|
|
|
|
Strumenti |
08-01-2008, 01:25 | #21 |
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3254
|
Infatti socio la spunta sulla prima và levata, ed il resto lasciato di default
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta... |
08-01-2008, 13:29 | #22 | |
Member
Iscritto dal: May 2005
Messaggi: 90
|
Quote:
@Riverside: ho seguito tutta la procedura la procedura. Esito: --il log di asquared: Codice:
a-squared Free - Version 3.1 Last update: 03/01/2008 13.03.58 Impostazioni scansione: Oggetti: Memoria, Tracce, Cookies, C:\, D:\, G:\, H:\, J:\ Archivio scansioni: On Scientifico: On ADS Scan: On Scansione avviata: 08/01/2008 0.08.10 C:\Documents and Settings\Carlo\Cookies\carlo@atdmt[2].txt rilevati: Trace.TrackingCookie C:\Documents and Settings\Carlo\Cookies\carlo@media.adrevolver[1].txt rilevati: Trace.TrackingCookie C:\Documents and Settings\Carlo\Cookies\carlo@mediaplex[1].txt rilevati: Trace.TrackingCookie C:\Documents and Settings\Carlo\Cookies\carlo@tradedoubler[1].txt rilevati: Trace.TrackingCookie J:\strumenti diagnostica pc\MSNFix.zip/Process.exe rilevati: Riskware.RiskTool.Win32.Processor.20 Scansionati Files: 841621 Tracce: 346618 Cookies: 652 Processi: 50 Rilevato Files: 1 Tracce: 0 Cookies: 4 Processi: 0 Chiavi registro: 0 Fine scansione: 08/01/2008 6.31.58 Tempo scansione: 6:23:48 posto anche il log sempre di a-squared relativo ai files che avevo già prima (quelli che citavo in un post sopra) messo in quarantena: Codice:
a-squared Free - Version 3.1 Last update: 03/01/2008 13.03.58 Impostazioni scansione: Oggetti: Memoria, Tracce, Cookies, C:\, D:\, G:\, H:\, J:\ Archivio scansioni: On Scientifico: On ADS Scan: On Scansione avviata: 03/01/2008 13.04.17 c:\programmi\ac3filter rilevati: Trace.Directory.AC3Filter c:\programmi\ac3filter\pic rilevati: Trace.Directory.AC3Filter c:\documents and settings\carlo\menu avvio\programmi\ac3filter rilevati: Trace.Directory.AC3Filter c:\programmi\ac3filter\_readme.txt rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\ac3filter.ax rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\ac3filter_eng.html rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\ac3filter_ita.html rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\ac3filter_rus.html rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\dialog_patch.exe rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\gpl_eng.txt rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\gpl_rus.txt rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\pic\email.gif rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\pic\equalizer.gif rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\pic\filters.gif rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\pic\flag_eng.gif rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\pic\flag_ita.gif rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\pic\flag_rus.gif rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\pic\main.gif rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\pic\mixer.gif rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\pic\preset.gif rilevati: Trace.File.AC3Filter c:\programmi\ac3filter\pic\system.gif rilevati: Trace.File.AC3Filter c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter config.lnk rilevati: Trace.File.AC3Filter c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter help (english).lnk rilevati: Trace.File.AC3Filter c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter help (italian).lnk rilevati: Trace.File.AC3Filter c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter help (russian).lnk rilevati: Trace.File.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> CLSID rilevati: Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FilterData rilevati: Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FriendlyName rilevati: Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{8643B615-6A76-4060-8A29-C2C6BDF5D70F}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{F0B801B1-A239-473B-B6B4-6AE3DB3ABBD3}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{FBA5FB05-58C3-45CB-8B0D-C2313EA048CF}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> auto_gain rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> auto_matrix rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> bass_redir rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> clev rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> clev_lock rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> dynrng rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> dynrng_power rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> expand_stereo rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> lfelev rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> lfelev_lock rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> master rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> normalize rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> normalize_matrix rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> slev rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> slev_lock rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> voice_control rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> auto_gain rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> auto_matrix rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> bass_redir rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> clev rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> clev_lock rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> dynrng rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> dynrng_power rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> expand_stereo rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> lfelev rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> lfelev_lock rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> master rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> normalize rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> normalize_matrix rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> slev rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> slev_lock rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> voice_control rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> auto_gain rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> auto_matrix rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> bass_redir rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> clev rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> clev_lock rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> dynrng rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> dynrng_power rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> expand_stereo rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> lfelev rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> lfelev_lock rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> master rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> normalize rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> normalize_matrix rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> slev rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> slev_lock rilevati: Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> voice_control rilevati: Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> CLSID rilevati: Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FilterData rilevati: Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FriendlyName rilevati: Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8643B615-6A76-4060-8A29-C2C6BDF5D70F}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0B801B1-A239-473B-B6B4-6AE3DB3ABBD3}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA5FB05-58C3-45CB-8B0D-C2313EA048CF}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AC3Filter --> DisplayName rilevati: Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AC3Filter --> UninstallString rilevati: Trace.Registry.AC3Filter C:\Documents and Settings\Carlo\Cookies\carlo@atdmt[2].txt rilevati: Trace.TrackingCookie Scansionati Files: 834514 Tracce: 346618 Cookies: 512 Processi: 55 Rilevato Files: 0 Tracce: 93 Cookies: 1 Processi: 0 Chiavi registro: 0 Fine scansione: 03/01/2008 21.29.23 Tempo scansione: 8:25:06 C:\Documents and Settings\Carlo\Cookies\carlo@atdmt[2].txt In quarantena Trace.TrackingCookie Value: HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> CLSID In quarantena Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FilterData In quarantena Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FriendlyName In quarantena Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{8643B615-6A76-4060-8A29-C2C6BDF5D70F}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{F0B801B1-A239-473B-B6B4-6AE3DB3ABBD3}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter Value: HKEY_CLASSES_ROOT\CLSID\{FBA5FB05-58C3-45CB-8B0D-C2313EA048CF}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> auto_gain In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> auto_matrix In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> bass_redir In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> clev In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> clev_lock In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> dynrng In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> dynrng_power In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> expand_stereo In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> lfelev In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> lfelev_lock In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> master In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> normalize In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> normalize_matrix In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> slev In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> slev_lock In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\LFE boost --> voice_control In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> auto_gain In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> auto_matrix In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> bass_redir In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> clev In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> clev_lock In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> dynrng In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> dynrng_power In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> expand_stereo In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> lfelev In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> lfelev_lock In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> master In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> normalize In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> normalize_matrix In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> slev In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> slev_lock In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\loud --> voice_control In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> auto_gain In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> auto_matrix In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> bass_redir In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> clev In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> clev_lock In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> dynrng In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> dynrng_power In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> expand_stereo In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> lfelev In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> lfelev_lock In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> master In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> normalize In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> normalize_matrix In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> slev In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> slev_lock In quarantena Trace.Registry.AC3Filter Value: HKEY_USERS\S-1-5-21-1409082233-1482476501-839522115-1003\Software\AC3Filter\preset\standard --> voice_control In quarantena Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> CLSID In quarantena Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FilterData In quarantena Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{A753A1EC-973E-4718-AF8E-A3F554D45C44} --> FriendlyName In quarantena Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8643B615-6A76-4060-8A29-C2C6BDF5D70F}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0B801B1-A239-473B-B6B4-6AE3DB3ABBD3}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA5FB05-58C3-45CB-8B0D-C2313EA048CF}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AC3Filter --> DisplayName In quarantena Trace.Registry.AC3Filter Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AC3Filter --> UninstallString In quarantena Trace.Registry.AC3Filter c:\programmi\ac3filter\_readme.txt In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\ac3filter.ax In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\ac3filter_eng.html In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\ac3filter_ita.html In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\ac3filter_rus.html In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\dialog_patch.exe In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\gpl_eng.txt In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\gpl_rus.txt In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\pic\email.gif In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\pic\equalizer.gif In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\pic\filters.gif In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\pic\flag_eng.gif In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\pic\flag_ita.gif In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\pic\flag_rus.gif In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\pic\main.gif In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\pic\mixer.gif