| Precedente :: Successivo |
| Autore |
Messaggio |
Ricky
Mortale devoto
Registrato: 18/01/08 19:28
Messaggi: 12
|
 Inviato: 18 Gen 2008 19:54 Oggetto: virus non mi fa aprire hijackthis |
 |
|
Ciao a tutti mi chiamo Riccardo ed ho un problema...da un po' di tempo non riesco ad aprire hijackthis ma la cosa strana è che quando digito su google il nome hijackthis o avenger mi chiude la pagina!
qualche giorno fa ho trovato TROJAN WIN32 AGENT AUF con antivir e l'ho messo in quarantena e nelle scansioni successive non l'ho più trovato tuttavia il problema persiste,hjt non parte ne posso cercarlo...cosa posso fare per scovare il virus?
ringrazio in anticipo 
p.s.chi mi aiuta sappia che non capisco molto di pc quindi parlatemi sapendo che sno completamente ignorante in materia  |
|
| Top |
|
 |
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 19 Gen 2008 14:49 Oggetto: |
|
|
Ciao Ricky, 
da Start/Esegui digita regedit e dai l'OK
portati alla chiave
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
guarda se esistono
- explorer.exe e se c'è riporta qui i valori.
- iexplore.exe e se c'è riporta qui i valori.
fai lo stesso con
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
individua nella finestra di destra Userinit
riporta qui i valori
PS: se vuoi, puoi presentarti qui |
|
| Top |
|
|
Ricky
Mortale devoto
Registrato: 18/01/08 19:28
Messaggi: 12
|
| Inviato: 19 Gen 2008 16:00 Oggetto: |
|
|
ciao!
grazie innanzitutto per avermi risposto 
explorer.exe e iexplorer.exe non ci sono
in Winlogon invece il valore in "dati" di Userint è
c:\windows\system32\userinit.exe,"c:\windows\system32\samsungservice.exe",
non so se possa servire comunque nella colonna tipo c'è scritto "REG_SZ" |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 19 Gen 2008 20:19 Oggetto: |
|
|
scarica KillBox
nel Task manager termina (se c'è) il processo samsungservice.exe
Avvia regedit
portati alla chiave HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
doppio clic su Userinit
evidenzia la voce infetta (in rosso):
c:\windows\system32\userinit.exe,"c:\windows\system32\samsungservice.exe"
ed eliminala (tasto Backspace o Canc)
la chiave dopo la pulizia deve presentarsi così:
c:\windows\system32\userinit.exe, (con la virgola finale)
Chiudi il registro.
Avvia KillBox
in Full Path inserisci c:\windows\system32\samsungservice.exe
seleziona Delete on reboot
clicca sulla X rotonda a destra
riavvia il PC
ora HJT dovrebbe partire. |
|
| Top |
|
|
Ricky
Mortale devoto
Registrato: 18/01/08 19:28
Messaggi: 12
|
| Inviato: 20 Gen 2008 17:16 Oggetto: |
|
|
ora parte
ti ringrazio veramente moltissimo per il tuo aiuto e la tua disponibilità!
ultima cosa(giuro!) mi sai dire se qui è tutto ok?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.42.08, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 160.128.161.153 bute2ieh.com
O1 - Hosts: 98.142.154.12 catolcwxcav.com
O1 - Hosts: 164.105.11.128 ukjp9mn2.com
O1 - Hosts: 26.61.135.9 vkipqugtsx.com
O1 - Hosts: 74.155.15.232 wvdimh98zhq.com
O1 - Hosts: 21.43.177.216 zobcslgff.com
O1 - Hosts: 217.65.130.117 fullows.com
O1 - Hosts: 7.19.148.180 thumbstring.net
O1 - Hosts: 46.227.219.28 wschooler.com
O1 - Hosts: 237.198.174.168 addwjf6zoy.com
O1 - Hosts: 42.9.237.234 itqoipyqsq.com
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [svclsnlf] "c:\windows\system32\svclsnlf.exe"
O4 - HKLM\..\Run: [rxswa] "C:\DOCUME~1\Utente\IMPOST~1\Temp\8471093.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: StopDialers4.lnk = C:\Programmi\StopDialers4\stopdialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polpettina89.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blynd88.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O22 - SharedTaskScheduler: {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - cholecyst - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FILECO~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 6159 bytes
grazie |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 23 Gen 2008 09:02 Oggetto: |
|
|
ciao.
Veramente non è tutto Ok...
* Scarica e dai una passata con questo tool, riportando poi il risultato.
* Scarica HostsXpert
Clicca su Restore MS Hosts File
Poi su Make read only e chiudilo.
* scarica ATF Cleaner
avvialo, metti la spunta su Select all (se usi Firefox o Opera spunta anche le loro opzioni)
clicca Empty selected e aspetta il messaggio Done cleaning!
eventualmente ripeti per FF e/o Opera
* posta un log aggiornato di HJT |
|
| Top |
|
|
Ricky
Mortale devoto
Registrato: 18/01/08 19:28
Messaggi: 12
|
| Inviato: 23 Gen 2008 20:49 Oggetto: |
|
|
ciao e grazie1
-col primo tool che mi hai consigliato ho qualche problema perchè non capisco cosa mi chiede e a un cero punto in un messaggio mi chiede se riavviare il pc e posso solo dire ok o chiudere...comunque nonostante il mio scarso inglese all'inizio pare dica che non ha trovato non so che nel sistema
-con atf cleaner non mi funziona il link...ho provato a cercarlo anche da solo su google ma mi dice sempre impossibile visualizzare la pagina
posto comunque il log di hjt anche se non credo sia cambiato molto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.49.09, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [svclsnlf] "c:\windows\system32\svclsnlf.exe"
O4 - HKLM\..\Run: [rxswa] "C:\DOCUME~1\Utente\IMPOST~1\Temp\8471093.exe"
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\Utente\Desktop\ECCE14A.exe" -scan
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: StopDialers4.lnk = C:\Programmi\StopDialers4\stopdialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polpettina89.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blynd88.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O22 - SharedTaskScheduler: {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - cholecyst - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FILECO~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 5847 bytes |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
|
| Top |
|
|
Ricky
Mortale devoto
Registrato: 18/01/08 19:28
Messaggi: 12
|
| Inviato: 23 Gen 2008 21:56 Oggetto: |
|
|
grazie! 
scansione combofix
ComboFix 08-01-23.2 - Utente 2008-01-23 20.20.04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.214 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Utente\Impostazioni locali\Temporary Internet Files\sc
C:\Documents and Settings\Utente\Impostazioni locali\Temporary Internet Files\sc\console.html
----- BITS: Possible infected sites -----
hxxp://195.238.242.23
.
