View Full Version : Problema errore scvhost.exe (hijackthis)
Come scritto nel topic http://www.hwupgrade.it/forum/showthread.php?t=1492507, mi hanno consigliato di postare qui il mio LOG di hijackthis per risolvere il problema:
Logfile of HijackThis v1.99.1
Scan saved at 12.21.15, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Nero\Nero 7\Core\nero.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Nero\Nero 7\Core\nero.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\alex\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE9A0280-E69E-4D06-AC07-0ED466C7715C}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
spero mi sappiate aiutare:)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
a mio parere sono da eliminare...se vuoi comunque puoi aspettare altri pareri, per essere più sicuro..
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
a mio parere sono da eliminare...se vuoi comunque puoi aspettare altri pareri, per essere più sicuro..
Ok aspetto qualcun altro, ma nel programma devo premere "Fix Checked" per eliminare il file infetto?
wizard1993
13-06-2007, 12:33
Ok aspetto qualcun altro, ma nel programma devo premere "Fix Checked" per eliminare il file infetto?
si
Ok, ho eliminato i file sopra citati..sembra che ora dopo aver riavviato il problema sia scomparso. Vi ringrazio tutti. Se ho ancora qualche problema vi farò sapere:D
Ok, ho eliminato i file sopra citati..sembra che ora dopo aver riavviato il problema sia scomparso. Vi ringrazio tutti. Se ho ancora qualche problema vi farò sapere:D
di niente figurati..se hai problemi siamo qui..ciao!;)
marpanto
13-08-2007, 21:46
scusate mi so iscritto adesso anch'io ho lostesso problema questo e il mio log cosa devo fare grazie
Logfile of HijackThis v1.99.1
Scan saved at 22.32.02, on 13/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmi\FreeLan 802.11g Wireless 125 Mbps PCI Card\WlanUtl.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\temp\tmp2E2.tmp.exe
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\erpanda\Documenti\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://it.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare applications\BearShare MediaBar\MediaBar.dll
R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MouseGest - {112AB43D-32C4-3B21-53BA-13A46743BC34} - C:\WINDOWS\system32\mousegex.dll
O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll
O2 - BHO: (no name) - {491FD961-0647-4C6A-86E5-4B5DCA8FA922} - C:\WINDOWS\system32\kbdsl32.dll (file missing)
O2 - BHO: (no name) - {591A8E9B-F839-4B16-B691-BC920281A25C} - C:\WINDOWS\system32\hlink32.dll (file missing)
O2 - BHO: (no name) - {6902F36D-E8DE-4F58-9A64-5B68B888130D} - c:\WINDOWS\Temp\~DP28.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Web Mon - {7428F943-BC4F-4A39-3B43-AB433C523B34} - C:\WINDOWS\system32\WebMons.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AB365B0F-4601-47B1-A211-C1E68B562EE6} - C:\WINDOWS\system32\sccbased.dll (file missing)
O2 - BHO: (no name) - {BBC9C77E-DA65-4CCA-8414-7FEFEC9A7030} - C:\WINDOWS\system32\mplvpx32.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmpE.tmp.dll
O2 - BHO: (no name) - {CA8CF6C0-0621-4144-A7D1-3FA9FD88AFE8} - C:\WINDOWS\system32\hnetmond.dll (file missing)
O2 - BHO: (no name) - {D1A818A6-3D1C-45D8-AE00-8EA33C90B573} - C:\WINDOWS\system32\mplaa632.dll (file missing)
O2 - BHO: (no name) - {d3a09b80-9885-4202-9ada-e107278b6bef} - C:\WINDOWS\system32\ati3L32.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~2\BEARSH~2\MediaBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare applications\BearShare MediaBar\MediaBar.dll
O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbShar.dll
O4 - HKLM\..\Run: [SoundMan] --SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] --RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] --nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] --RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DataLayer] --C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] --C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] --D:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] --C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ptipbmf] --rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] --rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] --"C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\erpanda\Documenti\RemoveWGA\RemoveWGA.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Soundlibs] C:\WINDOWS\soundlib.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\rqpooo.dll",forkonce
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] --C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FILECO~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [E07IXLRD_47844046] --"C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Softcam Downloader] --"C:\Documents and Settings\erpanda\Documenti\softcam_downloader_v04\softcam_downloader_v04\SoftCam.exe" /autorun
O4 - HKCU\..\Run: [MSMSGS] --"C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Winlogin] --C:\WINDOWS\system32\winlogin.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [gStart] c:\Garmin\gStart.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\OFFICE12\ONENOTEM.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: FreeLan 802.11g WLAN Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Pinnacle PCTV Scheduler.lnk = C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: StopDialers4.lnk = C:\Programmi\StopDialers4\stopdialers.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173815944375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ati3L32 - C:\WINDOWS\SYSTEM32\ati3L32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DomainService - Unknown owner - c:\windows\temp\tmp2E2.tmp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - --"C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - --"C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - --"C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - --"C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - --"C:\Programmi\File comuni\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - --"C:\Programmi\File comuni\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - --"C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: stllssvr - Unknown owner - --"C:\Programmi\File comuni\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: SysEnforce - Unknown owner - --C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - --C:\Programmi\Windows Media Player\WMPNetwk.exe (file missing)
Riverside
13-08-2007, 22:41
scusate mi so iscritto adesso anch'io ho lostesso problema questo e il mio log cosa devo fare grazie
E' un macello .... ma dove vi infilate quando navigate?