In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\pic\preset.gif In quarantena Trace.File.AC3Filter c:\programmi\ac3filter\pic\system.gif In quarantena Trace.File.AC3Filter c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter config.lnk In quarantena Trace.File.AC3Filter c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter help (english).lnk In quarantena Trace.File.AC3Filter c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter help (italian).lnk In quarantena Trace.File.AC3Filter c:\documents and settings\carlo\menu avvio\programmi\ac3filter\ac3filter help (russian).lnk In quarantena Trace.File.AC3Filter c:\programmi\ac3filter In quarantena Trace.Directory.AC3Filter c:\programmi\ac3filter\pic In quarantena Trace.Directory.AC3Filter c:\documents and settings\carlo\menu avvio\programmi\ac3filter In quarantena Trace.Directory.AC3Filter In quarantena Files: 0 Tracce: 93 Cookies: 1 - fixato con hijackthis l'elemento relativo a linkedIn e riavviato il pc -dopo il riavvio: purtroppo si è "ricaricato" subito anche il Trojan che è stato prontamente intercettato dal Norton log di HijackThis: Codice:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14.05.44, on 08/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe J:\Programmi\a-squared Free\a2service.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programmi\Portrait Displays\PerfectSuite\dtsslsrv.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe C:\Programmi\Portrait Displays\PerfectSuite\DTSRVC.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE c:\windows\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\Mts64Pan.Exe C:\WINDOWS\System32\DeltTray.exe C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programmi\Portrait Displays\Pivot Software\wpctrl.exe C:\Programmi\Portrait Displays\PerfectSuite\DTHtml.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\svchost.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\Microsoft IntelliType Pro\type32.exe C:\Programmi\Microsoft IntelliPoint\point32.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\Portrait Displays\Pivot Software\floater.exe C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe J:\strumenti diagnostica pc\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar5.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar5.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Mts64Pan] Mts64Pan.Exe O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [PivotSoftware] "C:\Programmi\Portrait Displays\Pivot Software\wpctrl.exe" O4 - HKLM\..\Run: [DT Task] C:\Programmi\Portrait Displays\PerfectSuite\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ? O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm O8 - Extra context menu item: Sottoscrivi con RSS Bandit - C:\Documents and Settings\Carlo\Dati applicazioni\RssBandit\iecontext_subscribebandit.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - J:\Programmi\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Asset Management Daemon - Unknown owner - C:\Programmi\Portrait Displays\PerfectSuite\dtsslsrv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\Portrait Displays\PerfectSuite\DTSRVC.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Perfd35 - Portrait Displays, Inc. - (no file) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- End of file - 14329 bytes |
|
08-01-2008, 13:53 | #23 | |
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3254
|
Quote:
fixa questo e ricancella la relativa voce in system32 poi nuovo log hijackthis
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta... |
|
08-01-2008, 14:19 | #24 |
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3254
|
Edit:
O23 - Service: Perfd35 - Portrait Displays, Inc. - (no file) fixa anche questo e fai scansionare QUI questo file C:\WINDOWS\system32\Mts64Pan.Exe
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta... |
08-01-2008, 15:00 | #25 | |
Member
Iscritto dal: May 2005
Messaggi: 90
|
Quote:
Il nuovo log di hijackthis dopo i fixaggi e l'eliminazione del file nella cartella system 32 è questo: Codice:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15.57.14, on 08/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe J:\Programmi\a-squared Free\a2service.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programmi\Portrait Displays\PerfectSuite\dtsslsrv.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe C:\Programmi\Portrait Displays\PerfectSuite\DTSRVC.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE c:\windows\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\Mts64Pan.Exe C:\WINDOWS\System32\DeltTray.exe C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programmi\Portrait Displays\Pivot Software\wpctrl.exe C:\Programmi\Portrait Displays\PerfectSuite\DTHtml.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\svchost.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\Microsoft IntelliType Pro\type32.exe C:\Programmi\Microsoft IntelliPoint\point32.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\Portrait Displays\Pivot Software\floater.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programmi\Windows NT\Accessori\WORDPAD.EXE C:\Programmi\Windows NT\Accessori\WORDPAD.EXE C:\Programmi\Windows NT\Accessori\wordpad.exe C:\Programmi\Internet Explorer\iexplore.exe J:\strumenti diagnostica pc\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar5.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar5.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Mts64Pan] Mts64Pan.Exe O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [PivotSoftware] "C:\Programmi\Portrait Displays\Pivot Software\wpctrl.exe" O4 - HKLM\..\Run: [DT Task] C:\Programmi\Portrait Displays\PerfectSuite\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ? O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm O8 - Extra context menu item: Sottoscrivi con RSS Bandit - C:\Documents and Settings\Carlo\Dati applicazioni\RssBandit\iecontext_subscribebandit.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - J:\Programmi\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Asset Management Daemon - Unknown owner - C:\Programmi\Portrait Displays\PerfectSuite\dtsslsrv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\Portrait Displays\PerfectSuite\DTSRVC.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Perfd35 - Portrait Displays, Inc. - (no file) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- End of file - 14492 bytes EDIT: -ho notato che la voce "O23 - Service: Perfd35 - Portrait Displays, Inc. - (no file)" non l'ha rimossa anche dopo il fixaggio. - Il trojan si è ripresentato Ultima modifica di Etex : 08-01-2008 alle 15:05. |
|
08-01-2008, 15:28 | #26 |
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3254
|
scarica Superantispyware aggiornalo e fagli fare una "Perform complete scan" da "scan your computer"
fammi sapere cosa trova
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta... |
08-01-2008, 16:19 | #27 |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
C:\WINDOWS\system32\Mts64Pan.Exe su VirusTotal è risultata pulita ?