((((((((((((((((((((((((( Files Creati Da 2007-12-23 al 2008-01-23 )))))))))))))))))))))))))))))))))))
.
2008-01-23 20:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-20 18:56 . 2008-01-21 18:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-20 18:56 . 2008-01-20 18:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-20 17:35 . 2008-01-20 17:35 <DIR> d-------- C:\Programmi\Trend Micro
2008-01-15 13:00 . 2008-01-15 13:00 <DIR> d-------- C:\Programmi\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 18:15 36,096 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2007-12-20 13:41 --------- d-----w C:\Programmi\MSN Messenger
2007-12-20 13:41 --------- d-----w C:\Programmi\Messenger Plus! Live
2007-12-11 18:08 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2007-12-11 18:08 --------- d-----w C:\Programmi\File comuni\MOVAVI
2007-12-11 18:07 --------- d-----w C:\Programmi\Movavi Flash Converter
2007-12-07 20:01 --------- d-----w C:\Programmi\uTorrent
2007-12-07 14:48 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-07 14:48 --------- d-----w C:\Programmi\Pirelli
2007-12-07 14:47 --------- d-----w C:\Programmi\Motive
2007-12-07 14:47 --------- d-----w C:\Programmi\File comuni\Motive
2007-12-07 14:47 --------- d-----w C:\Programmi\Common Files
2007-12-07 14:47 --------- d-----w C:\Programmi\Alice ti aiuta
2007-12-07 14:46 --------- d-----w C:\Programmi\Telecom Italia
2005-05-30 15:13 8,968 ----a-w C:\WINDOWS\Prefetch\AUPD1ATE.EXE
2005-05-27 20:51 29,200 ----a-w C:\WINDOWS\Prefetch\LUAL1L.EXE
2005-05-25 09:13 43,516 ----a-w C:\WINDOWS\Prefetch\ccA1pp.exe
2004-12-29 10:13 9,223,834 ----a-w C:\Programmi\klcodec234f.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 102,400 2004-12-02 17:23:34 C:\Programmi\Creative\MediaSource\Detector\bak\CTDetect.exe
----a-w 299,008 2003-04-01 09:32:08 C:\Programmi\IPM\Adsl\DataWay\bak\dslstat.exe
----a-w 256,576 2006-10-30 08:36:36 C:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 190,024 2006-09-28 15:52:38 C:\Programmi\MessengerPlus! 3\bak\MsgPlus.exe
----a-w 190,024 2007-01-02 20:02:26 C:\Programmi\MessengerPlus! 3\MsgPlus.exe
----a-w 282,624 2006-10-25 17:58:18 C:\Programmi\QuickTime\bak\qttask.exe
----a-w 421,888 2005-06-20 10:10:50 C:\Programmi\Softwin\BitDefender8\bak\bdmcon.exe
----a-w 8,192 2005-05-09 10:19:14 C:\Programmi\Softwin\BitDefender8\bak\bdnagent.exe
----a-w 15,872 2006-09-07 17:19:27 C:\Programmi\Unlocker\bak\UnlockerAssistant.exe
----a-w 15,872 2006-09-07 17:19:27 C:\Programmi\Unlocker\UnlockerAssistant.exe
----a-w 233,472 2006-12-01 19:25:37 C:\VEXPLITE\bak\MONLITE.EXE
----a-w 245,760 2008-01-15 21:42:54 C:\VEXPLITE\MONLITE.EXE
----a-w 15,360 2004-08-19 13:39:36 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 13:39:36 C:\WINDOWS\system32\ctfmon.exe
----a-w 155,648 2001-07-09 08:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"MessengerPlus3"="C:\Programmi\MessengerPlus! 3\MsgPlus.exe" [2007-01-02 21:02 190024]
"CTSyncU.exe"="C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 09:06 700416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 03:23 67584 C:\WINDOWS\SOUNDMAN.EXE]
"UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-30 01:50 4620288]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-04-23 18:25 185896]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-15 13:01 249896]
"svclsnlf"="c:\windows\system32\svclsnlf.exe" [ ]
"PrevxRootkitRemovalTool"="C:\Documents and Settings\Utente\Desktop\ECCE14A.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 14:39 15360]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-01-14 19:15]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-12-11 19:08]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-01-15 22:42]
S0 dxnhblkh;dxnhblkh;C:\WINDOWS\system32\drivers\thgqbboh.sys []
S3 EPUSBSTOR;EPSON USB Storage Driver;C:\WINDOWS\system32\DRIVERS\epusbsto.sys [2001-09-09 23:00]
S3 gAGP440p;gAGP440p;C:\DOCUME~1\Utente\IMPOST~1\Temp\gAGP440p.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 18:31]
S4 LogDlv;LogDlv;"C:\Programmi\File comuni\Services\Ftt.exe" [2004-08-19 14:39]
S4 NetIxb;NetIxb;"C:\Programmi\File comuni\System\ZrK.exe" []
S4 RQGLV;RQGLV;C:\DOCUME~1\Utente\IMPOST~1\Temp\RQGLV.exe []
S4 SecCll;SecCll;"C:\Programmi\File comuni\System\kfL.exe" []
S4 sUhifV;sUhifV;"C:\Programmi\File comuni\System\AjzB.exe" []
S4 UpdCgj;UpdCgj;"C:\Programmi\File comuni\Microsoft Shared\wRxoU.exe" [2004-08-19 14:39]
S4 WinFta;WinFta;"C:\Programmi\File comuni\System\bJO.exe" []
S4 ZITVBWCQK;ZITVBWCQK;C:\DOCUME~1\Utente\IMPOST~1\Temp\ZITVBWCQK.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26afe344-0a0c-11dc-8f12-00024f300101}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\accngy.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\admmcdl.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\adyoh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\aen.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\agwjdj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\ahsdend.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\akvrvg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\amnb.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\anrep.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\anuzs.job"
- c:\windows\system32\svclsnlf.exe
"2006-11-14 07:48:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\aqvkxupz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\asda.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\asewrcf.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\atxyxiw.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\avlstlp.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\axon.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\aysom.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\bavkn.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:35 C:\WINDOWS\Tasks\beedensx.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\bjdypl.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\bklvhwis.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\bmvtk.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\boz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\bqworqu.job"