Disattiva il ripristino configurazione di sistema, poi rilancia HTthis e fixa tutta sta roba:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare applications\BearShare MediaBar\MediaBar.dll
O2 - BHO: MouseGest - {112AB43D-32C4-3B21-53BA-13A46743BC34} - C:\WINDOWS\system32\mousegex.dll
O2 - BHO: (no name) - {491FD961-0647-4C6A-86E5-4B5DCA8FA922} - C:\WINDOWS\system32\kbdsl32.dll (file missing)
O2 - BHO: (no name) - {591A8E9B-F839-4B16-B691-BC920281A25C} - C:\WINDOWS\system32\hlink32.dll (file missing)
O2 - BHO: (no name) - {6902F36D-E8DE-4F58-9A64-5B68B888130D} - c:\WINDOWS\Temp\~DP28.dll
O2 - BHO: Web Mon - {7428F943-BC4F-4A39-3B43-AB433C523B34} - C:\WINDOWS\system32\WebMons.dll
O2 - BHO: (no name) - {AB365B0F-4601-47B1-A211-C1E68B562EE6} - C:\WINDOWS\system32\sccbased.dll (file missing)
O2 - BHO: (no name) - {BBC9C77E-DA65-4CCA-8414-7FEFEC9A7030} - C:\WINDOWS\system32\mplvpx32.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmpE.tmp.dll
O2 - BHO: (no name) - {CA8CF6C0-0621-4144-A7D1-3FA9FD88AFE8} - C:\WINDOWS\system32\hnetmond.dll (file missing)
O2 - BHO: (no name) - {D1A818A6-3D1C-45D8-AE00-8EA33C90B573} - C:\WINDOWS\system32\mplaa632.dll (file missing)
O2 - BHO: (no name) - {d3a09b80-9885-4202-9ada-e107278b6bef} - C:\WINDOWS\system32\ati3L32.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~2\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Soundlibs] C:\WINDOWS\soundlib.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\rqpooo.dll",forkonce
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [Softcam Downloader] --"C:\Documents and Settings\erpanda\Documenti\softcam_downloader_v04\softcam_downloader_v04\SoftCam .exe" /autorun
O4 - HKCU\..\Run: [Winlogin] --C:\WINDOWS\system32\winlogin.exe
O20 - Winlogon Notify: ati3L32 - C:\WINDOWS\SYSTEM32\ati3L32.dll
O23 - Service: DomainService - Unknown owner - c:\windows\temp\tmp2E2.tmp.exe
Poi scarica CCLEANER:
link download: http://www.ccleaner.com/download/downloadpage.aspx?1
una volta installato, lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
● Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi su:
● Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
● alla voce Pulizia, spunta tutte le quelle comprese nella sezione Avanzate
● torna nel menu a sinistra, cliccate sulla voce Problemi ed avvia una scansione
● al termine della scansione clicca sulla voce Ripara selezionati e prosegui.
E rifai una scansione completa con l'antivirus aggiornato.
marpanto
13-08-2007, 22:47
grazie Riverside
guarda se va bene perchè lo fatto con booster 2
Logfile of HijackThis v1.99.1
Scan saved at 23.45.01, on 13/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\FreeLan 802.11g Wireless 125 Mbps PCI Card\WlanUtl.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
c:\windows\temp\tmp2E2.tmp.exe
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\erpanda\Documenti\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://it.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare applications\BearShare MediaBar\MediaBar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MouseGest - {112AB43D-32C4-3B21-53BA-13A46743BC34} - C:\WINDOWS\system32\mousegex.dll
O2 - BHO: (no name) - {491FD961-0647-4C6A-86E5-4B5DCA8FA922} - C:\WINDOWS\system32\kbdsl32.dll (file missing)
O2 - BHO: (no name) - {591A8E9B-F839-4B16-B691-BC920281A25C} - C:\WINDOWS\system32\hlink32.dll (file missing)
O2 - BHO: (no name) - {6902F36D-E8DE-4F58-9A64-5B68B888130D} - c:\WINDOWS\Temp\~DP28.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Web Mon - {7428F943-BC4F-4A39-3B43-AB433C523B34} - C:\WINDOWS\system32\WebMons.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AB365B0F-4601-47B1-A211-C1E68B562EE6} - C:\WINDOWS\system32\sccbased.dll (file missing)
O2 - BHO: (no name) - {BBC9C77E-DA65-4CCA-8414-7FEFEC9A7030} - C:\WINDOWS\system32\mplvpx32.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp26.tmp.dll
O2 - BHO: (no name) - {CA8CF6C0-0621-4144-A7D1-3FA9FD88AFE8} - C:\WINDOWS\system32\hnetmond.dll (file missing)
O2 - BHO: (no name) - {D1A818A6-3D1C-45D8-AE00-8EA33C90B573} - C:\WINDOWS\system32\mplaa632.dll (file missing)
O2 - BHO: (no name) - {d3a09b80-9885-4202-9ada-e107278b6bef} - C:\WINDOWS\system32\ati3L32.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~2\BEARSH~2\MediaBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [SoundMan] --SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] --RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] --nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] --RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DataLayer] --C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] --C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] --D:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] --C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ptipbmf] --rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] --rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] --"C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\erpanda\Documenti\RemoveWGA\RemoveWGA.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Soundlibs] C:\WINDOWS\soundlib.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxvsrp.dll",forkonce
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] --C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FILECO~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [E07IXLRD_47844046] --"C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Softcam Downloader] --"C:\Documents and Settings\erpanda\Documenti\softcam_downloader_v04\softcam_downloader_v04\SoftCam.exe" /autorun
O4 - HKCU\..\Run: [MSMSGS] --"C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Winlogin] --C:\WINDOWS\system32\winlogin.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [gStart] c:\Garmin\gStart.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\OFFICE12\ONENOTEM.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: FreeLan 802.11g WLAN Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Pinnacle PCTV Scheduler.lnk = C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: StopDialers4.lnk = C:\Programmi\StopDialers4\stopdialers.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173815944375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ati3L32 - C:\WINDOWS\SYSTEM32\ati3L32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DomainService - Unknown owner - c:\windows\temp\tmp2E2.tmp.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - (no file)
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - (no file)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - (no file)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - (no file)
Riverside
13-08-2007, 22:48
e fixa anche questo:
c:\windows\temp\tmp2E2.tmp.exe
in mezzo a quel casino mi era sfuggito :)
Poi ripubblica un log di HThis.
