Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?
Ricarica la Pagina rimozione DIALER

HONOR Magic V5: il pieghevole ultra sottile e completo! La recensione
HONOR Magic V5: il pieghevole ultra sottile e completo! La recensione
Abbiamo provato per diverse settimane il nuovo Magic V5 di HONOR, uno smartphone pieghevole che ci ha davvero stupito. Il device è il più sottile (solo 4.1mm) ma non gli manca praticamente nulla. Potenza garantita dallo Snapdragon 8 Elite, fotocamere di ottima qualità e batteria in silicio-carbonio che garantisce un'ottima autonomia. E il Prezzo? Vi diciamo tutto nella nostra recensione completa.
Recensione Google Pixel 10 Pro XL: uno zoom 100x assurdo sempre in tasca (e molto altro)
Recensione Google Pixel 10 Pro XL: uno zoom 100x assurdo sempre in tasca (e molto altro)
Google Pixel 10 Pro XL è il top di gamma della serie Pixel, presentando un ampio display Super Actua da 6.8 pollici insieme alle novità della serie, fra cui la ricarica wireless magnetica Pixelsnap e le nuove funzionalità AI avanzate. Il comparto fotografico include un sistema a tripla fotocamera con zoom Pro Res fino a 100x, mentre il processore Tensor G5 con 16GB di RAM garantisce prestazioni percepite molto elevate su Android.
Lenovo IdeaPad Slim 3: un notebook Snapdragon X economico
Lenovo IdeaPad Slim 3: un notebook Snapdragon X economico
Forte della piattaforma Qualcomm Snapdragon X, il notebook Lenovo IdeaPad Slim 3 riesce a coniugare caratteristiche tecniche interessanti ad uno chassis robusto, con autonomia di funzionamento a batteria che va ben oltre la tipica giornata di lavoro. Un notebook dal costo accessibile pensato per l'utilizzo domestico o in ufficio, soprattutto con applicazioni native per architettura ARM
Roscosmos: RSC Energia smentisce la crisi ma un ex-dirigente parla di problemi che risalgono ad anni prima
Da 309€ a 549€, fino a 32GB di RAM: ecco i 5 portatili tuttofare perfetti per scuola e lavoro, tutti di marca e potenti
Beats mai così convenienti: sconti fino al -35% con cancellazione del rumore e lunga autonomia
Da 27,78€ a 56,99€: 5 accessori indispensabili per auto, bici e moto (anche Bosch e Xiaomi) per pulizia, emergenze e manutenzione
3 minuti: è il tempo per vedere le 32 offerte su Amazon, quelle reali, per risparmiare davvero tanti soldi
Gli Amazfit sono ora gli smartwatch più convenienti su Amazon: GTR 3 da 46mm a soli 69€, un affare da non perdere
Rowenta alza la posta: scopa elettrica super accessoriata a soli 109€, un affare che mette in crisi i marchi low cost
6 robot per le pulizie completi in offerta su Amazon: un ECOVACS a 365€, Xiaomi e roborock da 399€, quale scegliere per casa tua?
Friggitrice ad aria Cecofry Full InoxBlack Pro 5500 a 43€ e quella da 9 litri a 69€: prezzi pazzeschi per modelli che vanno benissimo
iPhone 16 Pro Max a 10€ in più del minimo storico e anche 16 Plus in offerta su Amazon: prestazioni da top di gamma e autonomia senza rivali
Una chiavetta USB, ma SanDisk Ultra Slider è di fatto un SSD: 1TB e 400MB/s scende a soli 55€, costava 80€, super anche le microSD
Tutti gli articoli Tutte le news

Vai al Forum
Rispondi
 
Strumenti
Old 29-07-2007, 21:55   #1
crifed
Member
 
Iscritto dal: May 2007
Messaggi: 61
rimozione DIALER
Salve a tutti, vi prego aiutatemi.
Da un pò di tempo quando mi collego ai programmi p2p mi accade sempre di imbattermi in questo antipatico virus che poi mi fa saltare il collegamento con il mio provider, ALICE di Telecom.
Quando uso l'antivirus AVG al termine viene sempre scovato questo: POTENTIALLY HARMFUL PROGRAM DIALER.DMZ ed il file si presenta con nomi diversi come: xdozda.exe oppure come oggi llfuwa.exe.
Dopo la scansione tutto funziona bene ma purtroppo il problema ritorna, come faccio a debellarlo in maniera definitiva?

P.S. il file si annida sepmre nella cartella: document e setting
crifed è offline   Rispondi citando il messaggio o parte di esso
Old 29-07-2007, 22:45   #2
lancetta
Senior Member
 
L'Avatar di lancetta
 
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
Ciao fai una cosa prima disattiva il ripristino config di sistema se non sai come fare vedi QUI link
Pulita con CCleaner( QUI)disattivando dalle opzioni avanzate "cancella solo file più vecchi di 48 ore" oppure con ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 (è stand alone) Avvia ATF Cleaner
(se usi Firefox o Opera, selezionali dal menu in alto)
metti la spunta su "Select All" per ogni browser
e clicca su "Empty Selected" poi posta un log di hijackthis se non c'è l'hai scaricalo da QUI LINK è stand alone (senza installazione) lo avvii e dalla schermata clik su "do a system scan and save a logfile" ti si aprirà una schermata txt con dei dati, copi ed incolli nel prossimo post.

