Tizzy
29-08-2006, 14:32
sono stata infettata dall'ultimo virus sul mercato..
l'ho rilevato prima con hijack e poi con virit ma non sono sicura di averlo debellato del tutto.
vi mando qui sotto l'ultima scansione di hijack e l'esecuzione dei programmi in automatico salvata da virit.
Grazie in anticipo x l'aiuto
Logfile of HijackThis v1.99.1
Scan saved at 15.26.39, on 29/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Office\Office\OSA.EXE
C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\siscmon.exe
C:\Programmi\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Programmi\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
C:\Programmi\Trend Micro\OfficeScan\PCCSRV\Web\Service\NSAgent.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\utility\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0410/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: siscmon.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://192.168.2.8/officescan/console/html/AtxEnc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149341000016
O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} ( Console di gestione OfficeScan) - https://192.168.2.8/officescan/console/html/AtxConsole.cab
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://192.168.2.8/officescan/console/html/AtxPie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CFB4DC2-6842-49A3-9EA5-E0E04B3839E0}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: LogBdr - Unknown owner - C:\Programmi\File comuni\Services\gLMF.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
VirIT Lite Monitor: Lista dei programmi e servizi in esecuzione automatica
Sistema Operativo: Microsoft Windows XP
1 - 29/08/2006 - 11:01:40
0
srmclean
C:\Cpqs\Scom\srmclean.exe
Stato: File TROVATO
2 - 29/08/2006 - 11:01:40
0
OfficeScanNT Monitor
"C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
Stato: File TROVATO
3 - 29/08/2006 - 11:01:40
0
NeroFilterCheck
C:\WINDOWS\system32\NeroCheck.exe
Stato: File TROVATO
4 - 29/08/2006 - 11:01:40
0
VIRIT LITE MONITOR
C:\VEXPLITE\MONLITE.EXE
Stato: File TROVATO
5 - 29/08/2006 - 11:01:40
5
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe
Stato: File TROVATO
6 - 29/08/2006 - 11:01:40
7
"%1" %*
Stato: File NON trovato
7 - 29/08/2006 - 11:01:40
8
"%1" %*
Stato: File NON trovato
8 - 29/08/2006 - 11:01:40
9
"%1" %*
Stato: File NON trovato
9 - 29/08/2006 - 11:01:40
10
"%1" %*
Stato: File NON trovato
10 - 29/08/2006 - 11:01:40
11
"%1" /S
Stato: File NON trovato
11 - 29/08/2006 - 11:01:41
15
shell
Explorer.exe
Stato: File TROVATO
12 - 29/08/2006 - 11:01:41
16
userinit
C:\WINDOWS\system32\userinit.exe,
Stato: File TROVATO
13 - 29/08/2006 - 11:01:41
17
AppInit_DLLs
\\?\C:\WINDOWS\system32\aux.gfl
Stato: File TROVATO
14 - 29/08/2006 - 11:01:41
24
PostBootReminder
C:\WINDOWS\system32\SHELL32.dll
Stato: File TROVATO
15 - 29/08/2006 - 11:01:41
24
CDBurn
C:\WINDOWS\system32\SHELL32.dll
Stato: File TROVATO
16 - 29/08/2006 - 11:01:41
24
WebCheck
C:\WINDOWS\System32\webcheck.dll
Stato: File TROVATO
17 - 29/08/2006 - 11:01:41
24
SysTray
C:\WINDOWS\System32\stobject.dll
Stato: File TROVATO
18 - 29/08/2006 - 11:01:41
35
{438755C2-A8BA-11D1-B96B-00A0C90312E1}
C:\WINDOWS\System32\browseui.dll
Stato: File TROVATO
19 - 29/08/2006 - 11:01:41
35
{8C7461EF-2B13-11d2-BE35-3078302C2030}
C:\WINDOWS\System32\browseui.dll
Stato: File TROVATO
20 - 29/08/2006 - 11:01:41
23
{02BCC737-B171-4746-94C9-0D8A0B2C0089}
C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
Stato: File TROVATO
21 - 29/08/2006 - 11:01:41
23
{156BF4B7-AE3A-4365-BD88-95A75AF8F09D}
C:\WINDOWS\Downloaded Program Files\sdd.dll
Stato: File TROVATO
22 - 29/08/2006 - 11:01:41
23
{166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\system32\macromed\Director\SwDir.dll
Stato: File TROVATO
23 - 29/08/2006 - 11:01:41
23
{35C3D91E-401A-4E45-88A5-F3B32CD72DF4}
C:\WINDOWS\Downloaded Program Files\AtxEnc.dll
Stato: File TROVATO
24 - 29/08/2006 - 11:01:41
23
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
C:\WINDOWS\opuc.dll
Stato: File TROVATO
25 - 29/08/2006 - 11:01:41
23
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
C:\WINDOWS\DOWNLO~1\oscan8.ocx
Stato: File TROVATO
26 - 29/08/2006 - 11:01:41
23
{6414512B-B978-451D-A0D8-FCFDF33E833C}
