente ricomparso il dialer Connection! Uff ..o sono sfigato e lo piglio sempre:) oppure mi sa che non è stato del tutto eliminato..posto nuovo logfile di hijackthis..sapete come aiutarmi??ormai sto dialer è diventato una tortura..ciao e grazie..

ogfile of HijackThis v1.99.1
Scan saved at 15.59.29, on 01/09/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Creative\News\NewsUpd.EXE
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forumfree.net/?c=75878
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\DAP\DAPIEBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NewsUpd] C:\Programmi\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmi\Creative\Shared Files\CamTray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2057E707-FA09-451B-972F-9CFBA9F2423C} (Tiscali702) - http://www.tiscali.it/cabs/Tiscali702.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thewallofrekiankit.spaces.live.c ... nPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
sofiaalb
Utente Junior
 
Post: 12
Iscritto il: 13/08/07 15:10

local internet x tutti ma sopratt. x oscar_nik e moderatore

Postdi aquilanera73 » 01/09/07 15:19

Signori, anche io ho un problema con local internet e non so come estirparlo, ho seguito i consigli dati a oscar_nik ma manca l'applicativo, e poi ie non mi funziona, si blocca e devo per forza chiuderlo da task manager e utilizzare mozilla.

Vi posto il mio log prima quello con hijackthis e poi quello del suspectfile del sito http://w13.easy-share.com/1078916.html


Logfile of HijackThis v1.99.1
Scan saved at 16.14.23, on 01/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\DOCUME~1\me\IMPOST~1\Temp\1188448802.dat.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Azureus\Azureus.exe
C:\Programmi\No-IP\DUC20.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\me\Documenti\hijackthis_199\HijackThis.exe
C:\Documents and Settings\me\Documenti\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programmi\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Opware12] "C:\Programmi\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [OP12 Reminder] "C:\Programmi\ScanSoft\OmniPagePro12.0\EregEng\Ereg.exe" -r "C:\Programmi\ScanSoft\OmniPagePro12.0\EregEng\Ereg.ini"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [crtfmon] C:\DOCUME~1\me\IMPOST~1\Temp\1188448802.dat.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?0ba33f6ca8df49ac910c7c74a836a394
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?0ba33f6ca8df49ac910c7c74a836a394
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.whataboutarabit.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9004745-42AE-4B12-B07E-6EEE41277F06}: NameServer = 85.37.17.39 85.38.28.71
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
----

suspect file

SystemScan - http://www.suspectfile.com - ver. 3.0.2

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)

Date: 01/09/2007
Time: 8.01.48

Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Duplicates in BAK folders
-Device Driver Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files
-Include hijackthis.log

-------------Users folders -------------

29/08/2007 11.19.14 (DIR) ---- 0003 days old -- All Users
29/08/2007 11.23.29 (DIR) -HS- 0003 days old -- NetworkService
29/08/2007 11.23.48 (DIR) -HS- 0003 days old -- LocalService
29/08/2007 11.42.58 (DIR) -H-- 0003 days old -- Default User
31/08/2007 18.39.56 (DIR) ---- 0001 days old -- me

Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| Guest
| HelpAssistant (Disabled)
Yes | me
| SUPPORT_388945a0 (Disabled)