Saluti
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
lancetta è offline   Rispondi citando il messaggio o parte di esso
Old 30-07-2007, 12:11   #3
crifed
Member
 
Iscritto dal: May 2007
Messaggi: 61
ti ringrazio anticipatamente per il tuo consiglio, ma purtroppo devo chiederti di spiegarmelo in modo più semplice, se non ti disturba, non sono molto bravo in queste cose.
crifed è offline   Rispondi citando il messaggio o parte di esso
Old 30-07-2007, 15:36   #4
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
ti scarichi ccleaner,lo installi lo avvii
vai a imposta zioni avanzate e togli la spunta a cancella file il windows temp solo più vecchi di 48 ore;
http://img224.imageshack.us/my.php?i...mmaginemp4.jpg
e poi fai una scan
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 30-07-2007, 15:37   #5
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
per hijackthis lo scarichi lo avvi accetti la licenza poi premi il primo pulsante e posti il file di testo risultante
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 31-07-2007, 21:51   #6
crifed
Member
 
Iscritto dal: May 2007
Messaggi: 61
Ho effettuato i passaggi che mi hai consigliato, ti prego dammi buone notizie.



Logfile of HijackThis v1.99.1
Scan saved at 22.49.08, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\zhyfaa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\eMule\emule.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Francesco\Documenti\Gli Indispensabili\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ansa.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S8F.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S138.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [netlkhxe] "c:\windows\system32\netlkhxe.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zhyfaa.exe] C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\zhyfaa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4634FAE5-0C8F-4CC4-984E-10B4A0D41F95}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
crifed è offline   Rispondi citando il messaggio o parte di esso
Old 31-07-2007, 22:05   #7
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
Quote:
Originariamente inviato da crifed Guarda i messaggi
O4 - HKLM\..\Run: [netlkhxe] "c:\windows\system32\netlkhxe.exe"
O4 - HKLM\..\Run: [zhyfaa.exe] C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\zhyfaa.exe
fixa questi due dopo aver disabilitato il ripristino configurazione di sistema
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 01-08-2007, 04:43   #8
crifed
Member
 
Iscritto dal: May 2007
Messaggi: 61
mi puoi spiegare in modo più semplice come fare? comunque ti ringrazio anticipatamente per l'ottimo consiglio.
crifed è offline   Rispondi citando il messaggio o parte di esso
Old 01-08-2007, 15:46   #9
crifed
Member
 
Iscritto dal: May 2007
Messaggi: 61
amici sto ammattendo aiutatemi anche poco fa trovato un ospite indesiderato e la connessione ad ALICE va giu, sono riuscito momentaneamente ad eliminarlo tramite panda software Nanoscan ma ritornerà, ho scaricato vari programmi come Trojan removal ed ho avuto questo risultato:

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.1.2477. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 01/08/2007 16.06.14
Using Database v6836
Operating System: Windows XP Media Center Edition Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\Francesco\Dati applicazioni\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Francesco\Documenti\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Spyware

**************************************************

Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

**************************************************
16.06.14: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

**************************************************
16.06.14: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

**************************************************
16.06.14: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
16.06.14: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = ehTray
Value Data = C:\WINDOWS\ehome\ehtray.exe - this command has been left in place
--------------------
Value Name = SoundMan
Value Data = SOUNDMAN.EXE - this command has been left in place
--------------------
Value Name = EPSON Stylus Photo R240 Series
Value Data = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S8F.tmp" /EF "HKLM - this command has been left in place
--------------------
Value Name = NWEReboot
The Value Data for this entry appears to be blank
--------------------
Value Name = !AVG Anti-Spyware
Value Data = F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized - this command has been left in place
--------------------
Value Name = BluetoothAuthenticationAgent
Value Data = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent - this command has been left in place
--------------------
Value Name = Motive SmartBridge
Value Data = C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe - this command has been left in place
--------------------
Value Name = QuickTime Task
Value Data = C:\Programmi\QuickTime\qttask.exe" -atboottime - this command has been left in place
--------------------
Value Name = PinnacleDriverCheck
Value Data = C:\WINDOWS\system32\\PSDrvCheck.exe - this command has been left in place
--------------------
Value Name = USB2Check
Value Data = RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController - this command has been left in place
--------------------
Value Name = USBToolTip
Value Data = C:\Programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe - this command has been left in place
--------------------
Value Name = EPSON Stylus Photo R240 Series (Copia 1)
Value Data = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S138.tmp" /EF "HKLM - this command has been left in place
--------------------
Value Name = netlkhxe
c:\windows\system32\netlkhxe.exe appears to be in-use/locked - scanning skipped.
Value Data = c:\windows\system32\netlkhxe.exe - this command has been left in place
--------------------
Value Name = Adobe Photo Downloader
Value Data = C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe - this command has been left in place
--------------------
Value Name = Adobe Reader Speed Launcher
Value Data = C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe - this command has been left in place
--------------------
Value Name = NeroFilterCheck
Value Data = C:\WINDOWS\system32\NeroCheck.exe - this command has been left in place
--------------------
Value Name = AVG7_CC
Value Data = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = f:\Programmi\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = CTFMON.EXE
Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
Value Name = MSMSGS
Value Data = C:\Programmi\Messenger\msmsgs.exe" /background - this command has been left in place
--------------------
Value Name = swg
Value Data = C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - this command has been left in place
--------------------
Value Name =
The Value Data for this entry appears to be blank
--------------------
Value Name = StartCCC
Value Data = C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - this command has been left in place
--------------------
Value Name = ccleaner
Value Data = C:\Programmi\CCleaner\ccleaner.exe" /AUTO - this command has been left in place
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