C:\WINDOWS\System32\wuweb.dll
Stato: File TROVATO
27 - 29/08/2006 - 11:01:41
23
{69B502DF-D12F-4FD7-9892-D8DFA2D96474}
C:\WINDOWS\DOWNLO~1\ATXCON~1.OCX
Stato: File TROVATO
28 - 29/08/2006 - 11:01:41
23
{8AD9C840-044E-11D1-B3E9-00805F499D93}
C:\Programmi\Java\j2re1.4.1_02\bin\npjpi141_02.dll
Stato: File TROVATO
29 - 29/08/2006 - 11:01:41
23
{A050E865-64E3-431B-8079-F0DFCEA90A2D}
C:\WINDOWS\Downloaded Program Files\AtxPie.dll
Stato: File TROVATO
30 - 29/08/2006 - 11:01:41
23
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
C:\Programmi\Java\j2re1.4.1_02\bin\npjpi141_02.dll
Stato: File TROVATO
31 - 29/08/2006 - 11:01:41
23
{D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
Stato: File TROVATO
32 - 29/08/2006 - 11:01:41
25
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Stato: File TROVATO
33 - 29/08/2006 - 11:01:41
36
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll
Stato: File TROVATO
34 - 29/08/2006 - 11:01:41
36
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll
Stato: File TROVATO
35 - 29/08/2006 - 11:01:41
36
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll
Stato: File TROVATO
36 - 29/08/2006 - 11:01:41
26
000000000001
C:\WINDOWS\System32\mswsock.dll
Stato: File TROVATO
37 - 29/08/2006 - 11:01:41
26
000000000002
C:\WINDOWS\System32\winrnr.dll
Stato: File TROVATO
38 - 29/08/2006 - 11:01:41
26
000000000003
C:\WINDOWS\System32\mswsock.dll
Stato: File TROVATO
39 - 29/08/2006 - 11:01:41
27
000000000001
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
40 - 29/08/2006 - 11:01:41
27
000000000002
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
41 - 29/08/2006 - 11:01:41
27
000000000003
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
42 - 29/08/2006 - 11:01:41
27
000000000004
C:\WINDOWS\system32\rsvpsp.dll
Stato: File TROVATO
43 - 29/08/2006 - 11:01:41
27
000000000005
C:\WINDOWS\system32\rsvpsp.dll
Stato: File TROVATO
44 - 29/08/2006 - 11:01:41
27
000000000006
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
45 - 29/08/2006 - 11:01:41
27
000000000007
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
46 - 29/08/2006 - 11:01:41
27
000000000008
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
47 - 29/08/2006 - 11:01:41
27
000000000009
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
48 - 29/08/2006 - 11:01:41
27
000000000010
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
49 - 29/08/2006 - 11:01:41
27
000000000011
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
50 - 29/08/2006 - 11:01:41
28
crypt32chain
crypt32.dll
Stato: File TROVATO
51 - 29/08/2006 - 11:01:41
28
cryptnet
cryptnet.dll
Stato: File TROVATO
52 - 29/08/2006 - 11:01:41
28
cscdll
cscdll.dll
Stato: File TROVATO
53 - 29/08/2006 - 11:01:41
28
ScCertProp
wlnotify.dll
Stato: File TROVATO
54 - 29/08/2006 - 11:01:41
28
Schedule
wlnotify.dll
Stato: File TROVATO
55 - 29/08/2006 - 11:01:41
28
sclgntfy
sclgntfy.dll
Stato: File TROVATO
56 - 29/08/2006 - 11:01:41
28
SensLogn
WlNotify.dll
Stato: File TROVATO
57 - 29/08/2006 - 11:01:41
28
termsrv
wlnotify.dll
Stato: File TROVATO
58 - 29/08/2006 - 11:01:41
28
WgaLogon
WgaLogon.dll
Stato: File TROVATO
59 - 29/08/2006 - 11:01:41
28
wlballoon
wlnotify.dll
Stato: File TROVATO
60 - 29/08/2006 - 11:01:41
29
AudioSrv - Audio Windows
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\audiosrv.dll)
Stato: File TROVATO
61 - 29/08/2006 - 11:01:41
29
Browser - Browser di computer
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\browser.dll)
Stato: File TROVATO
62 - 29/08/2006 - 11:01:41
29
CryptSvc - Servizi di crittografia
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\System32\cryptsvc.dll)
Stato: File TROVATO
63 - 29/08/2006 - 11:01:41
29
DcomLaunch - Utilità di avvio processo server DCOM
C:\WINDOWS\system32\svchost -k DcomLaunch (C:\WINDOWS\system32\rpcss.dll)
Stato: File NON trovato
64 - 29/08/2006 - 11:01:41
29
Dhcp - Client DHCP
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\dhcpcsvc.dll)
Stato: File TROVATO
65 - 29/08/2006 - 11:01:41
29
dmserver - Gestione dischi logici
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\dmserver.dll)
Stato: File TROVATO
66 - 29/08/2006 - 11:01:41
29
Dnscache - Client DNS
C:\WINDOWS\System32\svchost.exe -k NetworkService (C:\WINDOWS\System32\dnsrslvr.dll)