Riverside
13-08-2007, 22:51
Ma porca ladra ..... fixali con HThis, non con Booster.
Sono tutti li.:muro:
marpanto
14-08-2007, 10:02
scusa Riverside
controlla se ho fatto bene
Logfile of HijackThis v1.99.1
Scan saved at 10.59.26, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\FreeLan 802.11g Wireless 125 Mbps PCI Card\WlanUtl.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\erpanda\Documenti\hijackthis_199\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://it.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] --SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] --RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] --nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] --RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DataLayer] --C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] --C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] --D:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] --C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ptipbmf] --rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] --rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] --"C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\erpanda\Documenti\RemoveWGA\RemoveWGA.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] --C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FILECO~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [E07IXLRD_47844046] --"C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MSMSGS] --"C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [gStart] c:\Garmin\gStart.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\OFFICE12\ONENOTEM.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: FreeLan 802.11g WLAN Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Pinnacle PCTV Scheduler.lnk = C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: StopDialers4.lnk = C:\Programmi\StopDialers4\stopdialers.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173815944375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ati3L32 - C:\WINDOWS\SYSTEM32\ati3L32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - (no file)
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - (no file)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - (no file)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - (no file)
cosa devo fare per non prenderli più sempre se non ci sono
:mad: :mad: :mad: :mad:
grazie
wizard1993
14-08-2007, 10:13
fixa
O20 - Winlogon Notify: ati3L32 - C:\WINDOWS\SYSTEM32\ati3L32.dll
O23 - Service: Office Source Engine (ose) - Unknown owner - (no file)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - (no file)
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - (no file)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - (no file)
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
marpanto
14-08-2007, 10:41
ciao Winzard1993
questo e il log
Logfile of HijackThis v1.99.1
Scan saved at 11.35.01, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\FreeLan 802.11g Wireless 125 Mbps PCI Card\WlanUtl.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\erpanda\Documenti\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://it.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {d3a09b80-9885-4202-9ada-e107278b6bef} - C:\WINDOWS\system32\ati3L32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] --SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] --RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] --nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] --RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DataLayer] --C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] --C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] --D:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] --C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ptipbmf] --rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] --rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] --"C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\erpanda\Documenti\RemoveWGA\RemoveWGA.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] --C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FILECO~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [E07IXLRD_47844046] --"C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MSMSGS] --"C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [gStart] c:\Garmin\gStart.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\OFFICE12\ONENOTEM.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: FreeLan 802.11g WLAN Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Pinnacle PCTV Scheduler.lnk = C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: StopDialers4.lnk = C:\Programmi\StopDialers4\stopdialers.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173815944375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ati3L32 - C:\WINDOWS\SYSTEM32\ati3L32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - (no file)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - (no file)
questi non li toglie come mai.
O20 - Winlogon Notify: ati3L32 - C:\WINDOWS\SYSTEM32\ati3L32.dll
O23 - Service: Office Source Engine (ose) - Unknown owner - (no file)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - (no file)
cimmi come fare graze ciao
wizard1993
14-08-2007, 10:49
fai una scan con bitdefender e a-squared
marpanto
14-08-2007, 10:52
scusami dove li trovo questi prog grazie
scusa ma non ci sto capendo niente ciao.
:muro: :muro: :muro: :muro:
wizard1993
14-08-2007, 12:11
http://www.bitdefender.com/scan8/ie.html
http://www.emsisoft.it/it/software/ax/
marpanto
14-08-2007, 13:18
scusami wizard1993
ma non riesco ad installarli come devo fare so de coccio :muro: :muro: se dice a Roma ciao.