**************************************************
16.06.50: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - this ShellExecuteHook has been left in place
----------

**************************************************
16.06.50: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
16.06.50: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

**************************************************
16.06.50: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Programmi\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Programmi\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

**************************************************
16.06.52: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=BthServ
ServiceDLL=%SystemRoot%\System32\bthserv.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this reference has been left in place
--------------------
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=MHN
ServiceDLL=%SystemRoot%\System32\mhn.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RemoteRegistry
ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\system32\mspmsnsv.dll - this reference has been left in place
--------------------
Key=Wmi
ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
--------------------
Key=xmlprov
ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

**************************************************
16.06.56: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=61883
ImagePath=system32\DRIVERS\61883.sys - this reference has been left in place
----------
Key=a2free
ImagePath=f:\Programmi\a-squared Free\a2service.exe - this reference has been left in place
----------
Key=ACPI
ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALCXSENS
ImagePath=system32\drivers\ALCXSENS.SYS - this reference has been left in place
----------
Key=ALCXWDM
ImagePath=system32\drivers\ALCXWDM.SYS - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=AmdK7
ImagePath=system32\DRIVERS\amdk7.sys - this reference has been left in place
----------
Key=ASAPIW2K
ImagePath=System32\Drivers\ASAPIW2K.sys - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Ati HotKey Poller
ImagePath=%SystemRoot%\system32\Ati2evxx.exe - this reference has been left in place
----------
Key=ATI Smart
ImagePath=C:\WINDOWS\system32\ati2sgag.exe - this reference has been left in place [file not found to scan]
----------
Key=ati2mtag
ImagePath=system32\DRIVERS\ati2mtag.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=Avc
ImagePath=system32\DRIVERS\avc.sys - this reference has been left in place
----------
Key=AVG Anti-Spyware Driver
ImagePath=\??\F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys - this reference has been left in place
----------
Key=AVG Anti-Spyware Guard
ImagePath=F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe - this reference has been left in place
----------
Key=Avg7Alrt
ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - this reference has been left in place
----------
Key=Avg7Core
ImagePath=\SystemRoot\System32\Drivers\avg7core.sys - this reference has been left in place
----------
Key=Avg7RsW
ImagePath=\SystemRoot\System32\Drivers\avg7rsw.sys - this reference has been left in place
----------
Key=Avg7RsXP
ImagePath=\SystemRoot\System32\Drivers\avg7rsxp.sys - this reference has been left in place
----------
Key=Avg7UpdSvc
ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - this reference has been left in place
----------
Key=AvgAsCln
ImagePath=System32\DRIVERS\AvgAsCln.sys - this reference has been left in place
----------
Key=AvgClean
ImagePath=\SystemRoot\system32\drivers\avgclean.sys - this reference has been left in place
----------
Key=BthEnum
ImagePath=system32\DRIVERS\BthEnum.sys - this reference has been left in place
----------
Key=BthPan
ImagePath=system32\DRIVERS\bthpan.sys - this reference has been left in place
----------
Key=BTHPORT
ImagePath=System32\Drivers\BTHport.sys - this reference has been left in place
----------
Key=BTHUSB
ImagePath=System32\Drivers\BTHUSB.sys - this reference has been left in place
----------
Key=CCDECODE
ImagePath=system32\DRIVERS\CCDECODE.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=Disk
ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=ehRecvr
ImagePath=C:\WINDOWS\eHome\ehRecvr.exe - this reference has been left in place
----------
Key=ehSched
ImagePath=C:\WINDOWS\eHome\ehSched.exe - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=FETNDIS
ImagePath=system32\DRIVERS\fetnd5.sys - this reference has been left in place
----------
Key=Flpydisk
ImagePath=system32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
----------
Key=Ftdisk
ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=Gpc
ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HCF_MSFT
ImagePath=system32\DRIVERS\HCF_MSFT.sys - this reference has been left in place
----------
Key=HidUsb
ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=Imapi
ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
----------
Key=InCDFs
ImagePath=system32\drivers\InCDFs.sys - this reference has been left in place [file not found to scan]
----------
Key=InCDPass
ImagePath=system32\drivers\InCDPass.sys - this reference has been left in place [file not found to scan]
----------
Key=InCDRm
ImagePath=system32\drivers\InCDRm.sys - this reference has been left in place [file not found to scan]
----------
Key=Ip6Fw
ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=IPSec
ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kbdhid
ImagePath=system32\DRIVERS\kbdhid.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=MarvinBus
ImagePath=system32\DRIVERS\MarvinBus.sys - this reference has been left in place
----------
Key=MHNDRV
ImagePath=system32\DRIVERS\mhndrv.sys - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=MSDV
ImagePath=system32\DRIVERS\msdv.sys - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Services registry keys scan stoppped at user request.
The VxD Entries were not scanned.
The Winlogon\Notify DLLs were not scanned.
The ContextMenuHandlers were not scanned.
The Browser Helper Objects were not scanned.
The Global Startup Group was not scanned.
The User Startup Groups were not scanned.
The Scheduled Tasks were not scanned.
Downloaded Program Files were not scanned.
Running Processes were not scanned.
The Windows Services file was not checked.
The AUTOEXEC files were not checked.
The HOSTS file was not checked.
The check on Explorer.exe was not carried out.
Internet Explorer settings were not checked.