Stato: File TROVATO
67 - 29/08/2006 - 11:01:41
29
ERSvc - Servizio di segnalazione errori
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\ersvc.dll)
Stato: File TROVATO
68 - 29/08/2006 - 11:01:41
29
Eventlog - Registro eventi
C:\WINDOWS\system32\services.exe
Stato: File TROVATO
69 - 29/08/2006 - 11:01:41
29
helpsvc - Guida in linea e supporto tecnico
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll)
Stato: File TROVATO
70 - 29/08/2006 - 11:01:41
29
IISADMIN - Amministrazione di IIS
C:\WINDOWS\system32\inetsrv\inetinfo.exe
Stato: File TROVATO
71 - 29/08/2006 - 11:01:41
29
lanmanserver - Server
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\srvsvc.dll)
Stato: File TROVATO
72 - 29/08/2006 - 11:01:41
29
lanmanworkstation - Workstation
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\wkssvc.dll)
Stato: File TROVATO
73 - 29/08/2006 - 11:01:41
29
LmHosts - Helper NetBIOS di TCP/IP
C:\WINDOWS\System32\svchost.exe -k LocalService (C:\WINDOWS\System32\lmhsvc.dll)
Stato: File TROVATO
74 - 29/08/2006 - 11:01:41
29
ntrtscan - OfficeScanNT RealTime Scan
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
Stato: File TROVATO
75 - 29/08/2006 - 11:01:41
29
ofcservice - OfficeScan Master Service
C:\Programmi\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
Stato: File TROVATO
76 - 29/08/2006 - 11:01:41
29
PlugPlay - Plug and Play
C:\WINDOWS\system32\services.exe
Stato: File TROVATO
77 - 29/08/2006 - 11:01:41
29
PolicyAgent - Servizi IPSEC
C:\WINDOWS\System32\lsass.exe
Stato: File TROVATO
78 - 29/08/2006 - 11:01:41
29
ProtectedStorage - Archiviazione protetta
C:\WINDOWS\system32\lsass.exe
Stato: File TROVATO
79 - 29/08/2006 - 11:01:41
29
RemoteRegistry - Registro di sistema remoto
C:\WINDOWS\system32\svchost.exe -k LocalService (C:\WINDOWS\system32\regsvc.dll)
Stato: File TROVATO
80 - 29/08/2006 - 11:01:41
29
RpcSs - RPC (Remote Procedure Call)
C:\WINDOWS\system32\svchost -k rpcss (C:\WINDOWS\system32\rpcss.dll)
Stato: File NON trovato
81 - 29/08/2006 - 11:01:41
29
SamSs - Gestione account di protezione (SAM)
C:\WINDOWS\system32\lsass.exe
Stato: File TROVATO
82 - 29/08/2006 - 11:01:41
29
SCardSvr - smart card
C:\WINDOWS\System32\SCardSvr.exe
Stato: File TROVATO
83 - 29/08/2006 - 11:01:41
29
Schedule - Utilità di pianificazione
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\system32\schedsvc.dll)
Stato: File TROVATO
84 - 29/08/2006 - 11:01:41
29
seclogon - Accesso secondario
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\seclogon.dll)
Stato: File TROVATO
85 - 29/08/2006 - 11:01:41
29
SENS - Notifica eventi di sistema
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\system32\sens.dll)
Stato: File TROVATO
86 - 29/08/2006 - 11:01:41
29
SharedAccess - Windows Firewall / Condivisione connessione Internet (ICS)
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\ipnathlp.dll)
Stato: File TROVATO
87 - 29/08/2006 - 11:01:41
29
ShellHWDetection - Rilevamento hardware shell
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\shsvcs.dll)
Stato: File TROVATO
88 - 29/08/2006 - 11:01:41
29
SMTPSVC - Protocollo SMTP (Simple Mail Transfer Protocol)
C:\WINDOWS\system32\inetsrv\inetinfo.exe
Stato: File TROVATO
89 - 29/08/2006 - 11:01:41
29
Spooler - Spooler di stampa
C:\WINDOWS\system32\spoolsv.exe
Stato: File TROVATO
90 - 29/08/2006 - 11:01:41
29
srservice - Servizio Ripristino configurazione di sistema
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\srsvc.dll)
Stato: File TROVATO
91 - 29/08/2006 - 11:01:41
29
Themes - Temi
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\shsvcs.dll)
Stato: File TROVATO
92 - 29/08/2006 - 11:01:41
29
tmlisten - OfficeScanNT Listener
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
Stato: File TROVATO
93 - 29/08/2006 - 11:01:41
29
TrkWks - Manutenzione collegamenti distribuiti client
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\system32\trkwks.dll)
Stato: File TROVATO
94 - 29/08/2006 - 11:01:41
29
UMWdf - Windows User Mode Driver Framework
C:\WINDOWS\system32\wdfmgr.exe
Stato: File TROVATO
95 - 29/08/2006 - 11:01:41
29
viritsvclite - Virit eXplorer Lite
C:\VEXPLITE\viritsvc.exe
Stato: File TROVATO
96 - 29/08/2006 - 11:01:41
29
W32Time - Ora di Windows