:help: :help: :help:
marpanto
14-08-2007, 13:26
non mi fà installare nessun antivirus questo e il mio nuovo log puoi controllarlo grazie
Logfile of HijackThis v1.99.1
Scan saved at 14.24.39, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\FreeLan 802.11g Wireless 125 Mbps PCI Card\WlanUtl.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\winlogon.exe
C:\Documents and Settings\erpanda\Documenti\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://it.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] --SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] --RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] --nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] --RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DataLayer] --C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] --C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] --D:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] --C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ptipbmf] --rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] --rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] --"C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\erpanda\Documenti\RemoveWGA\RemoveWGA.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [winlogon] c:\windows\temp\~DP14.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] --C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FILECO~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [E07IXLRD_47844046] --"C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MSMSGS] --"C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [gStart] c:\Garmin\gStart.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\OFFICE12\ONENOTEM.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: FreeLan 802.11g WLAN Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Pinnacle PCTV Scheduler.lnk = C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: StopDialers4.lnk = C:\Programmi\StopDialers4\stopdialers.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173815944375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - (no file)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - (no file)
juninho85
14-08-2007, 17:03
C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [winlogon] c:\windows\temp\~DP14.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FILECO~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [gStart] c:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
prova a eliminare questi
marpanto
14-08-2007, 17:41
ciao e grazie juninho85
guarda se va bene ciao.
Logfile of HijackThis v1.99.1
Scan saved at 18.39.16, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\FreeLan 802.11g Wireless 125 Mbps PCI Card\WlanUtl.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Pinnacle\Shared
Files\Programs\Scheduler\PCLEScheduler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\winlogon.exe ( scusa questo lo tolto come mai me lo
rimette?)
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and
Settings\erpanda\Documenti\hijackthis_199\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
= http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yah
oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://it.search.yah
oo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yah
oo.com
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] --SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] --RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] --nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] --RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DataLayer] --C:\Programmi\File
comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] --C:\Programmi\Nokia\Nokia
PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] --D:\Programmi\ABBYY
FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
--C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ptipbmf] --rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] --rundll32.exe
bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] --"C:\Programmi\Microsoft
Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File
comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and
Settings\erpanda\Documenti\RemoveWGA\RemoveWGA.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File
comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware
4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] --C:\Programmi\Nokia\Nokia PC Suite
6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft
ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [E07IXLRD_47844046] --"C:\Programmi\Microsoft
Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MSMSGS] --"C:\Programmi\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware]
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk =
C:\Programmi\Microsoft Office\OFFICE12\ONENOTEM.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk =
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: FreeLan 802.11g WLAN Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk =
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Pinnacle PCTV Scheduler.lnk =
C:\Programmi\Pinnacle\Shared
Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: StopDialers4.lnk =
C:\Programmi\StopDialers4\stopdialers.exe
O8 - Extra context menu item: &eBay Search -
res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Invia a OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta -
{B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File
comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
- C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl
Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/
muweb_site.cab?1173815944375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave
Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.c
ab
O18 - Protocol: grooveLocalGWS -
{88FED34C-F0CA-4636-A375-3CB6248B04CD} -
C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -
C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945}
- C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj -
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) -
Unknown owner - C:\Programmi\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero
BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File
comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - (no file)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner
- (no file)
juninho85
14-08-2007, 19:04
sei tu che devi dirmi se il problema sembra risolto o meno :D
prova ad avviare avenger (http://www.megalab.it/articoli.php?id=946) con questo script:
Files to delete:
C:\Windows\winlogon.exe
marpanto
14-08-2007, 19:53
ciao juninho85
non ho risolto non mi fa installare nesun antivirus ho nod32 con licenza ma nisba, lo script cosi deve essere file in txt
C:\Windows\winlogon.exe
dimmi come devo fare grazie ciao.
juninho85
15-08-2007, 11:02
la stringa da inputare è quella,nel link che ti ho postato trovi un esaustiva guida su come utilizzare avenger ;)
marpanto
16-08-2007, 14:19
ciao ho provato come dici tu ma non ho risolto questo log lo fatto con gmer se lo vuoi controllare grazie
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-16 15:13:22
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT 84C7DB70 SSDT[37]
SSDT 84C7DEB4 SSDT[71]
SSDT 84C7DC00 SSDT[73]
SSDT 84C7E154 SSDT[145]
SSDT 84C7E522 SSDT[160]
SSDT 84C7E2FA SSDT[173]
SSDT \WINDOWS\system32\ntoskrnl.exe [8058ED60] PUSH 0000009C; RET SSDT[0]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[1]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[2]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[3]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[4]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[5]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[6]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[7]
SSDT \WINDOWS\system32\ntoskrnl.exe [80580231] PUSH 000000B4; RET SSDT[8]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[9]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[10]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[11]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[12]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[13]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[14]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[15]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[16]
SSDT \WINDOWS\system32\ntoskrnl.exe [8056FE06] PUSH 000000F8; RET SSDT[17]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[18]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[19]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[20]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[21]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[22]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[23]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[24]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[25]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[26]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[27]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[28]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[29]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[30]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[31]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[32]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[33]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[34]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[35]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[36]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[38]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[39]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[40]
SSDT \WINDOWS\system32\ntoskrnl.exe [80577237] PUSH 000000C4; RET SSDT[41]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[42]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[43]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[44]
SSDT \WINDOWS\system32\ntoskrnl.exe [805C4F51] PUSH 000000DC; RET SSDT[45]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[46]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[47]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[48]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[49]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[50]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[51]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[52]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[53]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[54]
SSDT \WINDOWS\system32\ntoskrnl.exe [805B6AFB] PUSH 000000BC; RET SSDT[55]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[56]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[57]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[58]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[59]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[60]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[62]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[63]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[64]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[65]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[66]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[67]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[68]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[69]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[72]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[74]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[75]