- c:\windows\system32\mantqfep.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\caikezzp.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\ccvnp.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\cfua.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\ciokp.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\cmnum.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\cmtj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\cnvj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\coqrz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\cpccqcw.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\cvbrgifu.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\cxh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\czag.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\daafmet.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\dao.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\dcec.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\detlxz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\dgmftnfk.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\djfkkbf.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\dnuwis.job"
- c:\windows\system32\updodbmi.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\dplshyt.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\dsg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\dub.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\eakw.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\ebovkpxy.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\eeuyt.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\eiph.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\epl.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\eqgqw.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\eswbq.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\etaypg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\etilt.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\etlmz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\eucovx.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\euuwiai.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\ewq.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\ewynqnvu.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:34 C:\WINDOWS\Tasks\exyyvplg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\farnz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\ffbk.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\fjsqgupr.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\fmyuj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\fqrx.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\frljvm.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\fry.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\ftqh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\ftulcpsu.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\gadgc.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\gcnb.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\ghknmkmh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\gip.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\gjrc.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\gll.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\gmpxjwhn.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\goqfruzr.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\gvie.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\gwzgy.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\gyw.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\gyyw.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\hbq.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\hcq.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\hcunz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\hdh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\hedphvm.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\hemxkcg.job"
- c:\windows\system32\updodbmi.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\hepg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\hfvhkpq.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\hgiotdpn.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\hieyufcf.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\hjn.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\hlog.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:33 C:\WINDOWS\Tasks\hmcec.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\hophd.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\hozoqbvg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\hra.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\hrdspbnm.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\hribr.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\hsev.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\hwar.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\hwzstmb.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\hyqhgy.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\hzaebu.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\iajnqxcx.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\ifhbhc.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\ihvih.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\iihxc.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\iipknz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:32 C:\WINDOWS\Tasks\ijoysh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:31 C:\WINDOWS\Tasks\ijpjosrw.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:31 C:\WINDOWS\Tasks\inawg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:31 C:\WINDOWS\Tasks\iprdh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:31 C:\WINDOWS\Tasks\irwxrt.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\isl.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\itujzg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jdawmakv.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jfzju.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jhpego.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jjt.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jllhska.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jnuxwt.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jrmpqg.job"