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\w32time.dll)
Stato: File TROVATO
97 - 29/08/2006 - 11:01:41
29
W3SVC - Pubblicazione sul Web
C:\WINDOWS\system32\inetsrv\inetinfo.exe
Stato: File TROVATO
98 - 29/08/2006 - 11:01:41
29
WebClient - WebClient
C:\WINDOWS\System32\svchost.exe -k LocalService (C:\WINDOWS\System32\webclnt.dll)
Stato: File TROVATO
99 - 29/08/2006 - 11:01:41
29
winmgmt - Strumentazione gestione Windows
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\system32\wbem\WMIsvc.dll)
Stato: File TROVATO
100 - 29/08/2006 - 11:01:41
29
wscsvc - Centro sicurezza PC
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\system32\wscsvc.dll)
Stato: File TROVATO
101 - 29/08/2006 - 11:01:41
29
wuauserv - Aggiornamenti automatici
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\System32\wuauserv.dll)
Stato: File TROVATO
102 - 29/08/2006 - 11:01:41
29
WZCSVC - Zero Configuration reti senza fili
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\wzcsvc.dll)
Stato: File TROVATO
103 - 29/08/2006 - 11:01:41
37
TmFilter - Trend Micro Filter
\??\C:\Programmi\Trend Micro\OfficeScan Client\TmXPFlt.sys
Stato: File TROVATO
104 - 29/08/2006 - 11:01:41
37
TmPreFilter - Trend Micro PreFilter
\??\C:\Programmi\Trend Micro\OfficeScan Client\TmPreFlt.sys
Stato: File TROVATO
105 - 29/08/2006 - 11:01:41
37
VSApiNt - Trend Micro VSAPI NT
\??\C:\Programmi\Trend Micro\OfficeScan Client\VSApiNt.sys
Stato: File TROVATO
106 - 29/08/2006 - 11:01:41
30
C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\Webshots.lnk
C:\Programmi\Webshots\Launcher.exe
Stato: File TROVATO
107 - 29/08/2006 - 11:01:43
31
C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\Webshots.lnk
C:\Programmi\Webshots\Launcher.exe
Stato: File TROVATO
108 - 29/08/2006 - 11:01:43
32
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio Office.lnk
C:\Programmi\Microsoft Office\Office\OSA.EXE
Stato: File TROVATO
109 - 29/08/2006 - 11:01:43
32
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Stato: File TROVATO
110 - 29/08/2006 - 11:01:43
32
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Ricerca rapida.lnk
C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
Stato: File TROVATO
111 - 29/08/2006 - 11:01:43
32
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\siscmon.lnk
C:\WINDOWS\system32\siscmon.exe
Stato: File TROVATO
112 - 29/08/2006 - 11:01:43
33
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio Office.lnk
C:\Programmi\Microsoft Office\Office\OSA.EXE
Stato: File TROVATO
113 - 29/08/2006 - 11:01:43
33
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Stato: File TROVATO
114 - 29/08/2006 - 11:01:43
33
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Ricerca rapida.lnk
C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
Stato: File TROVATO
115 - 29/08/2006 - 11:01:43
33
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\siscmon.lnk
C:\WINDOWS\system32\siscmon.exe
Stato: File TROVATO
116 - 29/08/2006 - 11:01:43
40
Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Stato: File NON trovato
117 - 29/08/2006 - 11:01:43
41
Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Stato: File NON trovato
118 - 29/08/2006 - 11:01:43
42
Search Bar
http://go.compaq.com/1Q00CDT/0410/bl8.asp
Stato: File NON trovato
119 - 29/08/2006 - 11:01:43
43
Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Stato: File NON trovato
120 - 29/08/2006 - 11:01:43
44
Start Page
http://go.compaq.com/1Q00CDT/0410/bl7.asp
Stato: File NON trovato
121 - 29/08/2006 - 11:01:43
45
CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Stato: File NON trovato
122 - 29/08/2006 - 11:01:43
46
SearchAssistant
http://www.google.com/ie
Stato: File NON trovato
123 - 29/08/2006 - 11:01:43
49
Search Bar
http://www.google.com/ie
Stato: File NON trovato
124 - 29/08/2006 - 11:01:43
50
Search Page
http://www.google.com
Stato: File NON trovato
125 - 29/08/2006 - 11:01:43
51
Start Page
http://google.it/
Stato: File NON trovato
126 - 29/08/2006 - 11:07:06
29
LogBdr - LogBdr
"C:\Programmi\File comuni\Services\gLMF.exe"
Stato: File TROVATO
l'ho rilevato prima con hijack e poi con virit ma non sono sicura di averlo debellato del tutto.
vi mando qui sotto l'ultima scansione di hijack e l'esecuzione dei programmi in automatico salvata da virit.