SSDT \WINDOWS\system32\ntoskrnl.exe [805B20FE] PUSH 000000B0; RET SSDT[76]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[77]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[78]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[79]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[80]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[81]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[82]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[83]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[84]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[85]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[86]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[87]
SSDT \WINDOWS\system32\ntoskrnl.exe [8053EA41] PUSH 00000468; RET SSDT[88]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[89]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[90]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[91]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[92]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[93]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[94]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[95]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[96]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[97]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[98]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[99]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[100]
SSDT \WINDOWS\system32\ntoskrnl.exe [805DD160] PUSH 000008B4; RET SSDT[101]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[102]
SSDT \WINDOWS\system32\ntoskrnl.exe [805BE851] PUSH 00000080; RET SSDT[103]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[104]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[105]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[106]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[107]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[108]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[110]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[111]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[112]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[113]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[114]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[115]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[116]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[117]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[118]
SSDT \WINDOWS\system32\ntoskrnl.exe [80571CBC] PUSH 00000094; RET SSDT[119]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[120]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[121]
SSDT \WINDOWS\system32\ntoskrnl.exe [8057908C] PUSH 000000C4; RET SSDT[122]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[123]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[124]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[125]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[126]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[127]
SSDT \WINDOWS\system32\ntoskrnl.exe [805B132C] PUSH 000000C0; RET SSDT[128]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[129]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[130]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[131]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[132]
SSDT \WINDOWS\system32\ntoskrnl.exe [805B4C1E] PUSH 00000340; RET SSDT[133]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[134]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[135]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[136]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[137]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[138]
SSDT \WINDOWS\system32\ntoskrnl.exe [80581D40] PUSH 00000144; RET SSDT[139]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[142]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[143]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[144]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[146]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[147]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[148]
SSDT \WINDOWS\system32\ntoskrnl.exe [805841BF] PUSH 00000148; RET SSDT[149]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[150]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[151]
SSDT \WINDOWS\system32\ntoskrnl.exe [8058A396] PUSH 00000160; RET SSDT[152]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[153]
SSDT \WINDOWS\system32\ntoskrnl.exe [80574FEE] PUSH 000001D8; RET SSDT[154]
SSDT \WINDOWS\system32\ntoskrnl.exe [8057464A] PUSH 00000090; RET SSDT[155]
SSDT \WINDOWS\system32\ntoskrnl.exe [80575A08] PUSH 00000100; RET SSDT[156]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[157]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[158]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[159]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[161]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[162]
SSDT \WINDOWS\system32\ntoskrnl.exe [80588457] PUSH 0000009C; RET SSDT[163]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[164]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[165]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[166]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[167]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[168]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[169]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[170]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[171]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[172]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[174]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[175]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[176]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[177]
SSDT \WINDOWS\system32\ntoskrnl.exe [80581657] PUSH 00000084; RET SSDT[178]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[179]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[180]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[181]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[182]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[183]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[184]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[185]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[186]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[187]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[188]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[189]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[190]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[191]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[192]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[193]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[194]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[195]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[196]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[197]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[198]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[199]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[200]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[201]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[202]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[203]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[204]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[205]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[206]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[207]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[208]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[209]
SSDT \WINDOWS\system32\ntoskrnl.exe [8058E596] PUSH 00000084; RET SSDT[210]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[213]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[214]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[215]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[216]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[217]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[218]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[219]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[220]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[221]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[222]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[223]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[224]
SSDT \WINDOWS\system32\ntoskrnl.exe [805E541E] PUSH 00000298; RET SSDT[225]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[226]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[227]
SSDT \WINDOWS\system32\ntoskrnl.exe [80581B2D] PUSH 000000FC; RET SSDT[228]
SSDT \WINDOWS\system32\ntoskrnl.exe [80575534] PUSH 000000D0; RET SSDT[229]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[230]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[231]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[232]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[233]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[234]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[235]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[236]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[237]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[238]
SSDT \WINDOWS\system32\ntoskrnl.exe [805E5DDD] PUSH 00000174; RET SSDT[240]
SSDT \WINDOWS\system32\ntoskrnl.exe [8066D0F9] PUSH 000000AC; RET SSDT[241]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[242]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[243]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[244]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[245]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[246]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[247]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[248]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[249]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[250]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[251]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[252]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[253]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[254]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[255]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[256]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[257]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[258]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[259]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[260]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[261]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[262]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[263]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[264]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[265]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[266]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[267]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[268]
SSDT \WINDOWS\system32\ntoskrnl.exe [8065FB04] PUSH 000000A0; RET SSDT[269]
SSDT \WINDOWS\system32\ntoskrnl.exe [8056DCA1] PUSH 00000348; RET SSDT[270]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[271]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[272]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[273]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[274]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[275]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[276]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[277]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[278]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[279]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[280]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[281]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[282]
SSDT \WINDOWS\system32\ntoskrnl.exe SSDT[283]
---- Kernel code sections - GMER 1.0.13 ----
? \WINDOWS\system32\ntoskrnl.exe Impossibile trovare il file specificato.