- c:\windows\system32\updvfqxy.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jsg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jsztlg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jtbcixtp.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jtgbk.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jtwfniyk.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jtzusj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jxfclsrp.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\jxoh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\kdlyx.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\kdwgxu.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\keyei.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\kfucwm.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\kim.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\klmxwx.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\kpxuze.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\kqggcq.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\krvjfaug.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\kvo.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\ladinr.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\ljtp.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\lkjitrkz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\llpipj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\lohqad.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\lomznqm.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\lpvopv.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\lqrnevay.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\lsefwnt.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\lzl.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\mclvdrf.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\mcyki.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\mezoh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\mkrqgojm.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\mkv.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\mmjge.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\mpzw.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\mqfir.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\mqs.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\mvvnvke.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\mwjbo.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\mxogw.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\mytcpbr.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\myz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\negcatqn.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\nhfrov.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\nhljjris.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\nid.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\nisqurk.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\nkclggw.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\nkfgtrn.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\nlx.job"
- c:\windows\system32\updodbmi.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\nlzvxdxg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\nodbyj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\nubngses.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\nybwsk.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:30 C:\WINDOWS\Tasks\ocvmtl.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\oedji.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\ofl.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\ogp.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\ojtkljj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\ojv.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\ollmb.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\olnif.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\oraujq.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\paquhyfh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\pidxhfm.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\pioqhk.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\piyhylb.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\pjzvgds.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\pmscxep.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\pncfwzxp.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\pnnls.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\prlndu.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\prxmbw.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\pumd.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\pvevh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\pvnfqdb.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\pzwvnodt.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qbijj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qfqcdxw.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qgxybjk.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qgzplq.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qhgq.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qja.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qkjwfaj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qkwop.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qlenwozo.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qmn.job"
- c:\windows\system32\updodbmi.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qop.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qpcariud.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qpdtdc.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qpir.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qrwqelh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\qzie.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\rcb.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\rea.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\rkaqdgm.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\rniqcn.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\rodxrze.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\rpblxjgz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\rpd.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\rtodm.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\rtwkahp.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\rvawsgr.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\rvtoy.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\rydhgfp.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\ryxbshh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\rzxdej.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\sadzgt.job"
- c:\windows\system32\updodbmi.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\sijwrgt.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\smndfww.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\stfqqnhj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\svpcntu.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\swvmhc.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\tab.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\tahyvxyz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\tbzhzd.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\tcoihf.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\tfccoyo.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\tkc.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\tlayzfc.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\tlbyg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\trffcv.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\ttcawgy.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\ttppml.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\ttqkm.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\tvbg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\tvbilsk.job"