Grazie in anticipo x l'aiuto
Logfile of HijackThis v1.99.1
Scan saved at 15.26.39, on 29/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Office\Office\OSA.EXE
C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\siscmon.exe
C:\Programmi\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Programmi\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
C:\Programmi\Trend Micro\OfficeScan\PCCSRV\Web\Service\NSAgent.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\utility\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0410/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: siscmon.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://192.168.2.8/officescan/console/html/AtxEnc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149341000016
O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} ( Console di gestione OfficeScan) - https://192.168.2.8/officescan/console/html/AtxConsole.cab
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://192.168.2.8/officescan/console/html/AtxPie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CFB4DC2-6842-49A3-9EA5-E0E04B3839E0}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: LogBdr - Unknown owner - C:\Programmi\File comuni\Services\gLMF.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
VirIT Lite Monitor: Lista dei programmi e servizi in esecuzione automatica
Sistema Operativo: Microsoft Windows XP
1 - 29/08/2006 - 11:01:40
0
srmclean
C:\Cpqs\Scom\srmclean.exe
Stato: File TROVATO
2 - 29/08/2006 - 11:01:40
0
OfficeScanNT Monitor
"C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
Stato: File TROVATO
3 - 29/08/2006 - 11:01:40
0
NeroFilterCheck
C:\WINDOWS\system32\NeroCheck.exe
Stato: File TROVATO
4 - 29/08/2006 - 11:01:40
0
VIRIT LITE MONITOR
C:\VEXPLITE\MONLITE.EXE
Stato: File TROVATO
5 - 29/08/2006 - 11:01:40
5
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe
Stato: File TROVATO
6 - 29/08/2006 - 11:01:40
7
"%1" %*
Stato: File NON trovato
7 - 29/08/2006 - 11:01:40
8
"%1" %*
Stato: File NON trovato
8 - 29/08/2006 - 11:01:40
9
"%1" %*
Stato: File NON trovato
9 - 29/08/2006 - 11:01:40
10
"%1" %*
Stato: File NON trovato
10 - 29/08/2006 - 11:01:40
11
"%1" /S
Stato: File NON trovato
11 - 29/08/2006 - 11:01:41
15
shell
Explorer.exe
Stato: File TROVATO
12 - 29/08/2006 - 11:01:41
16
userinit
C:\WINDOWS\system32\userinit.exe,
Stato: File TROVATO
13 - 29/08/2006 - 11:01:41
17
AppInit_DLLs
\\?\C:\WINDOWS\system32\aux.gfl
Stato: File TROVATO
14 - 29/08/2006 - 11:01:41
24
PostBootReminder
C:\WINDOWS\system32\SHELL32.dll
Stato: File TROVATO
15 - 29/08/2006 - 11:01:41
24
CDBurn
C:\WINDOWS\system32\SHELL32.dll
Stato: File TROVATO
16 - 29/08/2006 - 11:01:41
24
WebCheck
C:\WINDOWS\System32\webcheck.dll
Stato: File TROVATO
17 - 29/08/2006 - 11:01:41
24
SysTray
C:\WINDOWS\System32\stobject.dll
Stato: File TROVATO
18 - 29/08/2006 - 11:01:41
35
{438755C2-A8BA-11D1-B96B-00A0C90312E1}
C:\WINDOWS\System32\browseui.dll
Stato: File TROVATO
19 - 29/08/2006 - 11:01:41
35
{8C7461EF-2B13-11d2-BE35-3078302C2030}
C:\WINDOWS\System32\browseui.dll
Stato: File TROVATO
20 - 29/08/2006 - 11:01:41
23
{02BCC737-B171-4746-94C9-0D8A0B2C0089}
C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
Stato: File TROVATO
21 - 29/08/2006 - 11:01:41
23
{156BF4B7-AE3A-4365-BD88-95A75AF8F09D}
C:\WINDOWS\Downloaded Program Files\sdd.dll
Stato: File TROVATO
22 - 29/08/2006 - 11:01:41
23
{166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\system32\macromed\Director\SwDir.dll
Stato: File TROVATO
23 - 29/08/2006 - 11:01:41
23
{35C3D91E-401A-4E45-88A5-F3B32CD72DF4}
C:\WINDOWS\Downloaded Program Files\AtxEnc.dll
Stato: File TROVATO
24 - 29/08/2006 - 11:01:41
23
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
C:\WINDOWS\opuc.dll
Stato: File TROVATO
25 - 29/08/2006 - 11:01:41
23
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
C:\WINDOWS\DOWNLO~1\oscan8.ocx
Stato: File TROVATO
26 - 29/08/2006 - 11:01:41
23
{6414512B-B978-451D-A0D8-FCFDF33E833C}
C:\WINDOWS\System32\wuweb.dll
Stato: File TROVATO
27 - 29/08/2006 - 11:01:41
23
{69B502DF-D12F-4FD7-9892-D8DFA2D96474}
C:\WINDOWS\DOWNLO~1\ATXCON~1.OCX
Stato: File TROVATO