---- User code sections - GMER 1.0.13 ----
.text C:\Programmi\Internet Explorer\iexplore.exe[3972] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF2A1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3972] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 43790277 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3972] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 437901F8 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3972] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 4379023C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3972] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 43790184 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3972] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437901BE C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3972] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437902B2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\Internet Explorer\iexplore.exe[3972] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 4362164E C:\WINDOWS\system32\IEFRAME.dll
---- User IAT/EAT - GMER 1.0.13 ----
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Programmi\Yahoo!\Shared\YbSkin2.dll
---- Devices - GMER 1.0.13 ----
Device \Driver\hardlock \Device\HLVol IRP_MJ_DEVICE_CONTROL [B9AEB568] hl_mull.SYS
Device \Driver\hardlock \Device\HLVol IRP_MJ_INTERNAL_DEVICE_CONTROL [B9AEB568] hl_mull.SYS
Device \Driver\hardlock \Device\FNT0 IRP_MJ_DEVICE_CONTROL [B9AEB568] hl_mull.SYS
Device \Driver\hardlock \Device\FNT0 IRP_MJ_INTERNAL_DEVICE_CONTROL [B9AEB568] hl_mull.SYS
Device \Driver\pci32 \Device\pci32 IRP_MJ_CREATE 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_CREATE_NAMED_PIPE 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_CLOSE 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_READ 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_WRITE 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_QUERY_INFORMATION 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_SET_INFORMATION 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_QUERY_EA 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_SET_EA 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_FLUSH_BUFFERS 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_QUERY_VOLUME_INFORMATION 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_SET_VOLUME_INFORMATION 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_DIRECTORY_CONTROL 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_FILE_SYSTEM_CONTROL 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_DEVICE_CONTROL 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_INTERNAL_DEVICE_CONTROL 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_SHUTDOWN 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_LOCK_CONTROL 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_CLEANUP 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_CREATE_MAILSLOT 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_QUERY_SECURITY 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_SET_SECURITY 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_POWER 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_SYSTEM_CONTROL 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_DEVICE_CHANGE 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_QUERY_QUOTA 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_SET_QUOTA 84C8798C
Device \Driver\pci32 \Device\pci32 IRP_MJ_PNP 84C8798C
Device \Driver\WinDriver6 \Device\WINDRVR6 IRP_MJ_CREATE [F6E3A170] windrvr6.sys
Device \Driver\WinDriver6 \Device\WINDRVR6 IRP_MJ_CLOSE [F6E3A170] windrvr6.sys
Device \Driver\WinDriver6 \Device\WINDRVR6 IRP_MJ_DEVICE_CONTROL [F6E3A170] windrvr6.sys
Device \Driver\WinDriver6 \Device\WINDRVR6 IRP_MJ_CLEANUP [F6E3A170] windrvr6.sys
Device \Driver\WinDriver6 \Device\WINDRVR6 IRP_MJ_POWER [F6E49520] windrvr6.sys
Device \Driver\WinDriver6 \Device\WINDRVR6 IRP_MJ_SYSTEM_CONTROL [F6E4A600] windrvr6.sys
Device \Driver\WinDriver6 \Device\WINDRVR6 IRP_MJ_PNP [F6E4A680] windrvr6.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL [F70ECCBC] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F70ED7DC] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL [F70ECCBC] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL [F70ED7DC] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL [F70ECCBC] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F70ED7DC] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL [F70ECCBC] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL [F70ED7DC] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL [F70ECCBC] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL [F70ED7DC] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL [F70ECCBC] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F70ED7DC] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_DEVICE_CONTROL [F70ECCBC] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL [F70ED7DC] AnyDVD.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_CREATE [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_CREATE_NAMED_PIPE [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_CLOSE [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_READ [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_WRITE [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_QUERY_INFORMATION [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SET_INFORMATION [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_QUERY_EA [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SET_EA [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_FLUSH_BUFFERS [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_QUERY_VOLUME_INFORMATION [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SET_VOLUME_INFORMATION [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_DIRECTORY_CONTROL [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_FILE_SYSTEM_CONTROL [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_DEVICE_CONTROL [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_INTERNAL_DEVICE_CONTROL [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SHUTDOWN [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_LOCK_CONTROL [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_CLEANUP [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_CREATE_MAILSLOT [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_QUERY_SECURITY [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SET_SECURITY [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_POWER [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SYSTEM_CONTROL [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_DEVICE_CHANGE [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_QUERY_QUOTA [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SET_QUOTA [F79C6886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_PNP [F79C6886] msgpc.sys
---- Files - GMER 1.0.13 ----
File C:\Documents and Settings\erpanda\Dati applicazioni\hidires
File C:\Documents and Settings\erpanda\Dati applicazioni\hidires\hidr.exe
File C:\Documents and Settings\erpanda\Dati applicazioni\hidires\rosa.sys
File C:\Documents and Settings\erpanda\Dati applicazioni\Symantec\Shared
File C:\Documents and Settings\erpanda\Dati applicazioni\Symantec\Shared\MyProfile.UserProfile
File C:\Documents and Settings\erpanda\Dati applicazioni\Symantec\Shared\Sessions
File C:\Documents and Settings\erpanda\Dati applicazioni\Symantec\Shared\Sessions\20060715165014890.liveReg
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared\blank-img.jpg
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared\icon-01.jpg
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared\icon-04b.jpg
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared\icon-06.jpg
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared\style-09cal.css
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared\style-10cont.css
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared\style-common.css
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared\style-email.css
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared\style-header1.css
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared\style-header2.css
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared\style-mms.css
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared\style-msgs-common.css
File C:\Documents and Settings\erpanda\Documenti\Musica\memori faby\System\Apps\RSPrint\templates\shared\style-pageheader.css
ADS C:\Documents and Settings\erpanda\Preferiti\poigps\NAVTEQ - NAVTEQ Map Reporter:favicon
File C:\Programmi\File comuni\Corel\Shared
File C:\Programmi\File comuni\Corel\Shared\Writing Tools
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\Wt13cbeEN.CBD
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\Wt13cbeit.cbt
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\wt13ce.sav
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\Wt13it.sav
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\wt13oz.sav
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\wt13uk.adv
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\wt13uk.rul
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\wt13uk.sav
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\wt13us.adv
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\wt13us.rul
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\Wt13us.sav
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\WTGEUK.chm
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\WTGEUS.chm
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\WTIT.chm
File C:\Programmi\File comuni\Corel\Shared\Writing Tools\13\WTSPUT.chm
File C:\Programmi\File comuni\Microsoft Shared\DevHelp\Shared