__________________
Try again and you will be luckier.
|
08-01-2008, 16:21 | #28 |
Bannato
Iscritto dal: Oct 2007
Città: Palermo
Messaggi: 4623
|
|
08-01-2008, 16:26 | #29 | |
Member
Iscritto dal: May 2005
Messaggi: 90
|
Quote:
In genere i files Mts64Pan sono legati alla mia vecchia scheda midi che uso ancora, una miditerminal, e in effetti da anni ho una Miditerminal console che mi parte in avvio con il pc. L'ho scansionata xchè non si sa mai che fosse stata infettata ma la scansione su virustotal mi ha dato esito pulito. Superantispyware sta andando avanti ma fin'ora ha trovato solo dei tracking cookies questo trojan sembra veramente ostico |
|
08-01-2008, 16:35 | #30 |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Clicca su Start - Esegui - digita Regedit e naviga fino alla seguente chiave di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ricontrolla nel pannello di dx la presenza del seguente valore: "load" = "[PATH TO DROPPED FILE]"
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 08-01-2008 alle 16:37. |
08-01-2008, 17:32 | #31 | ||
Member
Iscritto dal: May 2005
Messaggi: 90
|
Quote:
EDIT: il log di superantispyware: Codice:
SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/08/2008 at 05:30 PM Application Version : 3.9.1008 Core Rules Database Version : 3376 Trace Rules Database Version: 1370 Scan type : Complete Scan Total Scan Time : 00:53:18 Memory items scanned : 593 Memory threats detected : 0 Registry items scanned : 9007 Registry threats detected : 0 File items scanned : 53259 File threats detected : 94 Adware.Tracking Cookie C:\Documents and Settings\Carlo\Cookies\carlo@overture[6].txt C:\Documents and Settings\Carlo\Cookies\carlo@atdmt[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@revsci[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@adopt.euroclick[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[9].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[8].txt C:\Documents and Settings\Carlo\Cookies\carlo@tradedoubler[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@mediaplex[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[9].txt C:\Documents and Settings\Carlo\Cookies\carlo@bluestreak[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[8].txt C:\Documents and Settings\Carlo\Cookies\carlo@3.adbrite[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.uk.tangozebra[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.uk.tangozebra[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.yieldmanager[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.yieldmanager[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.yieldmanager[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[6].txt C:\Documents and Settings\Carlo\Cookies\carlo@ad.zanox[7].txt C:\Documents and Settings\Carlo\Cookies\carlo@adbrite[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@adbrite[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@adbrite[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@adopt.euroclick[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@adopt.euroclick[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@adopt.euroclick[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@adopt.euroclick[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@ads.adbrite[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ads.cinemode[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ads.foolix[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ads.nntp[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@ads.nntp[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ads.techguy[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@adv.ilbanner[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@advertstream[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@clickaider[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@clickaider[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@domus.adbureau[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@eas.apm.emediate[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ehg-tfl.hitbox[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@ehg-warnerbrothers.hitbox[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[6].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[7].txt C:\Documents and Settings\Carlo\Cookies\carlo@imrworldwide[8].txt C:\Documents and Settings\Carlo\Cookies\carlo@mediaplex[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@msnportal.112.2o7[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@overture[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@overture[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@overture[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@overture[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@overture[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@pornstar.dvdempire[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@rcsmediagroup[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@revsci[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@revsci[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@revsci[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@tacoda[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@tradedoubler[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.burstnet[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.clickpoint[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[6].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.comprabanner[7].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.googleadservices[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.googleadservices[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.googleadservices[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.googleadservices[8].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.googleadservices[9].txt C:\Documents and Settings\Carlo\Cookies\carlo@www.sexyandfunny[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@www7.addfreestats[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@xiti[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@xiti[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@xiti[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@xiti[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[1].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[2].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[3].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[4].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[5].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[6].txt C:\Documents and Settings\Carlo\Cookies\carlo@zbox.zanox[7].txt C:\Documents and Settings\Temp\Cookies\temp@imrworldwide[2].txt Quote:
http://www.zshare.net/image/6312945ed67ecb/ Grazie EDIT: la stessa immagine ritagliata e più leggibile: http://www.zshare.net/image/631306122c9329/ Ultima modifica di Etex : 08-01-2008 alle 17:44. |
||
08-01-2008, 18:23 | #32 |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
http://www.prevx.com/freescan.asp
mi alleghi un log di Prevx CSI, thx.