28 - 29/08/2006 - 11:01:41
23
{8AD9C840-044E-11D1-B3E9-00805F499D93}
C:\Programmi\Java\j2re1.4.1_02\bin\npjpi141_02.dll
Stato: File TROVATO
29 - 29/08/2006 - 11:01:41
23
{A050E865-64E3-431B-8079-F0DFCEA90A2D}
C:\WINDOWS\Downloaded Program Files\AtxPie.dll
Stato: File TROVATO
30 - 29/08/2006 - 11:01:41
23
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
C:\Programmi\Java\j2re1.4.1_02\bin\npjpi141_02.dll
Stato: File TROVATO
31 - 29/08/2006 - 11:01:41
23
{D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
Stato: File TROVATO
32 - 29/08/2006 - 11:01:41
25
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Stato: File TROVATO
33 - 29/08/2006 - 11:01:41
36
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll
Stato: File TROVATO
34 - 29/08/2006 - 11:01:41
36
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll
Stato: File TROVATO
35 - 29/08/2006 - 11:01:41
36
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll
Stato: File TROVATO
36 - 29/08/2006 - 11:01:41
26
000000000001
C:\WINDOWS\System32\mswsock.dll
Stato: File TROVATO
37 - 29/08/2006 - 11:01:41
26
000000000002
C:\WINDOWS\System32\winrnr.dll
Stato: File TROVATO
38 - 29/08/2006 - 11:01:41
26
000000000003
C:\WINDOWS\System32\mswsock.dll
Stato: File TROVATO
39 - 29/08/2006 - 11:01:41
27
000000000001
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
40 - 29/08/2006 - 11:01:41
27
000000000002
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
41 - 29/08/2006 - 11:01:41
27
000000000003
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
42 - 29/08/2006 - 11:01:41
27
000000000004
C:\WINDOWS\system32\rsvpsp.dll
Stato: File TROVATO
43 - 29/08/2006 - 11:01:41
27
000000000005
C:\WINDOWS\system32\rsvpsp.dll
Stato: File TROVATO
44 - 29/08/2006 - 11:01:41
27
000000000006
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
45 - 29/08/2006 - 11:01:41
27
000000000007
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
46 - 29/08/2006 - 11:01:41
27
000000000008
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
47 - 29/08/2006 - 11:01:41
27
000000000009
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
48 - 29/08/2006 - 11:01:41
27
000000000010
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
49 - 29/08/2006 - 11:01:41
27
000000000011
C:\WINDOWS\system32\mswsock.dll
Stato: File TROVATO
50 - 29/08/2006 - 11:01:41
28
crypt32chain
crypt32.dll
Stato: File TROVATO
51 - 29/08/2006 - 11:01:41
28
cryptnet
cryptnet.dll
Stato: File TROVATO
52 - 29/08/2006 - 11:01:41
28
cscdll
cscdll.dll
Stato: File TROVATO
53 - 29/08/2006 - 11:01:41
28
ScCertProp
wlnotify.dll
Stato: File TROVATO
54 - 29/08/2006 - 11:01:41
28
Schedule
wlnotify.dll
Stato: File TROVATO
55 - 29/08/2006 - 11:01:41
28
sclgntfy
sclgntfy.dll
Stato: File TROVATO
56 - 29/08/2006 - 11:01:41
28
SensLogn
WlNotify.dll
Stato: File TROVATO
57 - 29/08/2006 - 11:01:41
28
termsrv
wlnotify.dll
Stato: File TROVATO
58 - 29/08/2006 - 11:01:41
28
WgaLogon
WgaLogon.dll
Stato: File TROVATO
59 - 29/08/2006 - 11:01:41
28
wlballoon
wlnotify.dll
Stato: File TROVATO
60 - 29/08/2006 - 11:01:41
29
AudioSrv - Audio Windows
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\audiosrv.dll)
Stato: File TROVATO
61 - 29/08/2006 - 11:01:41
29
Browser - Browser di computer
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\browser.dll)
Stato: File TROVATO
62 - 29/08/2006 - 11:01:41
29
CryptSvc - Servizi di crittografia
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\System32\cryptsvc.dll)
Stato: File TROVATO
63 - 29/08/2006 - 11:01:41
29
DcomLaunch - Utilità di avvio processo server DCOM
C:\WINDOWS\system32\svchost -k DcomLaunch (C:\WINDOWS\system32\rpcss.dll)
Stato: File NON trovato
64 - 29/08/2006 - 11:01:41
29
Dhcp - Client DHCP
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\dhcpcsvc.dll)
Stato: File TROVATO
65 - 29/08/2006 - 11:01:41
29
dmserver - Gestione dischi logici
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\dmserver.dll)
Stato: File TROVATO
66 - 29/08/2006 - 11:01:41
29
Dnscache - Client DNS
C:\WINDOWS\System32\svchost.exe -k NetworkService (C:\WINDOWS\System32\dnsrslvr.dll)
Stato: File TROVATO