**************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 01/08/2007 16.07.36
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.1.2477. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 01/08/2007 16.03.35
Using Database v6836
Operating System: Windows XP Media Center Edition Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\Francesco\Dati applicazioni\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Francesco\Documenti\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Spyware

**************************************************

Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

**************************************************
16.03.35: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

**************************************************
16.03.35: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

**************************************************
16.03.35: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
16.03.35: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = ehTray
Value Data = C:\WINDOWS\ehome\ehtray.exe - this command has been left in place
--------------------
Value Name = SoundMan
Value Data = SOUNDMAN.EXE - this command has been left in place
--------------------
Value Name = EPSON Stylus Photo R240 Series
Value Data = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S8F.tmp" /EF "HKLM - this command has been left in place
--------------------
Value Name = NWEReboot
The Value Data for this entry appears to be blank
--------------------
Value Name = !AVG Anti-Spyware
Value Data = F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized - this command has been left in place
--------------------
Value Name = BluetoothAuthenticationAgent
Value Data = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent - this command has been left in place
--------------------
Value Name = Motive SmartBridge
Value Data = C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe - this command has been left in place
--------------------
Value Name = QuickTime Task
Value Data = C:\Programmi\QuickTime\qttask.exe" -atboottime - this command has been left in place
--------------------
Value Name = PinnacleDriverCheck
Value Data = C:\WINDOWS\system32\\PSDrvCheck.exe - this command has been left in place
--------------------
Value Name = USB2Check
Value Data = RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController - this command has been left in place
--------------------
Value Name = USBToolTip
Value Data = C:\Programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe - this command has been left in place
--------------------
Value Name = EPSON Stylus Photo R240 Series (Copia 1)
Value Data = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S138.tmp" /EF "HKLM - this command has been left in place
--------------------
Value Name = netlkhxe
c:\windows\system32\netlkhxe.exe appears to be in-use/locked - scanning skipped.
Value Data = c:\windows\system32\netlkhxe.exe - this command has been left in place
--------------------
Windows Registry scan stopped at user request.
The ShellExecuteHooks were not scanned.
Hidden Registry Entries were not scanned for.
The ScreenSaver was not checked.
The Windows Registry Active Setup keys were not scanned.
The ServiceDLLs registry keys were not scanned.
The Services registry keys were not scanned.
The VxD Entries were not scanned.
The Winlogon\Notify DLLs were not scanned.
The ContextMenuHandlers were not scanned.
The Browser Helper Objects were not scanned.
The Global Startup Group was not scanned.
The User Startup Groups were not scanned.
The Scheduled Tasks were not scanned.
Downloaded Program Files were not scanned.
Running Processes were not scanned.
The Windows Services file was not checked.
The AUTOEXEC files were not checked.
The HOSTS file was not checked.
The check on Explorer.exe was not carried out.
Internet Explorer settings were not checked.

**************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 01/08/2007 16.06.11
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.1.2477. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 01/08/2007 15.59.06
Using Database v6836
Operating System: Windows XP Media Center Edition Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\Francesco\Dati applicazioni\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Francesco\Documenti\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Spyware