- c:\windows\system32\lsavfwht.exe
"2008-01-23 18:37:29 C:\WINDOWS\Tasks\twfpn.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\twmmm.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\uehb.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\uehen.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\ufuyzo.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\ugqlhb.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\uhsf.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\ujllhlgw.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\unx.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\unxcgko.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\unzzo.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\uodqq.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\uoxmuon.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\uparpgpj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\uryfzdmd.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\uscut.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\usgp.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\uuoqtt.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\uwkmmz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:28 C:\WINDOWS\Tasks\uwsgn.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\uzqjyr.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\vcmc.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\vcndqscu.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\vgwue.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\vhlwu.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\viwega.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\vleqjd.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\vqnhdiv.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\vxj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\vzj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\wdzd.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\weqf.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\whvq.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\wjkfoxm.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\wkebcepk.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\wnhrd.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\wpare.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\wvu.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:27 C:\WINDOWS\Tasks\wyxuqil.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\wyzh.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\xbdvaib.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\xbie.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\xciy.job"
- c:\windows\system32\updodbmi.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\xji.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\xjj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\xrnps.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\xsflovpv.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\xskjcpy.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\xteyqxjv.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\xwom.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\xwv.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\xxggx.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\xydz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\yammrt.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\ybukqra.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\yclq.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\yecxsv.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\ygdsgcu.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\ygegn.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\ygmug.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\yhvrap.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\yicwcr.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:26 C:\WINDOWS\Tasks\ymb.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\yvwdr.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\ywkiz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\yyjzure.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\yznukdcl.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\zbduju.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\zhuoz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\zikzdd.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\ziu.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\zixd.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\zjzfln.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\zlxmsiz.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\znkpvqs.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\zpalhhm.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\zsdzg.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\ztuzc.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\zubj.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\zvzhl.job"
- c:\windows\system32\svclsnlf.exe
"2008-01-23 18:37:25 C:\WINDOWS\Tasks\zxmxciye.job"
- c:\windows\system32\svclsnlf.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 20:23:26
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
scansione hjt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [svclsnlf] "c:\windows\system32\svclsnlf.exe"
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\Utente\Desktop\ECCE14A.exe" -scan
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: StopDialers4.lnk = C:\Programmi\StopDialers4\stopdialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polpettina89.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blynd88.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O22 - SharedTaskScheduler: {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - cholecyst - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FILECO~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 5680 bytes
link passo 1
[URL="http://www.freefilehosting.net/files/3b06d"]ger.txt[/URL]
link passo2