67 - 29/08/2006 - 11:01:41
29
ERSvc - Servizio di segnalazione errori
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\ersvc.dll)
Stato: File TROVATO
68 - 29/08/2006 - 11:01:41
29
Eventlog - Registro eventi
C:\WINDOWS\system32\services.exe
Stato: File TROVATO
69 - 29/08/2006 - 11:01:41
29
helpsvc - Guida in linea e supporto tecnico
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll)
Stato: File TROVATO
70 - 29/08/2006 - 11:01:41
29
IISADMIN - Amministrazione di IIS
C:\WINDOWS\system32\inetsrv\inetinfo.exe
Stato: File TROVATO
71 - 29/08/2006 - 11:01:41
29
lanmanserver - Server
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\srvsvc.dll)
Stato: File TROVATO
72 - 29/08/2006 - 11:01:41
29
lanmanworkstation - Workstation
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\wkssvc.dll)
Stato: File TROVATO
73 - 29/08/2006 - 11:01:41
29
LmHosts - Helper NetBIOS di TCP/IP
C:\WINDOWS\System32\svchost.exe -k LocalService (C:\WINDOWS\System32\lmhsvc.dll)
Stato: File TROVATO
74 - 29/08/2006 - 11:01:41
29
ntrtscan - OfficeScanNT RealTime Scan
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
Stato: File TROVATO
75 - 29/08/2006 - 11:01:41
29
ofcservice - OfficeScan Master Service
C:\Programmi\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
Stato: File TROVATO
76 - 29/08/2006 - 11:01:41
29
PlugPlay - Plug and Play
C:\WINDOWS\system32\services.exe
Stato: File TROVATO
77 - 29/08/2006 - 11:01:41
29
PolicyAgent - Servizi IPSEC
C:\WINDOWS\System32\lsass.exe
Stato: File TROVATO
78 - 29/08/2006 - 11:01:41
29
ProtectedStorage - Archiviazione protetta
C:\WINDOWS\system32\lsass.exe
Stato: File TROVATO
79 - 29/08/2006 - 11:01:41
29
RemoteRegistry - Registro di sistema remoto
C:\WINDOWS\system32\svchost.exe -k LocalService (C:\WINDOWS\system32\regsvc.dll)
Stato: File TROVATO
80 - 29/08/2006 - 11:01:41
29
RpcSs - RPC (Remote Procedure Call)
C:\WINDOWS\system32\svchost -k rpcss (C:\WINDOWS\system32\rpcss.dll)
Stato: File NON trovato
81 - 29/08/2006 - 11:01:41
29
SamSs - Gestione account di protezione (SAM)
C:\WINDOWS\system32\lsass.exe
Stato: File TROVATO
82 - 29/08/2006 - 11:01:41
29
SCardSvr - smart card
C:\WINDOWS\System32\SCardSvr.exe
Stato: File TROVATO
83 - 29/08/2006 - 11:01:41
29
Schedule - Utilità di pianificazione
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\system32\schedsvc.dll)
Stato: File TROVATO
84 - 29/08/2006 - 11:01:41
29
seclogon - Accesso secondario
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\seclogon.dll)
Stato: File TROVATO
85 - 29/08/2006 - 11:01:41
29
SENS - Notifica eventi di sistema
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\system32\sens.dll)
Stato: File TROVATO
86 - 29/08/2006 - 11:01:41
29
SharedAccess - Windows Firewall / Condivisione connessione Internet (ICS)
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\ipnathlp.dll)
Stato: File TROVATO
87 - 29/08/2006 - 11:01:41
29
ShellHWDetection - Rilevamento hardware shell
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\shsvcs.dll)
Stato: File TROVATO
88 - 29/08/2006 - 11:01:41
29
SMTPSVC - Protocollo SMTP (Simple Mail Transfer Protocol)
C:\WINDOWS\system32\inetsrv\inetinfo.exe
Stato: File TROVATO
89 - 29/08/2006 - 11:01:41
29
Spooler - Spooler di stampa
C:\WINDOWS\system32\spoolsv.exe
Stato: File TROVATO
90 - 29/08/2006 - 11:01:41
29
srservice - Servizio Ripristino configurazione di sistema
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\srsvc.dll)
Stato: File TROVATO
91 - 29/08/2006 - 11:01:41
29
Themes - Temi
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\shsvcs.dll)
Stato: File TROVATO
92 - 29/08/2006 - 11:01:41
29
tmlisten - OfficeScanNT Listener
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
Stato: File TROVATO
93 - 29/08/2006 - 11:01:41
29
TrkWks - Manutenzione collegamenti distribuiti client
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\system32\trkwks.dll)
Stato: File TROVATO
94 - 29/08/2006 - 11:01:41
29
UMWdf - Windows User Mode Driver Framework
C:\WINDOWS\system32\wdfmgr.exe
Stato: File TROVATO
95 - 29/08/2006 - 11:01:41
29
viritsvclite - Virit eXplorer Lite
C:\VEXPLITE\viritsvc.exe
Stato: File TROVATO