File C:\Programmi\File comuni\Microsoft Shared\DevHelp\Shared\v8.0
File C:\Programmi\File comuni\Microsoft Shared\DevHelp\Shared\v8.0\1040
File C:\Programmi\File comuni\Microsoft Shared\DevHelp\Shared\v8.0\1040\_SharedStub.hxq
File C:\Programmi\Microsoft SQL Server\90\Shared
File C:\Programmi\Microsoft SQL Server\90\Shared\custsat.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\dbghelp.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\ErrorDumps
File C:\Programmi\Microsoft SQL Server\90\Shared\instapi.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\isacctchange.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\mdf_ndf_dbfiles.ico
File C:\Programmi\Microsoft SQL Server\90\Shared\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\Microsoft.SqlSac.Public.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\msasxpress.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\msxmlsql.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\Resources
File C:\Programmi\Microsoft SQL Server\90\Shared\Resources\1033
File C:\Programmi\Microsoft SQL Server\90\Shared\Resources\1033\msxmlsql.rll
File C:\Programmi\Microsoft SQL Server\90\Shared\Resources\1033\sbevent.rll
File C:\Programmi\Microsoft SQL Server\90\Shared\Resources\1033\sqladevn90.rll
File C:\Programmi\Microsoft SQL Server\90\Shared\Resources\1033\sqlmgmprovider.mfl
File C:\Programmi\Microsoft SQL Server\90\Shared\SAC.exe
File C:\Programmi\Microsoft SQL Server\90\Shared\sqladhlp90.exe
File C:\Programmi\Microsoft SQL Server\90\Shared\SqlBoot.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
File C:\Programmi\Microsoft SQL Server\90\Shared\SqlDumper.exe
File C:\Programmi\Microsoft SQL Server\90\Shared\sqlftacct.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\sqlmgmprovider.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\sqlmgmproviderxpsp2up.mof
File C:\Programmi\Microsoft SQL Server\90\Shared\SqlSAC.exe
File C:\Programmi\Microsoft SQL Server\90\Shared\sqlsecacctchg.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\sqlsqm.exe
File C:\Programmi\Microsoft SQL Server\90\Shared\sqlsvcsync.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\SqlWtsn.exe
File C:\Programmi\Microsoft SQL Server\90\Shared\svrenumapi.dll
File C:\Programmi\Microsoft SQL Server\90\Shared\transaction_logfile.ico
File C:\Programmi\Movie Maker\shared
File C:\Programmi\Movie Maker\shared\empty.txt
File C:\Programmi\Movie Maker\shared\filters.xml
File C:\Programmi\Movie Maker\shared\news.png
File C:\Programmi\Movie Maker\shared\paint.png
File C:\Programmi\Movie Maker\shared\profiles
File C:\Programmi\Movie Maker\shared\profiles\blank.txt
File C:\Programmi\Movie Maker\shared\sample1.jpg
File C:\Programmi\Movie Maker\shared\sample2.jpg
File C:\Programmi\National Instruments\Shared
File C:\Programmi\National Instruments\Shared\Mesa
File C:\Programmi\National Instruments\Shared\Mesa\mesa.dll
File C:\Programmi\Yahoo!\Shared
File C:\Programmi\Yahoo!\Shared\Graphics
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\activity_speaker_states.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\border_bot.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\border_bot.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\border_left.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\border_left.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\border_right.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\border_right.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\border_top.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\border_top.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\button_chevron_down.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\button_chevron_up.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\capbuttons.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\checkbox.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\columnheads.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\combo.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\combo_arrow.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\connect_chunkyanim.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\dark_connect_chunkyanim.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\dialbtn_pad.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\donotdisturb.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\games_close.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\grabbie.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\grabbie.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\groupboxedge.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\headerbg.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\icons_tbar_disabled.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\icons_tbar_hot.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\icons_tbar_normal.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\indigo.xml
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\itabs.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\menubar.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\menubar_states.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\menuitem.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\menusearchbar.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\menu_bg.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\menu_scroll.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\menu_sep.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\mute_states.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\pab_abook_off.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\pab_abook_on.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\pab_add1.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\pab_mlist1_off.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\pab_mlist1_on.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\photoshare_slider.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\photoshare_slider_tray.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\preview_indigo.jpg
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\progressbar.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\pushbuttons.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\radio.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\scroll_buttons.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\scroll_griph.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\scroll_gripv.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\scroll_hbg.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\scroll_hhandle.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\scroll_vbg.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\scroll_vhandle.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\search_bang.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\silver_bg.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\slotborder.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\slotborder_we.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\slot_empty_bg.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\statusbar.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\statusgrabber.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\subhdrbg.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\subhdrbg_cls.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\subhdrbg_cls_hover.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\subhdrbg_hover.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\sys_menu.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\tabs.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\tabs_standard.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\tab_border.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\tbar_sep.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\title.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\title_down.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\title_hover.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\title_up.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\toolbarbuttons.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\tool_border_left.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\tool_border_left.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\tool_border_right.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\tool_border_right.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\tool_border_top.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\tool_border_top.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\tool_capbuttons.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\trackbar_h.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_down.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_horz.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_left.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_right.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_up.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_vert.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\trackbar_v.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\triangletray.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\typedown.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\up_down.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\up_down_arrow.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\up_down_h.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\up_down_h_arrow.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_callbtn.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\Voice_Circle.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_ctrls.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_0.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_1.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_10.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_11.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_2.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_3.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_4.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_5.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_6.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_7.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_8.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_9.png