**************************************************

Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

**************************************************
15.59.06: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

**************************************************
15.59.06: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

**************************************************
15.59.06: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
15.59.07: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = ehTray
Value Data = C:\WINDOWS\ehome\ehtray.exe - this command has been left in place
--------------------
Value Name = SoundMan
Value Data = SOUNDMAN.EXE - this command has been left in place
--------------------
Value Name = EPSON Stylus Photo R240 Series
Value Data = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S8F.tmp" /EF "HKLM - this command has been left in place
--------------------
Value Name = NWEReboot
The Value Data for this entry appears to be blank
--------------------
Value Name = !AVG Anti-Spyware
Value Data = F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized - this command has been left in place
--------------------
Value Name = BluetoothAuthenticationAgent
Value Data = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent - this command has been left in place
--------------------
Value Name = Motive SmartBridge
Value Data = C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe - this command has been left in place
--------------------
Value Name = QuickTime Task
Value Data = C:\Programmi\QuickTime\qttask.exe" -atboottime - this command has been left in place
--------------------
Value Name = PinnacleDriverCheck
Value Data = C:\WINDOWS\system32\\PSDrvCheck.exe - this command has been left in place
--------------------
Value Name = USB2Check
Value Data = RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController - this command has been left in place
--------------------
Value Name = USBToolTip
Value Data = C:\Programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe - this command has been left in place
--------------------
Value Name = EPSON Stylus Photo R240 Series (Copia 1)
Value Data = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S138.tmp" /EF "HKLM - this command has been left in place
--------------------
Value Name = netlkhxe
c:\windows\system32\netlkhxe.exe appears to be in-use/locked - scanning skipped.
Value Data = c:\windows\system32\netlkhxe.exe - this command has been left in place
--------------------
Value Name = Adobe Photo Downloader
Value Data = C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe - this command has been left in place
--------------------
Value Name = Adobe Reader Speed Launcher
Value Data = C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe - this command has been left in place
--------------------
Value Name = NeroFilterCheck
Value Data = C:\WINDOWS\system32\NeroCheck.exe - this command has been left in place
--------------------
Value Name = AVG7_CC
Value Data = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = f:\Programmi\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = CTFMON.EXE
Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
Value Name = MSMSGS
Value Data = C:\Programmi\Messenger\msmsgs.exe" /background - this command has been left in place
--------------------
Value Name = swg
Value Data = C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - this command has been left in place
--------------------
Value Name =
The Value Data for this entry appears to be blank
--------------------
Value Name = StartCCC
Value Data = C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - this command has been left in place
--------------------
Value Name = ccleaner
Value Data = C:\Programmi\CCleaner\ccleaner.exe" /AUTO - this command has been left in place
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

**************************************************
15.59.54: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - this ShellExecuteHook has been left in place
----------

**************************************************
15.59.54: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
15.59.54: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

**************************************************
15.59.54: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Programmi\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Programmi\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

**************************************************
15.59.55: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=BthServ
ServiceDLL=%SystemRoot%\System32\bthserv.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this reference has been left in place
--------------------
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=MHN
ServiceDLL=%SystemRoot%\System32\mhn.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RemoteRegistry
ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\system32\mspmsnsv.dll - this reference has been left in place
--------------------
Key=Wmi
ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
--------------------
Key=xmlprov
ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