__________________
Try again and you will be luckier.
|
08-01-2008, 19:43 | #33 | |
Member
Iscritto dal: May 2005
Messaggi: 90
|
Quote:
il log: http://www.zshare.net/download/63163511b983da/ |
|
08-01-2008, 20:00 | #34 |
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3254
|
hum...fai analizzare sempre su virus total questi:
C:\Programmi\Portrait Displays\PerfectSuite\WrapI2C.dll C:\Programmi\Portrait Displays\PerfectSuite\nv.dll C:\Programmi\Portrait Displays\PerfectSuite\DTHtml.exe (voglio capire se ci sono eventuali falsi) dopodichè scansione con combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe ed i log
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta... |
08-01-2008, 20:10 | #35 |
Bannato
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
|
Buonasera ai soci ed agli adepti del Girone dei Dannati : appena acceso il P.C., mi sono beccato gli aggiornamenti di zio Bill
Ora controllo cosa mi sono perso Edit: alla fine, mi sono perso io @ Etex, ti chiedo un favore personale: da questo post in avanti, i log che ti verranno richiesti, li alleghi con queste modalità (se non sbaglio te lo avevo già indicato) e, non più, utilizzando il tag Code: ● se il relativo txt generato è al max 20 kb, deve essere allegato alla discussione, utilizzando l'apposita funzione Gestisci Allegati; ● se superiore a 20 kb, hostato su Zshare clicca qui per raggiungere ZShare, pubblicando, nella discussione, il link che verrà rilasciato per il download Ragazzi, potremmo, anche evitare gli, inutili quote kilometrici? diventa complicato seguire la discussione. Grazie. Ultima modifica di Riverside : 08-01-2008 alle 20:30. |
08-01-2008, 20:35 | #36 |
Bannato
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
|
@ Etex: quando hai eseguito Combo (come suggerito da Lancetta) oltre al suo log, dopo aver riavviato, allega un nuovo log di Hthis
|
08-01-2008, 22:11 | #37 |
Member
Iscritto dal: May 2005
Messaggi: 90
|
eccomi.
Rientro ora. @riverside: non ricordo che mi avessi già indicato la questione allegati ma potrebbe sicuramente essermi sfuggita; in effetti questa ricerca fatta mentre cerco pure di portare avanti il lavoro mi sta un po' "ubriacando" Mi scuso e cercherò di creare meno confusione; grazie ancora per il supporto e la disponibilità @Lancetta: mi appresto ad eseguire Solo un aggiornamento: -alle 18 e rotti, il trojan non si è "presentato" all'appuntamento: il norton non ha intercettato nulla e così anche per tutti gli intervalli successivi. Siamo sulla strada buona? -magari non serve, ma non vi ho mai indicato cartella e files intercettati; se serve, ve li indico. |
08-01-2008, 22:15 | #38 | |
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
08-01-2008, 22:19 | #39 |
Member
Iscritto dal: May 2005
Messaggi: 90
|
Ok, non l'ho fatto di mia iniziativa per non creare confusione; questi i file e i percorsi dove Norton li intercetta; appaiono sempre "in coppia"
Codice:
C:\Documents and Settings\Carlo\Impostazioni locali\Temp\Song911.Exe Codice:
C:\Documents and Settings\Carlo\Impostazioni locali\Temporary Internet Files\Content.IE5\SIUG2GXC\NewLoader[1].exe |
08-01-2008, 22:32 | #40 | |
Member
Iscritto dal: May 2005
Messaggi: 90
|
Quote:
EDIT: ora parto con la scansione di combofix |
|
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 03:03.