96 - 29/08/2006 - 11:01:41
29
W32Time - Ora di Windows
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\w32time.dll)
Stato: File TROVATO
97 - 29/08/2006 - 11:01:41
29
W3SVC - Pubblicazione sul Web
C:\WINDOWS\system32\inetsrv\inetinfo.exe
Stato: File TROVATO
98 - 29/08/2006 - 11:01:41
29
WebClient - WebClient
C:\WINDOWS\System32\svchost.exe -k LocalService (C:\WINDOWS\System32\webclnt.dll)
Stato: File TROVATO
99 - 29/08/2006 - 11:01:41
29
winmgmt - Strumentazione gestione Windows
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\system32\wbem\WMIsvc.dll)
Stato: File TROVATO
100 - 29/08/2006 - 11:01:41
29
wscsvc - Centro sicurezza PC
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\system32\wscsvc.dll)
Stato: File TROVATO
101 - 29/08/2006 - 11:01:41
29
wuauserv - Aggiornamenti automatici
C:\WINDOWS\system32\svchost.exe -k netsvcs (C:\WINDOWS\System32\wuauserv.dll)
Stato: File TROVATO
102 - 29/08/2006 - 11:01:41
29
WZCSVC - Zero Configuration reti senza fili
C:\WINDOWS\System32\svchost.exe -k netsvcs (C:\WINDOWS\System32\wzcsvc.dll)
Stato: File TROVATO
103 - 29/08/2006 - 11:01:41
37
TmFilter - Trend Micro Filter
\??\C:\Programmi\Trend Micro\OfficeScan Client\TmXPFlt.sys
Stato: File TROVATO
104 - 29/08/2006 - 11:01:41
37
TmPreFilter - Trend Micro PreFilter
\??\C:\Programmi\Trend Micro\OfficeScan Client\TmPreFlt.sys
Stato: File TROVATO
105 - 29/08/2006 - 11:01:41
37
VSApiNt - Trend Micro VSAPI NT
\??\C:\Programmi\Trend Micro\OfficeScan Client\VSApiNt.sys
Stato: File TROVATO
106 - 29/08/2006 - 11:01:41
30
C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\Webshots.lnk
C:\Programmi\Webshots\Launcher.exe
Stato: File TROVATO
107 - 29/08/2006 - 11:01:43
31
C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\Webshots.lnk
C:\Programmi\Webshots\Launcher.exe
Stato: File TROVATO
108 - 29/08/2006 - 11:01:43
32
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio Office.lnk
C:\Programmi\Microsoft Office\Office\OSA.EXE
Stato: File TROVATO
109 - 29/08/2006 - 11:01:43
32
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Stato: File TROVATO
110 - 29/08/2006 - 11:01:43
32
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Ricerca rapida.lnk
C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
Stato: File TROVATO
111 - 29/08/2006 - 11:01:43
32
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\siscmon.lnk
C:\WINDOWS\system32\siscmon.exe
Stato: File TROVATO
112 - 29/08/2006 - 11:01:43
33
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio Office.lnk
C:\Programmi\Microsoft Office\Office\OSA.EXE
Stato: File TROVATO
113 - 29/08/2006 - 11:01:43
33
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Stato: File TROVATO
114 - 29/08/2006 - 11:01:43
33
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Ricerca rapida.lnk
C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
Stato: File TROVATO
115 - 29/08/2006 - 11:01:43
33
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\siscmon.lnk
C:\WINDOWS\system32\siscmon.exe
Stato: File TROVATO
116 - 29/08/2006 - 11:01:43
40
Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Stato: File NON trovato
117 - 29/08/2006 - 11:01:43
41
Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Stato: File NON trovato
118 - 29/08/2006 - 11:01:43
42
Search Bar
http://go.compaq.com/1Q00CDT/0410/bl8.asp
Stato: File NON trovato
119 - 29/08/2006 - 11:01:43
43
Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Stato: File NON trovato
120 - 29/08/2006 - 11:01:43
44
Start Page
http://go.compaq.com/1Q00CDT/0410/bl7.asp
Stato: File NON trovato
121 - 29/08/2006 - 11:01:43
45
CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Stato: File NON trovato
122 - 29/08/2006 - 11:01:43
46
SearchAssistant
http://www.google.com/ie
Stato: File NON trovato
123 - 29/08/2006 - 11:01:43
49
Search Bar
http://www.google.com/ie
Stato: File NON trovato
124 - 29/08/2006 - 11:01:43
50
Search Page
http://www.google.com
Stato: File NON trovato
125 - 29/08/2006 - 11:01:43
51
Start Page
http://google.it/
Stato: File NON trovato
126 - 29/08/2006 - 11:07:06
29
LogBdr - LogBdr
"C:\Programmi\File comuni\Services\gLMF.exe"
Stato: File TROVATO