**************************************************
16.00.00: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=61883
ImagePath=system32\DRIVERS\61883.sys - this reference has been left in place
----------
Key=a2free
ImagePath=f:\Programmi\a-squared Free\a2service.exe - this reference has been left in place
----------
Key=ACPI
ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALCXSENS
ImagePath=system32\drivers\ALCXSENS.SYS - this reference has been left in place
----------
Key=ALCXWDM
ImagePath=system32\drivers\ALCXWDM.SYS - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=AmdK7
ImagePath=system32\DRIVERS\amdk7.sys - this reference has been left in place
----------
Key=ASAPIW2K
ImagePath=System32\Drivers\ASAPIW2K.sys - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Ati HotKey Poller
ImagePath=%SystemRoot%\system32\Ati2evxx.exe - this reference has been left in place
----------
Key=ATI Smart
ImagePath=C:\WINDOWS\system32\ati2sgag.exe - this reference has been left in place [file not found to scan]
----------
Key=ati2mtag
ImagePath=system32\DRIVERS\ati2mtag.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=Avc
ImagePath=system32\DRIVERS\avc.sys - this reference has been left in place
----------
Key=AVG Anti-Spyware Driver
ImagePath=\??\F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys - this reference has been left in place
----------
Key=AVG Anti-Spyware Guard
ImagePath=F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe - this reference has been left in place
----------
Key=Avg7Alrt
ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - this reference has been left in place
----------
Key=Avg7Core
ImagePath=\SystemRoot\System32\Drivers\avg7core.sys - this reference has been left in place
----------
Key=Avg7RsW
ImagePath=\SystemRoot\System32\Drivers\avg7rsw.sys - this reference has been left in place
----------
Key=Avg7RsXP
ImagePath=\SystemRoot\System32\Drivers\avg7rsxp.sys - this reference has been left in place
----------
Key=Avg7UpdSvc
ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - this reference has been left in place
----------
Key=AvgAsCln
ImagePath=System32\DRIVERS\AvgAsCln.sys - this reference has been left in place
----------
Key=AvgClean
ImagePath=\SystemRoot\system32\drivers\avgclean.sys - this reference has been left in place
----------
Key=BthEnum
ImagePath=system32\DRIVERS\BthEnum.sys - this reference has been left in place
----------
Key=BthPan
ImagePath=system32\DRIVERS\bthpan.sys - this reference has been left in place
----------
Key=BTHPORT
ImagePath=System32\Drivers\BTHport.sys - this reference has been left in place
----------
Key=BTHUSB
ImagePath=System32\Drivers\BTHUSB.sys - this reference has been left in place
----------
Key=CCDECODE
ImagePath=system32\DRIVERS\CCDECODE.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=Disk
ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=ehRecvr
ImagePath=C:\WINDOWS\eHome\ehRecvr.exe - this reference has been left in place
----------
Key=ehSched
ImagePath=C:\WINDOWS\eHome\ehSched.exe - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=FETNDIS
ImagePath=system32\DRIVERS\fetnd5.sys - this reference has been left in place
----------
Key=Flpydisk
ImagePath=system32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
----------
Key=Ftdisk
ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=Gpc
ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HCF_MSFT
ImagePath=system32\DRIVERS\HCF_MSFT.sys - this reference has been left in place
----------
Key=HidUsb
ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=Imapi
ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
----------
Key=InCDFs
ImagePath=system32\drivers\InCDFs.sys - this reference has been left in place [file not found to scan]
----------
Key=InCDPass
ImagePath=system32\drivers\InCDPass.sys - this reference has been left in place [file not found to scan]
----------
Key=InCDRm
ImagePath=system32\drivers\InCDRm.sys - this reference has been left in place [file not found to scan]
----------
Key=Ip6Fw
ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=IPSec
ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kbdhid
ImagePath=system32\DRIVERS\kbdhid.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=MarvinBus
ImagePath=system32\DRIVERS\MarvinBus.sys - this reference has been left in place
----------
Key=MHNDRV
ImagePath=system32\DRIVERS\mhndrv.sys - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=MSDV
ImagePath=system32\DRIVERS\msdv.sys - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=NABTSFEC
ImagePath=system32\DRIVERS\NABTSFEC.sys - this reference has been left in place
----------
Key=NdisIP
ImagePath=system32\DRIVERS\NdisIP.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=odserv
ImagePath="C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE" - this reference has been left in place
----------
Key=ose
ImagePath="C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
----------
Key=Parport
ImagePath=system32\DRIVERS\parport.sys - this reference has been left in place
----------
Key=PCI
ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=PCLEPCI
ImagePath=\??\C:\WINDOWS\system32\drivers\pclepci.sys - this reference has been left in place
----------
Key=PinnacleMarvinUsb
ImagePath=system32\DRIVERS\MarvinUsb.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=system32\DRIVERS\rdpdr.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=RFCOMM
ImagePath=system32\DRIVERS\rfcomm.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=Secdrv
ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=serenum
ImagePath=system32\DRIVERS\serenum.sys - this reference has been left in place
----------
Key=Serial
ImagePath=system32\DRIVERS\serial.sys - this reference has been left in place
----------
Key=SLIP
ImagePath=system32\DRIVERS\SLIP.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sr
ImagePath=\SystemRoot\system32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=streamip
ImagePath=system32\DRIVERS\StreamIP.sys - this reference has been left in place
----------
Key=SVKP
ImagePath=\??\C:\WINDOWS\system32\SVKP.sys - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{9BFA2C13-1B20-4955-8FB8-4847DD9F3340} - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=TlntSvr
ImagePath=C:\WINDOWS\system32\tlntsvr.exe - this reference has been left in place
----------
Key=uagp35
ImagePath=system32\DRIVERS\uagp35.sys - this reference has been left in place
----------
Key=UMWdf
ImagePath=C:\WINDOWS\system32\wdfmgr.exe - this reference has been left in place
----------
Key=Update
ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=ViaIde
ImagePath=system32\DRIVERS\viaide.sys - this reference has been left in place
----------
Key=viasraid
ImagePath=system32\DRIVERS\viasraid.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WSTCODEC
ImagePath=system32\DRIVERS\WSTCODEC.SYS - this reference has been left in place
----------

**************************************************
16.02.41: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
VxD Key = JAVASUP
JAVASUP.VXD - this entry has been left in place
----------
----------
Checking VMM32 VxD files being loaded

**************************************************
16.02.41: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=AtiExtEvent
DLLName=Ati2evxx.dll - this reference has been left in place
----------
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

**************************************************
16.02.42: Scanning ----- CONTEXTMENUHANDLERS -----
Key = AVG Anti-Spyware
CLSID = {8934FCEF-F5B8-468f-951F-78A921CD3920}
F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll - this ContextMenuHandler has been left in place
----------
Key = AVG7 Shell Extension
CLSID = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
C:\Programmi\Grisoft\AVG7\avgse.dll - this ContextMenuHandler has been left in place
----------
Key = MagicISO
CLSID = {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
C:\Programmi\MagicISO\misosh.dll - this ContextMenuHandler has been left in place
----------
Key = Offline Files
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
f:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = WinRAR
CLSID = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Programmi\WinRAR\rarext.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
F:\Programmi\Nero BackItUp\NBShell.dll - this ContextMenuHandler has been left in place
----------