-------------Recent files (60 days old)-------------

------------- Showing files newer than 60 days in C:\

29/08/2007 11.20.15 A--- 0003 days old -- CONFIG.SYS
29/08/2007 11.20.15 AHSR 0003 days old -- IO.SYS
29/08/2007 11.20.15 AHSR 0003 days old -- MSDOS.SYS
29/08/2007 11.20.15 A--- 0003 days old -- AUTOEXEC.BAT
29/08/2007 11.23.51 (DIR) -HS- 0003 days old -- System Volume Information
29/08/2007 11.24.34 (DIR) ---- 0003 days old -- Documents and Settings
29/08/2007 11.29.33 -HSR 0003 days old -- boot.ini
29/08/2007 11.29.49 (DIR) ---- 0003 days old -- NVIDIA
29/08/2007 11.55.38 (DIR) -H-- 0003 days old -- BJPrinter
29/08/2007 11.57.58 (DIR) -HS- 0003 days old -- RECYCLER
29/08/2007 12.11.28 (DIR) ---- 0003 days old -- LGCamImg
29/08/2007 12.34.56 (DIR) -H-R 0003 days old -- MSOCache
29/08/2007 15.26.29 AH-- 0003 days old -- sqmdata07.sqm
29/08/2007 15.26.29 AH-- 0003 days old -- sqmnoopt07.sqm
29/08/2007 15.26.37 AH-- 0003 days old -- sqmnoopt08.sqm
29/08/2007 15.26.37 AH-- 0003 days old -- sqmdata08.sqm
29/08/2007 15.26.59 AH-- 0003 days old -- sqmnoopt09.sqm
29/08/2007 15.26.59 AH-- 0003 days old -- sqmdata09.sqm
29/08/2007 15.27.20 AH-- 0003 days old -- sqmdata10.sqm
29/08/2007 15.27.20 AH-- 0003 days old -- sqmnoopt10.sqm
29/08/2007 15.27.23 AH-- 0003 days old -- sqmdata11.sqm
29/08/2007 15.27.23 AH-- 0003 days old -- sqmnoopt11.sqm
29/08/2007 15.27.34 AH-- 0003 days old -- sqmdata12.sqm
29/08/2007 15.27.34 AH-- 0003 days old -- sqmnoopt12.sqm
29/08/2007 15.27.58 AH-- 0003 days old -- sqmnoopt13.sqm
29/08/2007 15.27.58 AH-- 0003 days old -- sqmdata13.sqm
29/08/2007 15.27.59 AH-- 0003 days old -- sqmnoopt14.sqm
29/08/2007 15.27.59 AH-- 0003 days old -- sqmdata14.sqm
29/08/2007 15.28.08 AH-- 0003 days old -- sqmdata15.sqm
29/08/2007 15.28.08 AH-- 0003 days old -- sqmnoopt15.sqm
29/08/2007 15.28.14 AH-- 0003 days old -- sqmdata16.sqm
29/08/2007 15.28.14 AH-- 0003 days old -- sqmnoopt16.sqm
29/08/2007 15.28.17 AH-- 0003 days old -- sqmnoopt17.sqm
29/08/2007 15.28.17 AH-- 0003 days old -- sqmdata17.sqm
29/08/2007 15.28.33 AH-- 0003 days old -- sqmnoopt18.sqm
29/08/2007 15.28.33 AH-- 0003 days old -- sqmdata18.sqm
29/08/2007 15.28.40 AH-- 0003 days old -- sqmnoopt19.sqm
29/08/2007 15.28.40 AH-- 0003 days old -- sqmdata19.sqm
29/08/2007 15.29.04 AH-- 0003 days old -- sqmdata00.sqm
29/08/2007 15.29.04 AH-- 0003 days old -- sqmnoopt00.sqm
29/08/2007 15.29.06 AH-- 0003 days old -- sqmdata01.sqm
29/08/2007 15.29.06 AH-- 0003 days old -- sqmnoopt01.sqm
29/08/2007 15.30.43 AH-- 0003 days old -- sqmdata02.sqm
29/08/2007 15.30.43 AH-- 0003 days old -- sqmnoopt02.sqm
30/08/2007 09.36.06 (DIR) ---- 0002 days old -- Program Files
30/08/2007 09.48.06 (DIR) ---R 0002 days old -- Programmi
30/08/2007 13.04.41 (DIR) ---- 0002 days old -- Temp
30/08/2007 13.06.37 (DIR) ---- 0002 days old -- WINDOWS
31/08/2007 03.44.01 AH-- 0001 days old -- sqmnoopt03.sqm
31/08/2007 03.44.01 AH-- 0001 days old -- sqmdata03.sqm
31/08/2007 10.49.42 (DIR) ---- 0001 days old -- pagefile.sys
31/08/2007 11.53.58 AH-- 0001 days old -- sqmnoopt04.sqm
31/08/2007 11.53.58 AH-- 0001 days old -- sqmdata04.sqm
31/08/2007 13.24.41 AH-- 0001 days old -- sqmdata05.sqm
31/08/2007 13.24.41 AH-- 0001 days old -- sqmnoopt05.sqm
31/08/2007 23.50.38 (DIR) ---- 0001 days old -- scarico
31/08/2007 23.52.39 AH-- 0001 days old -- sqmnoopt06.sqm
31/08/2007 23.52.40 AH-- 0001 days old -- sqmdata06.sqm
01/09/2007 08.01.48 (DIR) ---- 0000 days old -- suspectfile