[URL="http://www.freefilehosting.net/files/3b06l"]f.txt[/URL] |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 24 Gen 2008 00:59 Oggetto: |
|
|
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
| Citazione: | files to delete:
C:\DOCUME~1\Utente\IMPOST~1\Temp\ZITVBWCQK.exe
C:\Programmi\File comuni\System\bJO.exe
C:\Programmi\File comuni\Microsoft Shared\wRxoU.exe
C:\Programmi\File comuni\System\AjzB.exe
C:\Programmi\File comuni\System\kfL.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\RQGLV.exe
C:\Programmi\File comuni\System\ZrK.exe
C:\Programmi\File comuni\Services\Ftt.exe
C:\WINDOWS\system32\drivers\thgqbboh.sys
C:\DOCUME~1\Utente\IMPOST~1\Temp\gAGP440p.sys
c:\windows\system32\svclsnlf.exe
C:\WINDOWS\Prefetch\ccA1pp.exe
C:\WINDOWS\Prefetch\LUAL1L.EXE
C:\WINDOWS\Prefetch\AUPD1ATE.EXE
c:\windows\system32\mantqfep.exe
c:\windows\system32\updodbmi.exe
c:\windows\system32\updvfqxy.exe
c:\windows\system32\lsavfwht.exe
C:\WINDOWS\Tasks\accngy.job
C:\WINDOWS\Tasks\admmcdl.job
C:\WINDOWS\Tasks\adyoh.job
C:\WINDOWS\Tasks\aen.job
C:\WINDOWS\Tasks\agwjdj.job
C:\WINDOWS\Tasks\ahsdend.job
C:\WINDOWS\Tasks\akvrvg.job
C:\WINDOWS\Tasks\amnb.job
C:\WINDOWS\Tasks\anrep.job
C:\WINDOWS\Tasks\anuzs.job
C:\WINDOWS\Tasks\aqvkxupz.job
C:\WINDOWS\Tasks\asda.job
C:\WINDOWS\Tasks\asewrcf.job
C:\WINDOWS\Tasks\atxyxiw.job
C:\WINDOWS\Tasks\avlstlp.job
C:\WINDOWS\Tasks\axon.job
C:\WINDOWS\Tasks\aysom.job
C:\WINDOWS\Tasks\bavkn.job
C:\WINDOWS\Tasks\beedensx.job
C:\WINDOWS\Tasks\bjdypl.job
C:\WINDOWS\Tasks\bklvhwis.job
C:\WINDOWS\Tasks\bmvtk.job
C:\WINDOWS\Tasks\boz.job
C:\WINDOWS\Tasks\bqworqu.job
C:\WINDOWS\Tasks\caikezzp.job
C:\WINDOWS\Tasks\ccvnp.job
C:\WINDOWS\Tasks\cfua.job
C:\WINDOWS\Tasks\ciokp.job
C:\WINDOWS\Tasks\cmnum.job
C:\WINDOWS\Tasks\cmtj.job
C:\WINDOWS\Tasks\cnvj.job
C:\WINDOWS\Tasks\coqrz.job
C:\WINDOWS\Tasks\cpccqcw.job
C:\WINDOWS\Tasks\cvbrgifu.job
C:\WINDOWS\Tasks\cxh.job
C:\WINDOWS\Tasks\czag.job
C:\WINDOWS\Tasks\daafmet.job
C:\WINDOWS\Tasks\dao.job
C:\WINDOWS\Tasks\dcec.job
C:\WINDOWS\Tasks\detlxz.job
C:\WINDOWS\Tasks\dgmftnfk.job
C:\WINDOWS\Tasks\djfkkbf.job
C:\WINDOWS\Tasks\dnuwis.job
C:\WINDOWS\Tasks\dplshyt.job
C:\WINDOWS\Tasks\dsg.job
C:\WINDOWS\Tasks\dub.job
C:\WINDOWS\Tasks\eakw.job
C:\WINDOWS\Tasks\ebovkpxy.job
C:\WINDOWS\Tasks\eeuyt.job
C:\WINDOWS\Tasks\eiph.job
C:\WINDOWS\Tasks\epl.job
C:\WINDOWS\Tasks\eqgqw.job
C:\WINDOWS\Tasks\eswbq.job
C:\WINDOWS\Tasks\etaypg.job
C:\WINDOWS\Tasks\etilt.job
C:\WINDOWS\Tasks\etlmz.job
C:\WINDOWS\Tasks\eucovx.job
C:\WINDOWS\Tasks\euuwiai.job
C:\WINDOWS\Tasks\ewq.job
C:\WINDOWS\Tasks\ewynqnvu.job
C:\WINDOWS\Tasks\exyyvplg.job
C:\WINDOWS\Tasks\farnz.job
C:\WINDOWS\Tasks\ffbk.job
C:\WINDOWS\Tasks\fjsqgupr.job
C:\WINDOWS\Tasks\fmyuj.job
C:\WINDOWS\Tasks\fqrx.job
C:\WINDOWS\Tasks\frljvm.job
C:\WINDOWS\Tasks\fry.job
C:\WINDOWS\Tasks\ftqh.job
C:\WINDOWS\Tasks\ftulcpsu.job
C:\WINDOWS\Tasks\gadgc.job
C:\WINDOWS\Tasks\gcnb.job
C:\WINDOWS\Tasks\ghknmkmh.job
C:\WINDOWS\Tasks\gip.job
C:\WINDOWS\Tasks\gjrc.job
C:\WINDOWS\Tasks\gll.job
C:\WINDOWS\Tasks\gmpxjwhn.job
C:\WINDOWS\Tasks\goqfruzr.job
C:\WINDOWS\Tasks\gvie.job
C:\WINDOWS\Tasks\gwzgy.job
C:\WINDOWS\Tasks\gyw.job
C:\WINDOWS\Tasks\gyyw.job
C:\WINDOWS\Tasks\hbq.job
C:\WINDOWS\Tasks\hcq.job
C:\WINDOWS\Tasks\hcunz.job
C:\WINDOWS\Tasks\hdh.job
C:\WINDOWS\Tasks\hedphvm.job
C:\WINDOWS\Tasks\hemxkcg.job
C:\WINDOWS\Tasks\hepg.job
C:\WINDOWS\Tasks\hfvhkpq.job
C:\WINDOWS\Tasks\hgiotdpn.job
C:\WINDOWS\Tasks\hieyufcf.job
C:\WINDOWS\Tasks\hjn.job
C:\WINDOWS\Tasks\hlog.job
C:\WINDOWS\Tasks\hmcec.job
C:\WINDOWS\Tasks\hophd.job
C:\WINDOWS\Tasks\hozoqbvg.job
C:\WINDOWS\Tasks\hra.job
C:\WINDOWS\Tasks\hrdspbnm.job
C:\WINDOWS\Tasks\hribr.job
C:\WINDOWS\Tasks\hsev.job
C:\WINDOWS\Tasks\hwar.job
C:\WINDOWS\Tasks\hwzstmb.job
C:\WINDOWS\Tasks\hyqhgy.job
C:\WINDOWS\Tasks\hzaebu.job
C:\WINDOWS\Tasks\iajnqxcx.job
C:\WINDOWS\Tasks\ifhbhc.job
C:\WINDOWS\Tasks\ihvih.job
C:\WINDOWS\Tasks\iihxc.job
C:\WINDOWS\Tasks\iipknz.job
C:\WINDOWS\Tasks\ijoysh.job
C:\WINDOWS\Tasks\ijpjosrw.job
C:\WINDOWS\Tasks\inawg.job
C:\WINDOWS\Tasks\iprdh.job
C:\WINDOWS\Tasks\irwxrt.job
C:\WINDOWS\Tasks\isl.job
C:\WINDOWS\Tasks\itujzg.job
C:\WINDOWS\Tasks\jdawmakv.job
C:\WINDOWS\Tasks\jfzju.job
C:\WINDOWS\Tasks\jhpego.job
C:\WINDOWS\Tasks\jjt.job
C:\WINDOWS\Tasks\jllhska.job
C:\WINDOWS\Tasks\jnuxwt.job
C:\WINDOWS\Tasks\jrmpqg.job
C:\WINDOWS\Tasks\jsg.job
C:\WINDOWS\Tasks\jsztlg.job
C:\WINDOWS\Tasks\jtbcixtp.job
C:\WINDOWS\Tasks\jtgbk.job
C:\WINDOWS\Tasks\jtwfniyk.job
C:\WINDOWS\Tasks\jtzusj.job
C:\WINDOWS\Tasks\jxfclsrp.job
C:\WINDOWS\Tasks\jxoh.job
C:\WINDOWS\Tasks\kdlyx.job
C:\WINDOWS\Tasks\kdwgxu.job
C:\WINDOWS\Tasks\keyei.job
C:\WINDOWS\Tasks\kfucwm.job
C:\WINDOWS\Tasks\kim.job
C:\WINDOWS\Tasks\klmxwx.job
C:\WINDOWS\Tasks\kpxuze.job
C:\WINDOWS\Tasks\kqggcq.job
C:\WINDOWS\Tasks\krvjfaug.job
C:\WINDOWS\Tasks\kvo.job
C:\WINDOWS\Tasks\ladinr.job
C:\WINDOWS\Tasks\ljtp.job
C:\WINDOWS\Tasks\lkjitrkz.job
C:\WINDOWS\Tasks\llpipj.job
C:\WINDOWS\Tasks\lohqad.job
C:\WINDOWS\Tasks\lomznqm.job
C:\WINDOWS\Tasks\lpvopv.job
C:\WINDOWS\Tasks\lqrnevay.job
C:\WINDOWS\Tasks\lsefwnt.job
C:\WINDOWS\Tasks\lzl.job
C:\WINDOWS\Tasks\mclvdrf.job
C:\WINDOWS\Tasks\mcyki.job
C:\WINDOWS\Tasks\mezoh.job
C:\WINDOWS\Tasks\mkrqgojm.job
C:\WINDOWS\Tasks\mkv.job
C:\WINDOWS\Tasks\mmjge.job
C:\WINDOWS\Tasks\mpzw.job
C:\WINDOWS\Tasks\mqfir.job
C:\WINDOWS\Tasks\mqs.job
C:\WINDOWS\Tasks\mvvnvke.job
C:\WINDOWS\Tasks\mwjbo.job
C:\WINDOWS\Tasks\mxogw.job
C:\WINDOWS\Tasks\mytcpbr.job
C:\WINDOWS\Tasks\myz.job
C:\WINDOWS\Tasks\negcatqn.job
C:\WINDOWS\Tasks\nhfrov.job
C:\WINDOWS\Tasks\nhljjris.job
C:\WINDOWS\Tasks\nid.job
C:\WINDOWS\Tasks\nisqurk.job
C:\WINDOWS\Tasks\nkclggw.job
C:\WINDOWS\Tasks\nkfgtrn.job
C:\WINDOWS\Tasks\nlx.job
C:\WINDOWS\Tasks\nlzvxdxg.job
C:\WINDOWS\Tasks\nodbyj.job
C:\WINDOWS\Tasks\nubngses.job
C:\WINDOWS\Tasks\nybwsk.job
C:\WINDOWS\Tasks\ocvmtl.job
C:\WINDOWS\Tasks\oedji.job
C:\WINDOWS\Tasks\ofl.job
C:\WINDOWS\Tasks\ogp.job
C:\WINDOWS\Tasks\ojtkljj.job
C:\WINDOWS\Tasks\ojv.job
C:\WINDOWS\Tasks\ollmb.job
C:\WINDOWS\Tasks\olnif.job
C:\WINDOWS\Tasks\oraujq.job
C:\WINDOWS\Tasks\paquhyfh.job
C:\WINDOWS\Tasks\pidxhfm.job
C:\WINDOWS\Tasks\pioqhk.job
C:\WINDOWS\Tasks\piyhylb.job
C:\WINDOWS\Tasks\pjzvgds.job
C:\WINDOWS\Tasks\pmscxep.job
C:\WINDOWS\Tasks\pncfwzxp.job
C:\WINDOWS\Tasks\pnnls.job
C:\WINDOWS\Tasks\prlndu.job
C:\WINDOWS\Tasks\prxmbw.job
C:\WINDOWS\Tasks\pumd.job
C:\WINDOWS\Tasks\pvevh.job
C:\WINDOWS\Tasks\pvnfqdb.job
C:\WINDOWS\Tasks\pzwvnodt.job
C:\WINDOWS\Tasks\qbijj.job
C:\WINDOWS\Tasks\qfqcdxw.job
C:\WINDOWS\Tasks\qgxybjk.job
