|
|||||||
|
|
|
 |
|
|
Strumenti |
08-01-2008, 01:25
|
#21 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3254
|
Quote:
 la spunta sulla prima và levata, ed il resto lasciato di default
__________________
Opera disabilitazione script ed iframe  Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
08-01-2008, 13:29
|
#22 | |
|
Member
Iscritto dal: May 2005
Messaggi: 90
|
Quote:
@Riverside: ho seguito tutta la procedura la procedura. Esito: --il log di asquared: Codice:
a-squared Free - Version 3.1 Last update: 03/01/2008 13.03.58 Impostazioni scansione: Oggetti: Memoria, Tracce, Cookies, C:\, D:\, G:\, H:\, J:\ Archivio scansioni: On Scientifico: On ADS Scan: On Scansione avviata: 08/01/2008 0.08.10 C:\Documents and Settings\Carlo\Cookies\carlo@atdmt[2].txt rilevati: Trace.TrackingCookie C:\Documents and Settings\Carlo\Cookies\carlo@media.adrevolver[1].txt rilevati: Trace.TrackingCookie C:\Documents and Settings\Carlo\Cookies\carlo@mediaplex[1].txt rilevati: Trace.TrackingCookie C:\Documents and Settings\Carlo\Cookies\carlo@tradedoubler[1].txt rilevati: Trace.TrackingCookie J:\strumenti diagnostica pc\MSNFix.zip/Process.exe rilevati: Riskware.RiskTool.Win32.Processor.20 Scansionati Files: 841621 Tracce: 346618 Cookies: 652 Processi: 50 Rilevato Files: 1 Tracce: 0 Cookies: 4 Processi: 0 Chiavi registro: 0 Fine scansione: 08/01/2008 6.31.58 Tempo scansione: 6:23:48 posto anche il log sempre di a-squared relativo ai files che avevo già prima (quelli che citavo in un post sopra) messo in quarantena: Codice:
a-squared Free - Version 3.1
Last update: 03/01/2008 13.03.58
Impostazioni scansione:
Oggetti: Memoria, Tracce, Cookies, C:\, D:\, G:\, H:\, J:\
Archivio scansioni: On
Scientifico: On
ADS Scan: On
Scansione avviata: 03/01/2008 13.04.17
c:\programmi\ac3filter rilevati: Trace.Directory.AC3Filter
c:\programmi\ac3filter\pic rilevati: Trace.Directory.AC3Filter
c:\documents and settings\carlo\menu avvio\programmi\ac3filter rilevati: Trace.Directory.AC3Filter
c:\programmi\ac3filter\_readme.txt rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\ac3filter.ax rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\ac3filter_eng.html rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\ac3filter_ita.html rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\ac3filter_rus.html rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\dialog_patch.exe rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\gpl_eng.txt rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\gpl_rus.txt rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\pic\email.gif rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\pic\equalizer.gif rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\pic\filters.gif rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\pic\flag_eng.gif rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\pic\flag_ita.gif rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\pic\flag_rus.gif rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\pic\main.gif rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\pic\mixer.gif rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\pic\preset.gif rilevati: Trace.File.AC3Filter
c:\programmi\ac3filter\pic\system.gif rilevati: Trace.File.AC3Filter
c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter config.lnk rilevati: Trace.File.AC3Filter
c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter help (english).lnk rilevati: Trace.File.AC3Filter
c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter help (italian).lnk rilevati: Trace.File.AC3Filter
c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter help (russian).lnk rilevati: Trace.File.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> CLSID rilevati: Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FilterData rilevati: Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FriendlyName rilevati: Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{8643B615-6A76-4060-8A29-C2C6BDF5D70F}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{F0B801B1-A239-473B-B6B4-6AE3DB3ABBD3}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{FBA5FB05-58C3-45CB-8B0D-C2313EA048CF}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> auto_gain rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> auto_matrix rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> bass_redir rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> clev rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> clev_lock rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> dynrng rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> dynrng_power rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> expand_stereo rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> lfelev rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> lfelev_lock rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> master rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> normalize rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> normalize_matrix rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> slev rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> slev_lock rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> voice_control rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> auto_gain rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> auto_matrix rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> bass_redir rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> clev rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> clev_lock rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> dynrng rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> dynrng_power rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> expand_stereo rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> lfelev rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> lfelev_lock rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> master rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> normalize rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> normalize_matrix rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> slev rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> slev_lock rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> voice_control rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> auto_gain rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> auto_matrix rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> bass_redir rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> clev rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> clev_lock rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> dynrng rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> dynrng_power rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> expand_stereo rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> lfelev rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> lfelev_lock rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> master rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> normalize rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> normalize_matrix rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> slev rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> slev_lock rilevati: Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> voice_control rilevati: Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> CLSID rilevati: Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FilterData rilevati: Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FriendlyName rilevati: Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8643B615-6A76-4060-8A29-C2C6BDF5D70F}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0B801B1-A239-473B-B6B4-6AE3DB3ABBD3}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA5FB05-58C3-45CB-8B0D-C2313EA048CF}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AC3Filter --> DisplayName rilevati: Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AC3Filter --> UninstallString rilevati: Trace.Registry.AC3Filter
C:\Documents and Settings\Carlo\Cookies\carlo@atdmt[2].txt rilevati: Trace.TrackingCookie
Scansionati
Files: 834514
Tracce: 346618
Cookies: 512
Processi: 55
Rilevato
Files: 0
Tracce: 93
Cookies: 1
Processi: 0
Chiavi registro: 0
Fine scansione: 03/01/2008 21.29.23
Tempo scansione: 8:25:06
C:\Documents and Settings\Carlo\Cookies\carlo@atdmt[2].txt In quarantena Trace.TrackingCookie
Value: HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> CLSID In quarantena Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FilterData In quarantena Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FriendlyName In quarantena Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{8643B615-6A76-4060-8A29-C2C6BDF5D70F}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{F0B801B1-A239-473B-B6B4-6AE3DB3ABBD3}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter
Value: HKEY_CLASSES_ROOT\CLSID\{FBA5FB05-58C3-45CB-8B0D-C2313EA048CF}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> auto_gain In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> auto_matrix In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> bass_redir In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> clev In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> clev_lock In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> dynrng In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> dynrng_power In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> expand_stereo In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> lfelev In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> lfelev_lock In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> master In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> normalize In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> normalize_matrix In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> slev In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> slev_lock In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> voice_control In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> auto_gain In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> auto_matrix In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> bass_redir In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> clev In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> clev_lock In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> dynrng In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> dynrng_power In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> expand_stereo In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> lfelev In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> lfelev_lock In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> master In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> normalize In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> normalize_matrix In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> slev In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> slev_lock In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> voice_control In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> auto_gain In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> auto_matrix In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> bass_redir In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> clev In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> clev_lock In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> dynrng In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> dynrng_power In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> expand_stereo In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> lfelev In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> lfelev_lock In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> master In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> normalize In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> normalize_matrix In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> slev In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> slev_lock In quarantena Trace.Registry.AC3Filter
Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> voice_control In quarantena Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> CLSID In quarantena Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FilterData In quarantena Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FriendlyName In quarantena Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8643B615-6A76-4060-8A29-C2C6BDF5D70F}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0B801B1-A239-473B-B6B4-6AE3DB3ABBD3}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA5FB05-58C3-45CB-8B0D-C2313EA048CF}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AC3Filter --> DisplayName In quarantena Trace.Registry.AC3Filter
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AC3Filter --> UninstallString In quarantena Trace.Registry.AC3Filter