------------- Showing files newer than 60 days in C:\WINDOWS\

29/08/2007 11.15.46 A--- 0003 days old -- cmsetacl.log
29/08/2007 11.16.42 (DIR) ---- 0003 days old -- Cursors
29/08/2007 11.16.59 A--- 0003 days old -- DtcInstall.log
29/08/2007 11.17.06 A--- 0003 days old -- vb.ini
29/08/2007 11.17.06 A--- 0003 days old -- vbaddin.ini
29/08/2007 11.17.41 A--- 0003 days old -- sessmgr.setup.log
29/08/2007 11.17.56 (DIR) ---- 0003 days old -- pchealth
29/08/2007 11.18.42 (DIR) ---- 0003 days old -- srchasst
29/08/2007 11.18.58 AH-R 0003 days old -- WindowsShell.Manifest
29/08/2007 11.19.04 (DIR) ---R 0003 days old -- Offline Web Pages
29/08/2007 11.19.06 (DIR) ---R 0003 days old -- Web
29/08/2007 11.19.55 (DIR) ---- 0003 days old -- Registration
29/08/2007 11.20.01 A--- 0003 days old -- ODBCINST.INI
29/08/2007 11.20.11 A--- 0003 days old -- WMSysPr9.prx
29/08/2007 11.20.15 A--- 0003 days old -- control.ini
29/08/2007 11.20.33 (DIR) ---- 0003 days old -- repair
29/08/2007 11.20.33 (DIR) ---- 0003 days old -- ime
29/08/2007 11.23.32 A--- 0003 days old -- REGLOCS.OLD
29/08/2007 11.24.32 A--- 0003 days old -- setuplog.txt
29/08/2007 11.24.37 (DIR) ---- 0003 days old -- SoftwareDistribution
29/08/2007 11.24.43 A--- 0003 days old -- OEWABLog.txt
29/08/2007 11.31.37 A--- 0003 days old -- DPINST.LOG
29/08/2007 11.32.18 (DIR) ---- 0003 days old -- nview
29/08/2007 11.41.37 (DIR) ---- 0003 days old -- Media
29/08/2007 11.42.05 A--- 0003 days old -- SBWIN.INI
29/08/2007 11.46.39 (DIR) ---- 0003 days old -- addins
29/08/2007 11.51.48 A--- 0003 days old -- AWMODEM.INF
29/08/2007 12.01.55 A--- 0003 days old -- setupact.log
29/08/2007 12.04.51 A--- 0003 days old -- WirelessFTP.INI
29/08/2007 12.05.08 A--- 0003 days old -- tosOBEX.INI
29/08/2007 12.06.56 A--- 0003 days old -- wwdslcfg.log
29/08/2007 12.09.22 (DIR) ---- 0003 days old -- twain_32
29/08/2007 12.11.40 A--- 0003 days old -- LgCam35.ini
29/08/2007 12.20.13 A--- 0003 days old -- nsw.log
29/08/2007 12.22.54 (DIR) ---- 0003 days old -- security
29/08/2007 12.35.00 (DIR) ---- 0003 days old -- system
29/08/2007 12.38.05 (DIR) ---- 0003 days old -- SHELLNEW
29/08/2007 12.38.13 (DIR) --SR 0003 days old -- Fonts
29/08/2007 12.38.51 A--- 0003 days old -- ODBC.INI
29/08/2007 12.41.25 A--- 0003 days old -- MAXLINK.INI
29/08/2007 12.55.31 A--- 0003 days old -- wsftperr.log
29/08/2007 12.57.57 A--- 0003 days old -- iun6002.exe
29/08/2007 12.57.57 A--- 0003 days old -- C6 Messenger Setup Log.txt
29/08/2007 12.58.01 A--- 0003 days old -- C6 Helper Setup Log.txt
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- Connection Wizard
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- Config
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- Provisioning
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- Resources
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- mui
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- Driver Cache
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- msapps
29/08/2007 13.01.05 (DIR) ---- 0003 days old -- msagent
29/08/2007 13.01.17 (DIR) ---- 0003 days old -- PeerNet
29/08/2007 13.01.26 (DIR) ---- 0003 days old -- ehome
29/08/2007 13.01.27 (DIR) ---- 0003 days old -- AppPatch
29/08/2007 13.02.32 (DIR) ---- 0003 days old -- Debug
29/08/2007 13.02.34 A--- 0003 days old -- setuperr.log
29/08/2007 13.03.38 A--- 0003 days old -- system.ini
29/08/2007 13.03.39 A--- 0003 days old -- regopt.log
29/08/2007 13.07.18 A--- 0003 days old -- Sti_Trace.log
29/08/2007 14.02.24 (DIR) ---- 0003 days old -- WinSxS
29/08/2007 14.05.32 (DIR) ---- 0003 days old -- java
29/08/2007 14.05.37 A--- 0003 days old -- vminst.log
29/08/2007 14.24.02 A--- 0003 days old -- DirectX.log
29/08/2007 14.40.17 A--- 0003 days old -- nsreg.dat
29/08/2007 14.51.29 (DIR) -H-- 0003 days old -- $hf_mig$
29/08/2007 14.51.39 (DIR) -H-- 0003 days old -- $NtUninstallKB921883$
29/08/2007 14.51.45 A--- 0003 days old -- updspapi.log
29/08/2007 14.53.20 A--- 0003 days old -- KB921883.log
29/08/2007 15.02.58 (DIR) --S- 0003 days old -- Tasks
29/08/2007 15.03.50 A--- 0003 days old -- GEARInstall.log
29/08/2007 15.05.42 A--- 0003 days old -- QTFont.for
29/08/2007 15.12.06 (DIR) -H-- 0003 days old -- $NtUninstallwmp11$
29/08/2007 15.12.09 (DIR) ---- 0003 days old -- Help
29/08/2007 15.12.23 A--- 0003 days old -- wmp11.log
29/08/2007 15.12.23 A--- 0003 days old -- imsins.BAK
29/08/2007 15.13.05 (DIR) -H-- 0003 days old -- $NtUninstallWMFDist11$
29/08/2007 15.13.19 A--- 0003 days old -- msmqinst.log
29/08/2007 15.13.20 A--- 0003 days old -- FaxSetup.log
29/08/2007 15.13.20 A--- 0003 days old -- msgsocm.log
29/08/2007 15.13.20 A--- 0003 days old -- ocgen.log
29/08/2007 15.13.20 A--- 0003 days old -- netfxocm.log
29/08/2007 15.13.20 A--- 0003 days old -- MedCtrOC.log
29/08/2007 15.13.26 A--- 0003 days old -- tabletoc.log
29/08/2007 15.13.26 A--- 0003 days old -- WMFDist11.log
29/08/2007 15.13.26 A--- 0003 days old -- tsoc.log
29/08/2007 15.13.26 A--- 0003 days old -- comsetup.log
29/08/2007 15.13.26 A--- 0003 days old -- ntdtcsetup.log
29/08/2007 15.13.26 A--- 0003 days old -- iis6.log
29/08/2007 15.13.26 A--- 0003 days old -- ocmsn.log
29/08/2007 15.13.26 A--- 0003 days old -- imsins.log
29/08/2007 15.14.49 A--- 0003 days old -- win.ini
29/08/2007 15.14.51 A--- 0003 days old -- wmsetup10.log
29/08/2007 15.14.52 A--- 0003 days old -- wmsetup.log
29/08/2007 17.48.25 A--- 0003 days old -- spupdsvc.log
29/08/2007 20.31.36 (DIR) --S- 0003 days old -- Downloaded Program Files
29/08/2007 23.36.57 (DIR) ---- 0003 days old -- bak
29/08/2007 23.42.00 A--- 0003 days old -- UpdReg.EXE
30/08/2007 08.50.39 (DIR) ---- 0002 days old -- system32
30/08/2007 08.50.46 A--- 0002 days old -- mozver.dat
30/08/2007 08.50.46 (DIR) -HS- 0002 days old -- Installer
30/08/2007 08.51.18 (DIR) ---- 0002 days old -- Sun
30/08/2007 08.56.04 (DIR) -H-- 0002 days old -- inf
30/08/2007 08.56.04 A--- 0002 days old -- setupapi.log
30/08/2007 11.56.13 AH-- 0002 days old -- QTFont.qfn
30/08/2007 13.08.56 A--- 0002 days old -- PhotoSnapViewer.INI
31/08/2007 01.07.29 A--- 0001 days old -- SchedLgU.Txt
31/08/2007 10.49.48 A-S- 0001 days old -- bootstat.dat
31/08/2007 10.50.10 A--- 0001 days old -- wiaservc.log
31/08/2007 10.50.12 A--- 0001 days old -- wiadebug.log
31/08/2007 10.50.13 A--- 0001 days old -- {00000000-00000000-0000000C-00001102-00000002-80611102}.CDF
31/08/2007 10.50.13 A--- 0001 days old -- {00000000-00000000-0000000C-00001102-00000002-80611102}.BAK
31/08/2007 10.50.16 A--- 0001 days old -- ModemLog_Generic SoftK56 Data Fax.txt
31/08/2007 10.50.17 A--- 0001 days old -- 0.log
31/08/2007 10.56.03 A--- 0001 days old -- WindowsUpdate.log
01/09/2007 06.57.13 (DIR) ---- 0000 days old -- Temp
01/09/2007 07.48.29 (DIR) ---- 0000 days old -- Prefetch