C:\WINDOWS\Tasks\qgzplq.job
C:\WINDOWS\Tasks\qhgq.job
C:\WINDOWS\Tasks\qja.job
C:\WINDOWS\Tasks\qkjwfaj.job
C:\WINDOWS\Tasks\qkwop.job
C:\WINDOWS\Tasks\qlenwozo.job
C:\WINDOWS\Tasks\qmn.job
C:\WINDOWS\Tasks\qop.job
C:\WINDOWS\Tasks\qpcariud.job
C:\WINDOWS\Tasks\qpdtdc.job
C:\WINDOWS\Tasks\qpir.job
C:\WINDOWS\Tasks\qrwqelh.job
C:\WINDOWS\Tasks\qzie.job
C:\WINDOWS\Tasks\rcb.job
C:\WINDOWS\Tasks\rea.job
C:\WINDOWS\Tasks\rkaqdgm.job
C:\WINDOWS\Tasks\rniqcn.job
C:\WINDOWS\Tasks\rodxrze.job
C:\WINDOWS\Tasks\rpblxjgz.job
C:\WINDOWS\Tasks\rpd.job
C:\WINDOWS\Tasks\rtodm.job
C:\WINDOWS\Tasks\rtwkahp.job
C:\WINDOWS\Tasks\rvawsgr.job
C:\WINDOWS\Tasks\rvtoy.job
C:\WINDOWS\Tasks\rydhgfp.job
C:\WINDOWS\Tasks\ryxbshh.job
C:\WINDOWS\Tasks\rzxdej.job
C:\WINDOWS\Tasks\sadzgt.job
C:\WINDOWS\Tasks\sijwrgt.job
C:\WINDOWS\Tasks\smndfww.job
C:\WINDOWS\Tasks\stfqqnhj.job
C:\WINDOWS\Tasks\svpcntu.job
C:\WINDOWS\Tasks\swvmhc.job
C:\WINDOWS\Tasks\tab.job
C:\WINDOWS\Tasks\tahyvxyz.job
C:\WINDOWS\Tasks\tbzhzd.job
C:\WINDOWS\Tasks\tcoihf.job
C:\WINDOWS\Tasks\tfccoyo.job
C:\WINDOWS\Tasks\tkc.job
C:\WINDOWS\Tasks\tlayzfc.job
C:\WINDOWS\Tasks\tlbyg.job
C:\WINDOWS\Tasks\trffcv.job
C:\WINDOWS\Tasks\ttcawgy.job
C:\WINDOWS\Tasks\ttppml.job
C:\WINDOWS\Tasks\ttqkm.job
C:\WINDOWS\Tasks\tvbg.job
C:\WINDOWS\Tasks\tvbilsk.job
C:\WINDOWS\Tasks\twfpn.job
C:\WINDOWS\Tasks\twmmm.job
C:\WINDOWS\Tasks\uehb.job
C:\WINDOWS\Tasks\uehen.job
C:\WINDOWS\Tasks\ufuyzo.job
C:\WINDOWS\Tasks\ugqlhb.job
C:\WINDOWS\Tasks\uhsf.job
C:\WINDOWS\Tasks\ujllhlgw.job
C:\WINDOWS\Tasks\unx.job
C:\WINDOWS\Tasks\unxcgko.job
C:\WINDOWS\Tasks\unzzo.job
C:\WINDOWS\Tasks\uodqq.job
C:\WINDOWS\Tasks\uoxmuon.job
C:\WINDOWS\Tasks\uparpgpj.job
C:\WINDOWS\Tasks\uryfzdmd.job
C:\WINDOWS\Tasks\uscut.job
C:\WINDOWS\Tasks\usgp.job
C:\WINDOWS\Tasks\uuoqtt.job
C:\WINDOWS\Tasks\uwkmmz.job
C:\WINDOWS\Tasks\uwsgn.job
C:\WINDOWS\Tasks\uzqjyr.job
C:\WINDOWS\Tasks\vcmc.job
C:\WINDOWS\Tasks\vcndqscu.job
C:\WINDOWS\Tasks\vgwue.job
C:\WINDOWS\Tasks\vhlwu.job
C:\WINDOWS\Tasks\viwega.job
C:\WINDOWS\Tasks\vleqjd.job
C:\WINDOWS\Tasks\vqnhdiv.job
C:\WINDOWS\Tasks\vxj.job
C:\WINDOWS\Tasks\vzj.job
C:\WINDOWS\Tasks\wdzd.job
C:\WINDOWS\Tasks\weqf.job
C:\WINDOWS\Tasks\whvq.job
C:\WINDOWS\Tasks\wjkfoxm.job
C:\WINDOWS\Tasks\wkebcepk.job
C:\WINDOWS\Tasks\wnhrd.job
C:\WINDOWS\Tasks\wpare.job
C:\WINDOWS\Tasks\wvu.job
C:\WINDOWS\Tasks\wyxuqil.job
C:\WINDOWS\Tasks\wyzh.job
C:\WINDOWS\Tasks\xbdvaib.job
C:\WINDOWS\Tasks\xbie.job
C:\WINDOWS\Tasks\xciy.job
C:\WINDOWS\Tasks\xji.job
C:\WINDOWS\Tasks\xjj.job
C:\WINDOWS\Tasks\xrnps.job
C:\WINDOWS\Tasks\xsflovpv.job
C:\WINDOWS\Tasks\xskjcpy.job
C:\WINDOWS\Tasks\xteyqxjv.job
C:\WINDOWS\Tasks\xwom.job
C:\WINDOWS\Tasks\xwv.job
C:\WINDOWS\Tasks\xxggx.job
C:\WINDOWS\Tasks\xydz.job
C:\WINDOWS\Tasks\yammrt.job
C:\WINDOWS\Tasks\ybukqra.job
C:\WINDOWS\Tasks\yclq.job
C:\WINDOWS\Tasks\yecxsv.job
C:\WINDOWS\Tasks\ygdsgcu.job
C:\WINDOWS\Tasks\ygegn.job
C:\WINDOWS\Tasks\ygmug.job
C:\WINDOWS\Tasks\yhvrap.job
C:\WINDOWS\Tasks\yicwcr.job
C:\WINDOWS\Tasks\ymb.job
C:\WINDOWS\Tasks\yvwdr.job
C:\WINDOWS\Tasks\ywkiz.job
C:\WINDOWS\Tasks\yyjzure.job
C:\WINDOWS\Tasks\yznukdcl.job
C:\WINDOWS\Tasks\zbduju.job
C:\WINDOWS\Tasks\zhuoz.job
C:\WINDOWS\Tasks\zikzdd.job
C:\WINDOWS\Tasks\ziu.job
C:\WINDOWS\Tasks\zixd.job
C:\WINDOWS\Tasks\zjzfln.job
C:\WINDOWS\Tasks\zlxmsiz.job
C:\WINDOWS\Tasks\znkpvqs.job
C:\WINDOWS\Tasks\zpalhhm.job
C:\WINDOWS\Tasks\zsdzg.job
C:\WINDOWS\Tasks\ztuzc.job
C:\WINDOWS\Tasks\zubj.job
C:\WINDOWS\Tasks\zvzhl.job
C:\WINDOWS\Tasks\zxmxciye.job
registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | svclsnlf |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato. |
|
| Top |
|
|
Ricky
Mortale devoto
Registrato: 18/01/08 19:28
Messaggi: 12
|
| Inviato: 24 Gen 2008 13:33 Oggetto: |
|
|
allora
log avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mtwajacc
*******************
Script file located at: \??\C:\WINDOWS\uubptxxh.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\DOCUME~1\Utente\IMPOST~1\Temp\ZITVBWCQK.exe not found!
Deletion of file C:\DOCUME~1\Utente\IMPOST~1\Temp\ZITVBWCQK.exe failed!
Could not process line:
C:\DOCUME~1\Utente\IMPOST~1\Temp\ZITVBWCQK.exe
Status: 0xc0000034
File C:\Programmi\File comuni\System\bJO.exe not found!
Deletion of file C:\Programmi\File comuni\System\bJO.exe failed!
Could not process line:
C:\Programmi\File comuni\System\bJO.exe
Status: 0xc0000034
File C:\Programmi\File comuni\Microsoft Shared\wRxoU.exe deleted successfully.
File C:\Programmi\File comuni\System\AjzB.exe not found!
Deletion of file C:\Programmi\File comuni\System\AjzB.exe failed!
Could not process line:
C:\Programmi\File comuni\System\AjzB.exe
Status: 0xc0000034
File C:\Programmi\File comuni\System\kfL.exe not found!
Deletion of file C:\Programmi\File comuni\System\kfL.exe failed!
Could not process line:
C:\Programmi\File comuni\System\kfL.exe
Status: 0xc0000034
File C:\DOCUME~1\Utente\IMPOST~1\Temp\RQGLV.exe not found!
Deletion of file C:\DOCUME~1\Utente\IMPOST~1\Temp\RQGLV.exe failed!
Could not process line:
C:\DOCUME~1\Utente\IMPOST~1\Temp\RQGLV.exe
Status: 0xc0000034
File C:\Programmi\File comuni\System\ZrK.exe not found!
Deletion of file C:\Programmi\File comuni\System\ZrK.exe failed!
Could not process line:
C:\Programmi\File comuni\System\ZrK.exe
Status: 0xc0000034
File C:\Programmi\File comuni\Services\Ftt.exe deleted successfully.
File C:\WINDOWS\system32\drivers\thgqbboh.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\thgqbboh.sys failed!
Could not process line:
C:\WINDOWS\system32\drivers\thgqbboh.sys
Status: 0xc0000034
File C:\DOCUME~1\Utente\IMPOST~1\Temp\gAGP440p.sys not found!
Deletion of file C:\DOCUME~1\Utente\IMPOST~1\Temp\gAGP440p.sys failed!
Could not process line:
C:\DOCUME~1\Utente\IMPOST~1\Temp\gAGP440p.sys
Status: 0xc0000034
File c:\windows\system32\svclsnlf.exe not found!
Deletion of file c:\windows\system32\svclsnlf.exe failed!
Could not process line:
c:\windows\system32\svclsnlf.exe
Status: 0xc0000034
File C:\WINDOWS\Prefetch\ccA1pp.exe deleted successfully.
File C:\WINDOWS\Prefetch\LUAL1L.EXE deleted successfully.
File C:\WINDOWS\Prefetch\AUPD1ATE.EXE deleted successfully.
File c:\windows\system32\mantqfep.exe not found!
Deletion of file c:\windows\system32\mantqfep.exe failed!
Could not process line:
c:\windows\system32\mantqfep.exe
Status: 0xc0000034
File c:\windows\system32\updodbmi.exe not found!
Deletion of file c:\windows\system32\updodbmi.exe failed!
Could not process line:
c:\windows\system32\updodbmi.exe
Status: 0xc0000034
File c:\windows\system32\updvfqxy.exe not found!