c:\programmi\ac3filter\_readme.txt In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\ac3filter.ax In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\ac3filter_eng.html In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\ac3filter_ita.html In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\ac3filter_rus.html In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\dialog_patch.exe In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\gpl_eng.txt In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\gpl_rus.txt In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\pic\email.gif In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\pic\equalizer.gif In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\pic\filters.gif In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\pic\flag_eng.gif In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\pic\flag_ita.gif In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\pic\flag_rus.gif In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\pic\main.gif In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\pic\mixer.gif In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\pic\preset.gif In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter\pic\system.gif In quarantena Trace.File.AC3Filter
c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter config.lnk In quarantena Trace.File.AC3Filter
c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter help (english).lnk In quarantena Trace.File.AC3Filter
c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter help (italian).lnk In quarantena Trace.File.AC3Filter
c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter help (russian).lnk In quarantena Trace.File.AC3Filter
c:\programmi\ac3filter In quarantena Trace.Directory.AC3Filter
c:\programmi\ac3filter\pic In quarantena Trace.Directory.AC3Filter
c:\documents and settings\carlo\menu avvio\programmi\ac3filter In quarantena Trace.Directory.AC3Filter
In quarantena
Files: 0
Tracce: 93
Cookies: 1
- fixato con hijackthis l'elemento relativo a linkedIn e riavviato il pc -dopo il riavvio: purtroppo si è "ricaricato" subito anche il Trojan che è stato prontamente intercettato dal Norton  log di HijackThis: Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.05.44, on 08/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
J:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Portrait Displays\PerfectSuite\dtsslsrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\Portrait Displays\PerfectSuite\DTSRVC.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\Mts64Pan.Exe
C:\WINDOWS\System32\DeltTray.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\Portrait Displays\Pivot Software\wpctrl.exe
C:\Programmi\Portrait Displays\PerfectSuite\DTHtml.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Portrait Displays\Pivot Software\floater.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe
J:\strumenti diagnostica pc\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar5.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar5.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mts64Pan] Mts64Pan.Exe
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [PivotSoftware] "C:\Programmi\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT Task] C:\Programmi\Portrait Displays\PerfectSuite\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sottoscrivi con RSS Bandit - C:\Documents and Settings\Carlo\Dati applicazioni\RssBandit\iecontext_subscribebandit.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - J:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Programmi\Portrait Displays\PerfectSuite\dtsslsrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\Portrait Displays\PerfectSuite\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Perfd35 - Portrait Displays, Inc. - (no file)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
--
End of file - 14329 bytes
ma resto fiducioso  grazie ancora
|
|
|
|
|
|
08-01-2008, 13:53
|
#23 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3254
|
Quote:
fixa questo e ricancella la relativa voce in system32 poi nuovo log hijackthis
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
|
08-01-2008, 14:19
|
#24 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3254
|
Edit:
O23 - Service: Perfd35 - Portrait Displays, Inc. - (no file) fixa anche questo e fai scansionare QUI questo file C:\WINDOWS\system32\Mts64Pan.Exe
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
08-01-2008, 15:00
|
#25 | |
|
Member
Iscritto dal: May 2005
Messaggi: 90
|
Quote:
Il nuovo log di hijackthis dopo i fixaggi e l'eliminazione del file nella cartella system 32 è questo: Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.57.14, on 08/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
J:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Portrait Displays\PerfectSuite\dtsslsrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\Portrait Displays\PerfectSuite\DTSRVC.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\Mts64Pan.Exe
C:\WINDOWS\System32\DeltTray.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\Portrait Displays\Pivot Software\wpctrl.exe
C:\Programmi\Portrait Displays\PerfectSuite\DTHtml.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Portrait Displays\Pivot Software\floater.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows NT\Accessori\WORDPAD.EXE
C:\Programmi\Windows NT\Accessori\WORDPAD.EXE
C:\Programmi\Windows NT\Accessori\wordpad.exe
C:\Programmi\Internet Explorer\iexplore.exe
J:\strumenti diagnostica pc\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar5.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar5.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mts64Pan] Mts64Pan.Exe
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [PivotSoftware] "C:\Programmi\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT Task] C:\Programmi\Portrait Displays\PerfectSuite\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sottoscrivi con RSS Bandit - C:\Documents and Settings\Carlo\Dati applicazioni\RssBandit\iecontext_subscribebandit.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - J:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Programmi\Portrait Displays\PerfectSuite\dtsslsrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\Portrait Displays\PerfectSuite\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Perfd35 - Portrait Displays, Inc. - (no file)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
--
End of file - 14492 bytes
EDIT: -ho notato che la voce "O23 - Service: Perfd35 - Portrait Displays, Inc. - (no file)" non l'ha rimossa anche dopo il fixaggio. - Il trojan si è ripresentato
Ultima modifica di Etex : 08-01-2008 alle 15:05. |
|
|
|
|
|
08-01-2008, 15:28
|
#26 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3254
|
scarica Superantispyware aggiornalo e fagli fare una "Perform complete scan" da "scan your computer"
fammi sapere cosa trova
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
08-01-2008, 16:19
|
#27 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
C:\WINDOWS\system32\Mts64Pan.Exe su VirusTotal è risultata pulita ?