------------- Showing files newer than 60 days in C:\WINDOWS\Downloaded Program Files\

29/08/2007 11.19.04 -H-- 0003 days old -- desktop.ini

------------- Showing files newer than 60 days in C:\WINDOWS\system\


------------- Showing files newer than 60 days in C:\WINDOWS\system32\

12/07/2007 01.22.00 A--- 0051 days old -- java.exe
12/07/2007 01.22.04 A--- 0051 days old -- javaw.exe
12/07/2007 02.22.36 A--- 0051 days old -- javacpl.cpl
12/07/2007 02.22.38 A--- 0051 days old -- javaws.exe
27/07/2007 23.57.49 A--- 0036 days old -- AVASTSS.scr
28/07/2007 00.07.21 A--- 0035 days old -- aswBoot.exe
29/08/2007 11.15.42 (DIR) ---- 0003 days old -- spool
29/08/2007 11.17.00 (DIR) ---- 0003 days old -- MsDtc
29/08/2007 11.17.19 A--- 0003 days old -- emptyregdb.dat
29/08/2007 11.17.21 (DIR) ---- 0003 days old -- Com
29/08/2007 11.18.28 (DIR) ---- 0003 days old -- oobe
29/08/2007 11.18.58 AH-R 0003 days old -- sapi.cpl.manifest
29/08/2007 11.18.58 AH-R 0003 days old -- cdplayer.exe.manifest
29/08/2007 11.18.58 AH-R 0003 days old -- wuaucpl.cpl.manifest
29/08/2007 11.18.58 AH-R 0003 days old -- ncpa.cpl.manifest
29/08/2007 11.18.58 AH-R 0003 days old -- nwc.cpl.manifest
29/08/2007 11.19.03 AH-R 0003 days old -- WindowsLogon.manifest
29/08/2007 11.19.03 AH-R 0003 days old -- logonui.exe.manifest
29/08/2007 11.19.43 (DIR) ---- 0003 days old -- ias
29/08/2007 11.20.33 (DIR) ---- 0003 days old -- xircom
29/08/2007 11.20.33 (DIR) ---- 0003 days old -- wbem
29/08/2007 11.22.46 A--- 0003 days old -- $winnt$.inf
29/08/2007 11.23.49 (DIR) --S- 0003 days old -- Microsoft
29/08/2007 11.23.50 (DIR) ---- 0003 days old -- Restore
29/08/2007 11.24.33 A--- 0003 days old -- wpa.dbl
29/08/2007 11.41.48 (DIR) ---- 0003 days old -- Data
29/08/2007 11.42.55 (DIR) ---- 0003 days old -- Defaults
29/08/2007 11.45.31 (DIR) ---- 0003 days old -- ReinstallBackups
29/08/2007 11.46.40 A--- 0003 days old -- perfh009.dat
29/08/2007 11.46.40 A--- 0003 days old -- perfc010.dat
29/08/2007 11.46.40 A--- 0003 days old -- perfc009.dat
29/08/2007 11.46.40 A--- 0003 days old -- perfh010.dat
29/08/2007 11.46.40 A--- 0003 days old -- PerfStringBackup.INI
29/08/2007 11.46.46 A--- 0003 days old -- mapisvc.inf
29/08/2007 11.55.43 (DIR) ---- 0003 days old -- FxsTmp
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- 1042
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- IME
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- inetsrv
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- 1041
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- 1028
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- 1025
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- 1037
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- 1031
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- 3com_dmi
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- ShellExt
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- dhcp
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- wins
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- export
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- 1054
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- mui
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- 3076
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- 2052
29/08/2007 12.59.13 (DIR) ---- 0003 days old -- 1033
29/08/2007 12.59.32 (DIR) ---- 0003 days old -- icsxml
29/08/2007 12.59.36 (DIR) ---- 0003 days old -- ras
29/08/2007 12.59.43 (DIR) ---- 0003 days old -- 1040
29/08/2007 13.01.09 (DIR) ---- 0003 days old -- npp
29/08/2007 13.01.32 (DIR) ---- 0003 days old -- usmt
29/08/2007 13.01.39 (DIR) ---- 0003 days old -- Setup
29/08/2007 13.02.57 (DIR) ---- 0003 days old -- CatRoot
29/08/2007 13.15.17 A--- 0003 days old -- h323log.txt
29/08/2007 13.48.01 A--- 0003 days old -- FNTCACHE.DAT
29/08/2007 13.48.03 (DIR) ---- 0003 days old -- config
29/08/2007 14.02.26 (DIR) ---- 0003 days old -- DRVSTORE
29/08/2007 14.24.02 (DIR) ---- 0003 days old -- DirectX
29/08/2007 15.12.21 A--- 0003 days old -- amcompat.tlb
29/08/2007 15.12.21 A--- 0003 days old -- nscompat.tlb
29/08/2007 15.13.11 (DIR) ---- 0003 days old -- drivers
29/08/2007 23.36.56 (DIR) ---- 0003 days old -- bak
29/08/2007 23.44.22 (DIR) -HSR 0003 days old -- dllcache
29/08/2007 23.50.44 (DIR) ---- 0003 days old -- LogFiles
30/08/2007 00.15.58 A--- 0002 days old -- CONFIG.NT
30/08/2007 00.20.59 (DIR) ---- 0002 days old -- Macromed
30/08/2007 08.50.38 A--- 0002 days old -- jupdate-1.6.0_02-b06.log
30/08/2007 08.56.01 (DIR) ---- 0002 days old -- CatRoot2
31/08/2007 10.44.20 A--- 0001 days old -- BMXCtrlState-{00000000-00000000-0000000C-00001102-00000002-80611102}.rfx
31/08/2007 10.44.20 A--- 0001 days old -- BMXBkpCtrlState-{00000000-00000000-0000000C-00001102-00000002-80611102}.rfx
31/08/2007 10.44.20 A--- 0001 days old -- DVCStateBkp-{00000000-00000000-0000000C-00001102-00000002-80611102}.dat
31/08/2007 10.44.20 A--- 0001 days old -- BMXState-{00000000-00000000-0000000C-00001102-00000002-80611102}.rfx
31/08/2007 10.44.20 A--- 0001 days old -- settingsbkup.sfm
31/08/2007 10.44.20 A--- 0001 days old -- settings.sfm
31/08/2007 10.44.20 A--- 0001 days old -- DVCState-{00000000-00000000-0000000C-00001102-00000002-80611102}.dat
31/08/2007 10.44.20 A--- 0001 days old -- BMXStateBkp-{00000000-00000000-0000000C-00001102-00000002-80611102}.rfx
31/08/2007 10.49.59 A--- 0001 days old -- nvapps.xml