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_lights.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_ringer.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_tbar.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_tbar_hold.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Indigo\voice_tbar_incoming.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\border_bot.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\border_bot.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\border_left.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\border_left.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\border_right.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\border_right.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\border_top.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\border_top.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\button_chevron_down.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\button_chevron_up.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\capbuttons.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\checkbox.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\columnheads.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\combo.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\combo_arrow.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\dialbtn_pad.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\donotdisturb.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\games_close.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\grabbie.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\grabbie.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\groupboxedge.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\headerbg.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\icons_tbar_disabled.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\icons_tbar_hot.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\icons_tbar_normal.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\itabs.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\maverick.xml
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\menubar.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\menubar_states.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\menuitem.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\menusearchbar.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\menu_bg.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\menu_scroll.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\menu_sep.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\pab_abook_off.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\pab_abook_on.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\pab_add1.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\pab_mlist1_off.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\pab_mlist1_on.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\photoshare_slider.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\photoshare_slider_tray.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\preview_mavblue.jpg
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\progressbar.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\pushbuttons.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\radio.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\scroll_buttons.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\scroll_griph.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\scroll_gripv.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\scroll_hbg.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\scroll_hhandle.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\scroll_vbg.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\scroll_vhandle.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\search_bang.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\silver_bg.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\slotborder.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\slotborder_we.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\slot_empty_bg.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\statusbar.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\statusgrabber.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\subhdrbg.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\subhdrbg_cls.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\subhdrbg_cls_hover.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\subhdrbg_hover.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\sys_menu.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tabs.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tabs_standard.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tab_border.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tbar_bg.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tbar_sep.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\title.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\title_down.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\title_hover.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\title_up.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\toolbarbuttons.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tool_border_left.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tool_border_left.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tool_border_right.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tool_border_right.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tool_border_top.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tool_border_top.rgn
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\tool_capbuttons.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\trackbar_h.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_down.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_horz.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_left.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_right.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_up.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_vert.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\trackbar_v.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\triangletray.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\typedown.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\up_down.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\up_down_arrow.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\up_down_h.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\up_down_h_arrow.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_callbtn.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_ctrls.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_0.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_1.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_10.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_11.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_2.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_3.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_4.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_5.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_6.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_7.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_8.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_9.png
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_lights.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_ringer.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_tbar.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_tbar_hold.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\Maverick\voice_tbar_incoming.bmp
File C:\Programmi\Yahoo!\Shared\Graphics\preview_classic_msgr.jpg
File C:\Programmi\Yahoo!\Shared\npYState.dll
File C:\Programmi\Yahoo!\Shared\YAlertCenter.dll
File C:\Programmi\Yahoo!\Shared\YbSkin2.dll
File C:\Programmi\Yahoo!\Shared\YbSkinSelect.dll
File C:\Programmi\Yahoo!\Shared\YbSkinSelectRes.dll
File C:\WINDOWS\ime\shared
File C:\WINDOWS\ime\shared\res
File C:\WINDOWS\system32\drivers\hidr.exe
File C:\WINDOWS\system32\drivers\pci32.sys
---- EOF - GMER 1.0.13 ----
juninho85
16-08-2007, 15:52
Hai beagle;)
scarica avenger (http://www.megalab.it/articoli.php?id=946) e inputa questo script:
Files to delete:
%SystemDrive%:\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%:\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%:\WINDOWS\system32\wintems.exe
%SystemDrive%:\WINDOWS\system32\hldrrr.exe
%SystemDrive%:\WINDOWS\system32\trusted.exe
%SystemDrive%:\Documents and Settings\%UserProfile%\Dati applicazioni\Impostazioni locali\Temp\*.exe
%SystemDrive%:\Documents and Settings\%UserProfile%\Dati applicazioni\Impostazioni locali\Temp\*.tmp
folders to delete:
%SystemDrive%:\Documents and Settings\%UserProfile%\Dati applicazioni\hidires
%SystemDrive%:\WINDOWS\exefld
registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\rosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa
registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrr
poi posta il log di avenger
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.