**************************************************
16.02.42: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {7D4D6379-F301-4311-BEBA-E26EB0561882}
C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

**************************************************
16.02.43: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {02478D38-C3F9-4EFB-9B51-7695ECA05670}
C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll - this Browser Helper Object has been left in place
----------
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
----------
Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
c:\programmi\google\googletoolbar1.dll - this Browser Helper Object has been left in place
----------
Key = {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - this Browser Helper Object has been left in place
----------

**************************************************
16.02.43: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
CLSID = {7849596a-48ea-486e-8937-a2a3009f31a9}
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
CLSID = {fbeb8a05-beee-4442-804e-409d6c4515e9}
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
CLSID = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
%SystemRoot%\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
CLSID = {35CEC8A3-2BE6-11D2-8773-92E220524153}
C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
----------

**************************************************
16.02.43: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Precaricatore Browseui
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Daemon di cache delle categorie di componenti
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

**************************************************
16.02.43: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
16.02.43: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

**************************************************
16.02.43: Scanning ----- SECURITY PROVIDER DLLS -----
msapsspc.dll - this entry has been left in place
----------
schannel.dll - this entry has been left in place
----------
digest.dll - this entry has been left in place
----------
msnsspc.dll - this entry has been left in place
----------

**************************************************
16.02.44: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
The Common Startup Group attempts to load the following file(s) at boot time:
Alice ti aiuta.lnk - this links to C:\Programmi\Alice ti aiuta\bin\matcli.exe and has been left in place
--------------------
desktop.ini - this file is expected and has been left in place
--------------------

**************************************************
No User Startup Groups were located to check

**************************************************
16.02.44: Scanning ----- SCHEDULED TASKS -----

**************************************************
16.02.44: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------

**************************************************
16.02.44: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.exe - this file has been left in place
C:\WINDOWS\Downloaded Program Files\isusweb.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\swflash.inf - this file has been left in place

**************************************************
16.02.45: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
--------------------
C:\WINDOWS\eHome\ehRecvr.exe
--------------------
C:\WINDOWS\eHome\ehSched.exe
--------------------
C:\WINDOWS\ehome\ehtray.exe
--------------------
C:\WINDOWS\SOUNDMAN.EXE
--------------------
F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
--------------------
C:\WINDOWS\system32\rundll32.exe
--------------------
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
--------------------
C:\Programmi\QuickTime\qttask.exe
--------------------
C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
--------------------
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Programmi\Messenger\msmsgs.exe
--------------------
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
--------------------
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
--------------------
C:\WINDOWS\system32\dllhost.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\eHome\ehmsas.exe
--------------------
f:\Programmi\a-squared Free\a2service.exe
--------------------
C:\Documents and Settings\Francesco\Dati applicazioni\Simply Super Software\Trojan Remover\ovp10.exe
FileSize: 1.876.544
[This is a Trojan Remover component]
--------------------

**************************************************
16.02.49: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

**************************************************
16.02.49: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

**************************************************
16.02.49: Checking HOSTS file
No malicious entries were found in the HOSTS file

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.ansa.it/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.google.com

**************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 01/08/2007 16.02.49
************************************************************

Vi chiedo di essere comprensivi e di spiegarmi i vari passaggi in modo elementare ATTENDO una mano disperatamente

NON VOGLIO FORMATTARE, voglio fare solo editing.
crifed è offline   Rispondi citando il messaggio o parte di esso
Old 01-08-2007, 19:52   #10
juninho85
Bannato
 
L'Avatar di juninho85
 
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
Quote:
Originariamente inviato da crifed Guarda i messaggi
mi puoi spiegare in modo più semplice come fare? comunque ti ringrazio anticipatamente per l'ottimo consiglio.
metti la spunta affianco a quelle voci poi selezioni "fix selected items".
comunque fai analizzare questo file:
Quote:
C:\WINDOWS\system32\shmgrate.exe
qui
juninho85 è offline   Rispondi citando il messaggio o parte di esso
Old 02-08-2007, 07:51   #11
crifed
Member
 
Iscritto dal: May 2007
Messaggi: 61
caro amico amico dove lo vado a pizzicare questo file per poi spuntarlo, anzi fixarlo? e ce vò nu poco e pacienza cu mme. Ciao e grazie sempre se risolvo il problema ti pago un caffè.
crifed è offline   Rispondi citando il messaggio o parte di esso
Old 02-08-2007, 09:42   #12
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
prendi l'elemento, all'inizio della riga c'è una caselliuna ci clikki affinchè ci venga un segno di sputa e premi fix checked
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 02-08-2007, 12:22   #13
crifed
Member
 
Iscritto dal: May 2007
Messaggi: 61
OK per la casellina ma non ho capito come arrivarci, se tramite regedit, esplora risorse o cos'altro.
crifed è offline   Rispondi citando il messaggio o parte di esso
Old 02-08-2007, 12:30   #14
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
Quote:
Originariamente inviato da crifed Guarda i messaggi
OK per la casellina ma non ho capito come arrivarci, se tramite regedit, esplora risorse o cos'altro.
da hijackthis, clikkando sul secondo pulsante
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 02-08-2007, 13:17   #15
crifed
Member
 
Iscritto dal: May 2007
Messaggi: 61
Forse siamo ad una svolta, ho eseguito tutto alla lettera, finalmente mi dirai e mi sembra che me ne sono liberato posto questo File Log con HijackThis dagli uno sguardo e dimmi se noti ancora qualcosa di strano.