__________________
Try again and you will be luckier.
|
|
|
|
|
08-01-2008, 16:21
|
#28 | |
|
Bannato
Iscritto dal: Oct 2007
Città: Palermo
Messaggi: 4623
|
Quote:
|
|
|
|
|
|
08-01-2008, 16:26
|
#29 | |
|
Member
Iscritto dal: May 2005
Messaggi: 90
|
Quote:
In genere i files Mts64Pan sono legati alla mia vecchia scheda midi che uso ancora, una miditerminal, e in effetti da anni ho una Miditerminal console che mi parte in avvio con il pc. L'ho scansionata xchè non si sa mai che fosse stata infettata ma la scansione su virustotal mi ha dato esito pulito. Superantispyware sta andando avanti ma fin'ora ha trovato solo dei tracking cookies questo trojan sembra veramente ostico
|
|
|
|
|
|
08-01-2008, 16:35
|
#30 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Clicca su Start - Esegui - digita Regedit e naviga fino alla seguente chiave di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ricontrolla nel pannello di dx la presenza del seguente valore: "load" = "[PATH TO DROPPED FILE]"
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 08-01-2008 alle 16:37. |
|
|
|
|
08-01-2008, 17:32
|
#31 | ||
|
Member
Iscritto dal: May 2005
Messaggi: 90
|
Quote:
Nel mentre sono stato chiamato in riunione e al mio ritorno ho trovato il pc riavviato; ho un vuoto, non ricordo se è stato superantispyware a chiedermi di un reboot oppure no. Sono proprio cotto  EDIT: il log di superantispyware: Codice:
SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/08/2008 at 05:30 PM Application Version : 3.9.1008 Core Rules Database Version : 3376 Trace Rules Database Version: 1370 Scan type : Complete Scan Total Scan Time : 00:53:18 Memory items scanned : 593 Memory threats detected : 0 Registry items scanned : 9007 Registry threats detected : 0 File items scanned : 53259 File threats detected : 94 Adware.Tracking Cookie C:\Documents and Settings\Carlo\Cookies\carlo@overture[6].txt C:\Documents and Settings\Carlo\Cookies\carlo@atdmt[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@revsci[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@adopt.euroclick[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[9].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[8].txt C:\Documents and Settings\Carlo\Cookies\carlo@tradedoubler[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@mediaplex[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[9].txt C:\Documents and Settings\Carlo\Cookies\carlo@bluestreak[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[8].txt C:\Documents and Settings\Carlo\Cookies\carlo@3.adbrite[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.uk.tangozebra[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.uk.tangozebra[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.yieldmanager[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.yieldmanager[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.yieldmanager[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[6].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[7].txt C:\Documents and Settings\Carlo\Cookies\carlo@adbrite[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@adbrite[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@adbrite[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@adopt.euroclick[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@adopt.euroclick[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@adopt.euroclick[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@adopt.euroclick[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@ads.adbrite[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ads.cinemode[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ads.foolix[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ads.nntp[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ads.nntp[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ads.techguy[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@adv.ilbanner[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@advertstream[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@clickaider[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@clickaider[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@domus.adbureau[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@eas.apm.emediate[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ehg-tfl.hitbox[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ehg-warnerbrothers.hitbox[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[6].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[7].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[8].txt C:\Documents and Settings\Carlo\Cookies\carlo@mediaplex[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@msnportal.112.2o7[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@overture[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@overture[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@overture[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@overture[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@overture[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@pornstar.dvdempire[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@rcsmediagroup[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@revsci[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@revsci[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@revsci[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@tacoda[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@tradedoubler[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.burstnet[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.clickpoint[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[6].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[7].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.googleadservices[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.googleadservices[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.googleadservices[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.googleadservices[8].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.googleadservices[9].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.sexyandfunny[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www7.addfreestats[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@xiti[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@xiti[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@xiti[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@xiti[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[6].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[7].txt C:\Documents and Settings\Temp\Cookies\temp@imrworldwide[2].txt Quote:
http://www.zshare.net/image/6312945ed67ecb/ Grazie EDIT: la stessa immagine ritagliata e più leggibile: http://www.zshare.net/image/631306122c9329/ Ultima modifica di Etex : 08-01-2008 alle 17:44. |
||
|
|
|
|
08-01-2008, 18:23
|
#32 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
http://www.prevx.com/freescan.asp
mi alleghi un log di Prevx CSI, thx.