------------- Showing files newer than 60 days in C:\WINDOWS\system32\drivers\

27/07/2007 23.58.36 A--- 0036 days old -- aavmker4.sys
27/07/2007 23.59.57 A--- 0036 days old -- aswTdi.sys
28/07/2007 00.00.39 A--- 0035 days old -- aswRdr.sys
28/07/2007 00.02.34 A--- 0035 days old -- aswmon2.sys
28/07/2007 00.02.49 A--- 0035 days old -- aswmon.sys
29/08/2007 12.20.04 (DIR) ---- 0003 days old -- etc
29/08/2007 12.33.26 A--- 0003 days old -- pcouffin.sys
29/08/2007 12.58.26 (DIR) ---- 0003 days old -- disdn
29/08/2007 15.13.11 (DIR) ---- 0003 days old -- umdf

------------- Showing files newer than 60 days in C:\WINDOWS\temp\

29/08/2007 11.41.38 (DIR) ---- 0003 days old -- {FD851F7E-F887-405D-9E1C-488811113EF3}
29/08/2007 11.41.43 (DIR) ---- 0003 days old -- {9A4D2983-4662-4387-BE3D-4CFC2FA9C100}
29/08/2007 11.41.47 (DIR) ---- 0003 days old -- CTZAPXX
29/08/2007 11.46.45 A--- 0003 days old -- T30DebugLogFile.txt
29/08/2007 12.23.51 A--- 0003 days old -- Perflib_Perfdata_14c.dat
30/08/2007 06.38.25 A--- 0002 days old -- Perflib_Perfdata_4b4.dat
30/08/2007 10.43.32 A--- 0002 days old -- Perflib_Perfdata_460.dat
30/08/2007 19.28.12 A--- 0002 days old -- Perflib_Perfdata_4a0.dat
31/08/2007 01.08.29 A--- 0001 days old -- Perflib_Perfdata_46c.dat
31/08/2007 10.50.05 A--- 0001 days old -- Perflib_Perfdata_458.dat
01/09/2007 07.40.14 (DIR) ---- 0000 days old -- _avast4_