Logfile of HijackThis v1.99.1
Scan saved at 14.18.59, on 02/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
f:\Programmi\a-squared Free\a2service.exe
F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehRecvr.exe
F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system32\services.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
E:\eMule\emule.exe
C:\Documents and Settings\Francesco\Documenti\Gli Indispensabili\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ansa.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S8F.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S138.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrojanScanner] f:\Programmi\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4634FAE5-0C8F-4CC4-984E-10B4A0D41F95}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - f:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
Ultima modifica di crifed : 02-08-2007 alle 13:24. Motivo: inserimento cartella controllo HijackThis
crifed è offline   Rispondi citando il messaggio o parte di esso
Old 02-08-2007, 13:21   #16
lancetta
Senior Member
 
L'Avatar di lancetta
 
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
bè per "na tazzulella è cafè" questo ed anche altro facciamola ancora più semplice:apri hijackthis e nella schermata clicchi su "do a system scan only" nella schermata che si apre hai tutto il log del programma con le voci e delle caselline a fianco ogni voce,clicchi sulla casellina in corrispondenza della voce da fixare mettendo così la spunta e dopodichè clicchi su "fix cheked"....hai appena fixato la voce...più semplice di così.....

Edit: preceduto,meglio così
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
lancetta è offline   Rispondi citando il messaggio o parte di esso
Old 02-08-2007, 13:30   #17
crifed
Member
 
Iscritto dal: May 2007
Messaggi: 61
Salve Lancetta, dammi anche tu un parere su questo Log noti intrsusi? Siete stati molto professionali con i vostri consigli, perdonate la mia ignoranza.
Fammi sapere
crifed è offline   Rispondi citando il messaggio o parte di esso
Old 02-08-2007, 13:38   #18
lancetta
Senior Member
 
L'Avatar di lancetta
 
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
sembra pulito..come và il pc ora?
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
lancetta è offline   Rispondi citando il messaggio o parte di esso
Old 02-08-2007, 14:03   #19
crifed
Member
 
Iscritto dal: May 2007
Messaggi: 61
La connessione con ALICE ora mi sembra stabile, sono fiducioso verificherò e ti farò sapere. Grazieeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
crifed è offline   Rispondi citando il messaggio o parte di esso
Old 02-08-2007, 15:36   #20
lancetta
Senior Member
 
L'Avatar di lancetta
 
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
che grazie! ci devi un paio di caffè

"và buono"......ciao
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
lancetta è offline   Rispondi citando il messaggio o parte di esso
 Rispondi

« Discussione precedente | Discussione successiva »

HONOR Magic V5: il pieghevole ultra sottile e completo! La recensione HONOR Magic V5: il pieghevole ultra sottile e co...
Recensione Google Pixel 10 Pro XL: uno zoom 100x assurdo sempre in tasca (e molto altro) Recensione Google Pixel 10 Pro XL: uno zoom 100x...
Lenovo IdeaPad Slim 3: un notebook Snapdragon X economico Lenovo IdeaPad Slim 3: un notebook Snapdragon X ...
Recensione OnePlus Watch 3 43mm: lo smartwatch che mancava per i polsi più piccoli Recensione OnePlus Watch 3 43mm: lo smartwatch c...
BOOX Note Air4 C è uno spettacolo: il tablet E Ink con Android per lettura e scrittura BOOX Note Air4 C è uno spettacolo: il tab...
Roscosmos: RSC Energia smentisce la cris...
Da 309€ a 549€, fino a 32GB di RAM: ecco...
Beats mai così convenienti: sconti fino ...
Da 27,78€ a 56,99€: 5 accessori indispen...
3 minuti: è il tempo per vedere l...
Gli Amazfit sono ora gli smartwatch più ...
Rowenta alza la posta: scopa elettrica s...
6 robot per le pulizie completi in offer...
Friggitrice ad aria Cecofry Full InoxBla...
iPhone 16 Pro Max a 10€ in più del minim...
Una chiavetta USB, ma SanDisk Ultra Slid...
La bolla dell'AI: perché l'econom...
Lo smartphone dovrebbe essere usato solo...
SpaceX: i video e le foto dello spettaco...
Anche a Pescara si passa ai fatti: e-bik...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi
Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 00:03.

Contattaci - Hardware Upgrade - Archivio - Note sulla Privacy - Su

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Served by www3v