__________________
Try again and you will be luckier.
|
|
|
|
|
08-01-2008, 19:43
|
#33 | |
|
Member
Iscritto dal: May 2005
Messaggi: 90
|
Quote:
il log: http://www.zshare.net/download/63163511b983da/
|
|
|
|
|
|
08-01-2008, 20:00
|
#34 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3254
|
hum...fai analizzare sempre su virus total questi:
C:\Programmi\Portrait Displays\PerfectSuite\WrapI2C.dll C:\Programmi\Portrait Displays\PerfectSuite\nv.dll C:\Programmi\Portrait Displays\PerfectSuite\DTHtml.exe (voglio capire se ci sono eventuali falsi) dopodichè scansione con combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe ed i log
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
08-01-2008, 20:10
|
#35 |
|
Bannato
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
|
Buonasera ai soci ed agli adepti del Girone dei Dannati
 : appena acceso il P.C., mi sono beccato gli aggiornamenti di zio Bill  Ora controllo cosa mi sono perso Edit: alla fine, mi sono perso io  @ Etex, ti chiedo un favore personale: da questo post in avanti, i log che ti verranno richiesti, li alleghi con queste modalità (se non sbaglio te lo avevo già indicato) e, non più, utilizzando il tag Code: ● se il relativo txt generato è al max 20 kb, deve essere allegato alla discussione, utilizzando l'apposita funzione Gestisci Allegati; ● se superiore a 20 kb, hostato su Zshare clicca qui per raggiungere ZShare, pubblicando, nella discussione, il link che verrà rilasciato per il download Ragazzi, potremmo, anche evitare gli, inutili quote kilometrici? diventa complicato seguire la discussione. Grazie. Ultima modifica di Riverside : 08-01-2008 alle 20:30. |
|
|
|
|
08-01-2008, 20:35
|
#36 |
|
Bannato
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
|
@ Etex: quando hai eseguito Combo (come suggerito da Lancetta) oltre al suo log, dopo aver riavviato, allega un nuovo log di Hthis
|
|
|
|
|
08-01-2008, 22:11
|
#37 |
|
Member
Iscritto dal: May 2005
Messaggi: 90
|
eccomi.
Rientro ora. @riverside: non ricordo che mi avessi già indicato la questione allegati ma potrebbe sicuramente essermi sfuggita; in effetti questa ricerca fatta mentre cerco pure di portare avanti il lavoro mi sta un po' "ubriacando" Mi scuso e cercherò di creare meno confusione; grazie ancora per il supporto e la disponibilità @Lancetta: mi appresto ad eseguire Solo un aggiornamento: -alle 18 e rotti, il trojan non si è "presentato" all'appuntamento: il norton non ha intercettato nulla e così anche per tutti gli intervalli successivi. Siamo sulla strada buona? -magari non serve, ma non vi ho mai indicato cartella e files intercettati; se serve, ve li indico. |
|
|
|
|
08-01-2008, 22:15
|
#38 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
|
|
|
|
08-01-2008, 22:19
|
#39 | |
|
Member
Iscritto dal: May 2005
Messaggi: 90
|
Quote:
Codice:
C:\Documents and Settings\Carlo\Impostazioni locali\Temp\Song911.Exe Codice:
C:\Documents and Settings\Carlo\Impostazioni locali\Temporary Internet Files\Content.IE5\SIUG2GXC\NewLoader[1].exe |
|
|
|
|
|
08-01-2008, 22:32
|
#40 | |
|
Member
Iscritto dal: May 2005
Messaggi: 90
|
Quote:
EDIT: ora parto con la scansione di combofix |
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 03:03.