------------- Showing files newer than 60 days in C:\Programmi\

29/08/2007 11.16.38 (DIR) ---- 0003 days old -- Windows NT
29/08/2007 11.16.45 (DIR) ---- 0003 days old -- MSN Gaming Zone
29/08/2007 11.17.08 (DIR) ---- 0003 days old -- ComPlus Applications
29/08/2007 11.18.02 (DIR) ---- 0003 days old -- Movie Maker
29/08/2007 11.18.10 (DIR) ---- 0003 days old -- Outlook Express
29/08/2007 11.18.13 (DIR) ---- 0003 days old -- NetMeeting
29/08/2007 11.18.50 (DIR) ---- 0003 days old -- Servizi in linea
29/08/2007 11.18.54 (DIR) -H-- 0003 days old -- WindowsUpdate
29/08/2007 11.20.33 (DIR) ---- 0003 days old -- microsoft frontpage
29/08/2007 11.20.33 (DIR) ---- 0003 days old -- xerox
29/08/2007 11.24.40 (DIR) -H-- 0003 days old -- Uninstall Information
29/08/2007 11.29.42 (DIR) ---- 0003 days old -- DIFX
29/08/2007 11.41.37 (DIR) ---- 0003 days old -- Creative
29/08/2007 11.45.32 (DIR) ---- 0003 days old -- CONEXANT
29/08/2007 11.59.28 (DIR) ---- 0003 days old -- Toshiba
29/08/2007 12.22.29 (DIR) ---- 0003 days old -- Alwil Software
29/08/2007 12.33.26 (DIR) ---- 0003 days old -- DVDFab Platinum 3
29/08/2007 12.34.23 (DIR) ---- 0003 days old -- WinRAR
29/08/2007 12.37.13 (DIR) ---- 0003 days old -- Microsoft Visual Studio
29/08/2007 12.37.20 (DIR) ---- 0003 days old -- Microsoft Works
29/08/2007 12.37.26 (DIR) ---- 0003 days old -- Microsoft Office
29/08/2007 12.38.05 (DIR) ---- 0003 days old -- Microsoft.NET
29/08/2007 12.40.58 (DIR) ---- 0003 days old -- ScanSoft
29/08/2007 12.49.40 (DIR) ---- 0003 days old -- CyberLink
29/08/2007 12.55.51 (DIR) ---- 0003 days old -- WS_FTP Pro
29/08/2007 12.58.30 (DIR) ---- 0003 days old -- C6 Messenger
29/08/2007 14.00.33 (DIR) ---- 0003 days old -- No-IP
29/08/2007 14.02.24 (DIR) ---- 0003 days old -- MSN Messenger
29/08/2007 14.02.59 (DIR) ---- 0003 days old -- Windows Live Toolbar
29/08/2007 14.06.01 (DIR) ---- 0003 days old -- TIM
29/08/2007 14.08.10 (DIR) ---- 0003 days old -- VideoLAN
29/08/2007 14.24.20 (DIR) ---- 0003 days old -- Nero
29/08/2007 15.01.29 (DIR) ---- 0003 days old -- Media Player Classic
29/08/2007 15.01.32 (DIR) ---- 0003 days old -- Real Alternative
29/08/2007 15.02.57 (DIR) ---- 0003 days old -- Apple Software Update
29/08/2007 15.03.26 (DIR) ---- 0003 days old -- Internet Explorer
29/08/2007 15.03.40 (DIR) ---- 0003 days old -- iPod
29/08/2007 15.10.18 (DIR) ---- 0003 days old -- K-Lite Codec Pack
29/08/2007 15.12.12 (DIR) ---- 0003 days old -- Windows Media Connect 2
29/08/2007 15.13.11 (DIR) ---- 0003 days old -- Windows Media Player
29/08/2007 15.36.00 (DIR) ---- 0003 days old -- Skype
29/08/2007 15.53.32 (DIR) ---- 0003 days old -- eMule
29/08/2007 17.48.03 (DIR) ---- 0003 days old -- Google
29/08/2007 20.22.23 (DIR) ---- 0003 days old -- Adobe
29/08/2007 23.36.56 (DIR) ---- 0003 days old -- Messenger
29/08/2007 23.44.12 (DIR) ---- 0003 days old -- iTunes
29/08/2007 23.44.12 (DIR) ---- 0003 days old -- QuickTime
30/08/2007 08.48.43 (DIR) ---- 0002 days old -- File comuni
30/08/2007 08.50.38 (DIR) ---- 0002 days old -- Java
30/08/2007 08.50.46 (DIR) ---- 0002 days old -- Mozilla Firefox
30/08/2007 09.00.44 (DIR) -H-- 0002 days old -- InstallShield Installation Information
30/08/2007 09.43.23 (DIR) ---- 0002 days old -- ICQLite
31/08/2007 10.56.22 (DIR) ---- 0001 days old -- Azureus

------------- Showing files newer than 60 days in C:\Programmi\File comuni\

29/08/2007 11.18.09 (DIR) ---- 0003 days old -- MSSoap
29/08/2007 11.18.12 (DIR) ---- 0003 days old -- Services
29/08/2007 11.41.22 (DIR) ---- 0003 days old -- InstallShield
29/08/2007 12.37.04 (DIR) ---- 0003 days old -- System
29/08/2007 12.37.24 (DIR) ---- 0003 days old -- DESIGNER
29/08/2007 12.41.12 (DIR) ---- 0003 days old -- L&H Shared
29/08/2007 12.41.26 (DIR) ---- 0003 days old -- ScanSoft Shared
29/08/2007 13.03.39 (DIR) ---- 0003 days old -- SpeechEngines
29/08/2007 13.03.43 (DIR) ---- 0003 days old -- ODBC
29/08/2007 14.02.36 (DIR) ---- 0003 days old -- Microsoft Shared
29/08/2007 14.15.47 (DIR) ---- 0003 days old -- Adobe
29/08/2007 14.16.04 (DIR) ---- 0003 days old -- Adobe Systems Shared
29/08/2007 14.25.27 (DIR) ---- 0003 days old -- Ahead
29/08/2007 15.36.00 (DIR) ---- 0003 days old -- Skype
30/08/2007 08.48.43 (DIR) ---- 0002 days old -- Java

-------------Duplicates in BAK folders-------------

BAK folders found:

C:\Programmi\Alwil Software\Avast4\bak

28/07/2007 00.03.34 - 75128 - ashDisp.exe

C:\Programmi\Creative\SBLive\Program\bak

29/11/2001 01.00.00 - 28672 - ADGJDet.exe

C:\Programmi\CyberLink\PowerDVD\bak

02/11/2004 20.24.46 - 32768 - PDVDServ.exe

C:\Programmi\File comuni\Ahead\Lib\bak

12/01/2006 15.40.44 - 155648 - NeroCheck.exe
16/11/2006 19.04.20 - 139264 - NMBgMonitor.exe

C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak

29/08/2007 15.37.48 - 171448 - GoogleToolbarNotifier.exe

C:\Programmi\iTunes\bak

30/10/2006 09.36.36 - 256576 - iTunesHelper.exe

C:\Programmi\Messenger\bak


C:\Programmi\QuickTime\bak

25/10/2006 18.58.18 - 282624 - qttask.exe

C:\Programmi\ScanSoft\OmniPagePro12.0\bak

01/08/2002 03.49.54 - 49152 - Opware12.exe

C:\Programmi\Skype\Phone\bak


C:\WINDOWS\bak

11/05/2000 01.00.00 - 90112 - UpdReg.EXE

C:\WINDOWS\system32\bak

19/08/2004 18.39.36 - 15360 - ctfmon.exe

Duplicates found:

28/07/2007 00.03.34 - 75128 - C:\Programmi\Alwil Software\Avast4\ashDisp.exe
28/07/2007 00.03.34 - 75128 - C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
29/08/2007 23.42.00 - 24080 - C:\Programmi\Creative\SBLive\Program\ADGJDet.exe
29/11/2001 01.00.00 - 28672 - C:\Programmi\Creative\SBLive\Program\bak\ADGJDet.exe
29/08/2007 23.42.00 - 24080 - C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
02/11/2004 20.24.46 - 32768 - C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe
29/08/2007 23.42.00 - 24080 - C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
12/01/2006 15.40.44 - 155648 - C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe
29/08/2007 23.42.00 - 24080 - C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
16/11/2006 19.04.20 - 139264 - C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe
29/08/2007 23.42.00 - 24080 - C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
29/08/2007 15.37.48 - 171448 - C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe
29/08/2007 23.42.00 - 24080 - C:\Programmi\iTunes\iTunesHelper.exe
30/10/2006 09.36.36 - 256576 - C:\Programmi\iTunes\bak\iTunesHelper.exe
29/08/2007 23.42.00 - 24080 - C:\Programmi\QuickTime\qttask.exe
25/10/2006 18.58.18 - 282624 - C:\Programmi\QuickTime\bak\qttask.exe
29/08/2007 23.42.00 - 24080 - C:\Programmi\ScanSoft\OmniPagePro12.0\Opware12.exe
01/08/2002 03.49.54 - 49152 - C:\Programmi\ScanSoft\OmniPagePro12.0\bak\Opware12.exe
29/08/2007 23.42.00 - 24080 - C:\WINDOWS\UpdReg.EXE
11/05/2000 01.00.00 - 90112 - C:\WINDOWS\bak\UpdReg.EXE
19/08/2004 18.39.36 - 15360 - C:\WINDOWS\system32\ctfmon.exe
19/08/2004 18.39.36 - 15360 - C:\WINDOWS\system32\bak\ctfmon.exe
19/08/2004 18.39.36 - 15360 - C:\WINDOWS\system32\dllcache\ctfmon.exe

Scanned 30766 files, in 2993 folders.

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\WINDOWS\UpdReg.EXE"
"Jet Detection"="C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe"
"GSICONEXE"="GSICON.EXE"
"DSLAGENTEXE"="dslagent.exe USB"
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
"Opware12"="\"C:\Programmi\ScanSoft\OmniPagePro12.0\Opware12.exe\""
"OP12 Reminder"="\"C:\Programmi\ScanSoft\OmniPagePro12.0\EregEng\Ereg.exe\" -r \"C:\Programmi\ScanSoft\OmniPagePro12.0\EregEng\Ereg.ini\""
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe"
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
"QuickTime Task"="\"C:\Programmi\QuickTime\bak\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\Programmi\iTunes\iTunesHelper.exe\""
"crtfmon"="C:\DOCUME~1\me\IMPOST~1\Temp\1188448802.dat.exe"
"SunJavaUpdateSched"="\"C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe\""

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe\""
"MSMSGS"="\"C:\Programmi\Messenger\msmsgs.exe\" /background"
"Skype"="\"C:\Programmi\Skype\Phone\Skype.exe\" /nosplash /minimized"
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"

-------------HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------

[Windows]
"AppInit_DLLs"=""

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-------------

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Senza fili"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Script"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
@="Personalizzazione Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installazione software"
"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="Protezione IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-------------

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-------------HKLM\System\CurrentControlSet\Control\Session Manager\-------------

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-------------HKLM\SYSTEM\CurrentControlSet\Control\WOW-------------

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

[RunOnceEx]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]
"ICQ Lite"="C:\Programmi\ICQLite\ICQLite.exe -trayboot"

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKLM\Software\Microsoft\Command Processor\Autorun-------------

-------------HKCU\Software\Microsoft\Command Processor\Autorun-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-------------

-------------HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-------------

-------------HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-------------

-------------HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-------------

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-------------

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-------------

-------------HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-------------

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""

[Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
#### HKCR\CLSID\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\InprocServer32 @="C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL"
@="Skype add-on (mastermind)"

[Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}]
#### HKCR\CLSID\{601ED020-FB6C-11D3-87D8-0050DA59922B}\InprocServer32 @="C:\Programmi\WS_FTP Pro\wsbho2k0.dll"
@="Ipswitch.WsftpBrowserHelper"

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\programmi\google\googletoolbar2.dll"

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Programmi\Windows Live Toolbar\msntb.dll"
@=""

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]
@=dword:00000001

-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\shdocvw.dll"

-------------HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-------------

-------------HKCU\Control Panel\Desktop\-------------

[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\System32\logon.scr"

[Desktop\WindowMetrics]

-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------

[command]
@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------

[command]
@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------

[command]
@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------

[command]
@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------

[command]
@="\"%1\" /S"

-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-------------

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-------------HKLM\SYSTEM\CurrentControlSet\Control\Lsa-------------

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:0000026c
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="54d93713"
"Pattern"=hex:7d,84,59,c4,52,0c,66,9b,d3,8a,df,95,f1,c2,2c,f0,35,34,64,39,33,\
37,31,33,00,fd,07,00,07,62,00,00,34,fa,07,00,56,82,47,75,20,fa,07,00,40,fd,\
07,00,4c,fd,07,00,66,09,0c,34,63,e9,d9,40,f9,b6,1c,54

[Lsa\GBG]
@Class="66e95c63"
"GrafBlumGroup"=hex:10,13,76,1c,31,f0,5c,a9,3b

[Lsa\JD]
@Class="f91c3440"
"Lookup"=hex:ac,3d,49,c3,bf,47

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="0c09b68d"
"SkewMatrix"=hex:9c,22,65,6d,9e,b7,c6,9f,8c,56,1c,e6,11,16,fb,51

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:44,63,27,f0,37,ea,c7,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,1e,29,0c,0b,86,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,ff,1e,12,0b,86,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,ff,1e,12,0b,86,c4,01
"Type"=dword:00000031

-------------HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-------------

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:0000025f

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Programmi\MSN Messenger\msncall.exe"="C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe"="C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe:*:Enabled:C6 Scambia File"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Disabled:eMule"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Programmi\MSN Messenger\msncall.exe"="C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Programmi\iTunes\iTunes.exe"="C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programmi\ICQLite\ICQLite.exe"="C:\Programmi\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-------------

-------------HKLM\Software\Microsoft\Ole-------------

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-------------HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-------------

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-------------

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{F380AA64-AA3C-48D7-9191-4F10B8C40595}"

[SystemRestore\SnapshotCallbacks]
@=""

-------------HKEY_CURRENT_USER\Software\VB and VBA Program Settings-------------

[VB and VBA Program Settings]

[VB and VBA Program Settings\Euro Add-in]

[VB and VBA Program Settings\Euro Add-in\Wizard Options]

-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"DontAsk"=dword:00000002
"Version"="11,0,5721,5145
aquilanera73
Newbie
 
Post: 8
Iscritto il: 01/09/07 15:05

Postdi Luke57 » 01/09/07 16:50

Ciao, il report di systemscan non entrerà mai in un post. Comunque:
Ciao, Scarica The Avenger (se tu non l'avessi più)
http://swandog46.geekstogo.com/avenger.zip


Poi avvia il file Avenger.exe.
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno dello spazio bianco copia ed incolla questo script:


files to move:
C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe | C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Creative\SBLive\Program\bak\ADGJDet.exe | C:\Programmi\Creative\SBLive\Program\ADGJDet.exe
C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe | C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe | C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe | C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\iTunes\bak\iTunesHelper.exe | C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\Programmi\ScanSoft\OmniPagePro12.0\bak\Opware12.exe | C:\Programmi\ScanSoft\OmniPagePro12.0\bak\Opware12.exe
C:\WINDOWS\bak\UpdReg.EXE | C:\WINDOWS\UpdReg.EXE
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe


folders to delete:
C:\DOCUME~1\me\IMPOST~1\Temp
C:\Windows\temp


Clicca sul pulsante Done
Adesso clicca sul semaforo con la luce verde
Rispondi Yes 2 volte
Il pc si dovrebbe riavviare,se non si riavvia,riavvialo manualmente

Al riavvio collegati e allega il file C:\Avenger.txt

Poi scarica deldomains da qui:
http://www.mvps.org/winhelp2002/DelDomains.inf
lo metti sul desktop, click tasto dx su di esso e scegli Installa (fa tutto da sé)
Vai in pannello di controllo>connessioni di rete, elimina la connessione del dialer.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

local internet

Postdi aquilanera73 » 01/09/07 18:49

grazie tante, ma così risolvo pure il problema di ie? Ah al momento su connessioni di rete non c'è quel dialer, fa lo stesso?
aquilanera73
Newbie
 
Post: 8
Iscritto il: 01/09/07 15:05

Postdi aquilanera73 » 02/09/07 02:08

ok fatto.. ti ringrazio tanto ,adesso mi rimane solo il problema di ie che non funziona.
Ah ma devo postare l'avenger.txt? così mi sembra di aver capito:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vnilnxoh

*******************

Script file located at: \??\C:\WINDOWS\system32\outmtgtr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\DOCUME~1\me\IMPOST~1\Temp deleted successfully.
Folder C:\Windows\temp deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
aquilanera73
Newbie
 
Post: 8
Iscritto il: 01/09/07 15:05

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "DIALER LOCAL INTERNET che non riesco ad eliminare":


Chi c’è in linea

Visitano il forum: Nessuno e 52 ospiti