Deletion of file c:\windows\system32\updvfqxy.exe failed!
Could not process line:
c:\windows\system32\updvfqxy.exe
Status: 0xc0000034
File c:\windows\system32\lsavfwht.exe not found!
Deletion of file c:\windows\system32\lsavfwht.exe failed!
Could not process line:
c:\windows\system32\lsavfwht.exe
Status: 0xc0000034
File C:\WINDOWS\Tasks\accngy.job deleted successfully.
File C:\WINDOWS\Tasks\admmcdl.job deleted successfully.
File C:\WINDOWS\Tasks\adyoh.job deleted successfully.
File C:\WINDOWS\Tasks\aen.job deleted successfully.
File C:\WINDOWS\Tasks\agwjdj.job deleted successfully.
File C:\WINDOWS\Tasks\ahsdend.job deleted successfully.
File C:\WINDOWS\Tasks\akvrvg.job deleted successfully.
File C:\WINDOWS\Tasks\amnb.job deleted successfully.
File C:\WINDOWS\Tasks\anrep.job deleted successfully.
File C:\WINDOWS\Tasks\anuzs.job deleted successfully.
File C:\WINDOWS\Tasks\aqvkxupz.job deleted successfully.
File C:\WINDOWS\Tasks\asda.job deleted successfully.
File C:\WINDOWS\Tasks\asewrcf.job deleted successfully.
File C:\WINDOWS\Tasks\atxyxiw.job deleted successfully.
File C:\WINDOWS\Tasks\avlstlp.job deleted successfully.
File C:\WINDOWS\Tasks\axon.job deleted successfully.
File C:\WINDOWS\Tasks\aysom.job deleted successfully.
File C:\WINDOWS\Tasks\bavkn.job deleted successfully.
File C:\WINDOWS\Tasks\beedensx.job deleted successfully.
File C:\WINDOWS\Tasks\bjdypl.job deleted successfully.
File C:\WINDOWS\Tasks\bklvhwis.job deleted successfully.
File C:\WINDOWS\Tasks\bmvtk.job deleted successfully.
File C:\WINDOWS\Tasks\boz.job deleted successfully.
File C:\WINDOWS\Tasks\bqworqu.job deleted successfully.
File C:\WINDOWS\Tasks\caikezzp.job deleted successfully.
File C:\WINDOWS\Tasks\ccvnp.job deleted successfully.
File C:\WINDOWS\Tasks\cfua.job deleted successfully.
File C:\WINDOWS\Tasks\ciokp.job deleted successfully.
File C:\WINDOWS\Tasks\cmnum.job deleted successfully.
File C:\WINDOWS\Tasks\cmtj.job deleted successfully.
File C:\WINDOWS\Tasks\cnvj.job deleted successfully.
File C:\WINDOWS\Tasks\coqrz.job deleted successfully.
File C:\WINDOWS\Tasks\cpccqcw.job deleted successfully.
File C:\WINDOWS\Tasks\cvbrgifu.job deleted successfully.
File C:\WINDOWS\Tasks\cxh.job deleted successfully.
File C:\WINDOWS\Tasks\czag.job deleted successfully.
File C:\WINDOWS\Tasks\daafmet.job deleted successfully.
File C:\WINDOWS\Tasks\dao.job deleted successfully.
File C:\WINDOWS\Tasks\dcec.job deleted successfully.
File C:\WINDOWS\Tasks\detlxz.job deleted successfully.
File C:\WINDOWS\Tasks\dgmftnfk.job deleted successfully.
File C:\WINDOWS\Tasks\djfkkbf.job deleted successfully.
File C:\WINDOWS\Tasks\dnuwis.job deleted successfully.
File C:\WINDOWS\Tasks\dplshyt.job deleted successfully.
File C:\WINDOWS\Tasks\dsg.job deleted successfully.
File C:\WINDOWS\Tasks\dub.job deleted successfully.
File C:\WINDOWS\Tasks\eakw.job deleted successfully.
File C:\WINDOWS\Tasks\ebovkpxy.job deleted successfully.
File C:\WINDOWS\Tasks\eeuyt.job deleted successfully.
File C:\WINDOWS\Tasks\eiph.job deleted successfully.
File C:\WINDOWS\Tasks\epl.job deleted successfully.
File C:\WINDOWS\Tasks\eqgqw.job deleted successfully.
File C:\WINDOWS\Tasks\eswbq.job deleted successfully.
File C:\WINDOWS\Tasks\etaypg.job deleted successfully.
File C:\WINDOWS\Tasks\etilt.job deleted successfully.
File C:\WINDOWS\Tasks\etlmz.job deleted successfully.
File C:\WINDOWS\Tasks\eucovx.job deleted successfully.
File C:\WINDOWS\Tasks\euuwiai.job deleted successfully.
File C:\WINDOWS\Tasks\ewq.job deleted successfully.
File C:\WINDOWS\Tasks\ewynqnvu.job deleted successfully.
File C:\WINDOWS\Tasks\exyyvplg.job deleted successfully.
File C:\WINDOWS\Tasks\farnz.job deleted successfully.
File C:\WINDOWS\Tasks\ffbk.job deleted successfully.
File C:\WINDOWS\Tasks\fjsqgupr.job deleted successfully.
File C:\WINDOWS\Tasks\fmyuj.job deleted successfully.
File C:\WINDOWS\Tasks\fqrx.job deleted successfully.
File C:\WINDOWS\Tasks\frljvm.job deleted successfully.
File C:\WINDOWS\Tasks\fry.job deleted successfully.
File C:\WINDOWS\Tasks\ftqh.job deleted successfully.
File C:\WINDOWS\Tasks\ftulcpsu.job deleted successfully.
File C:\WINDOWS\Tasks\gadgc.job deleted successfully.
File C:\WINDOWS\Tasks\gcnb.job deleted successfully.
File C:\WINDOWS\Tasks\ghknmkmh.job deleted successfully.
File C:\WINDOWS\Tasks\gip.job deleted successfully.
File C:\WINDOWS\Tasks\gjrc.job deleted successfully.
File C:\WINDOWS\Tasks\gll.job deleted successfully.
File C:\WINDOWS\Tasks\gmpxjwhn.job deleted successfully.
File C:\WINDOWS\Tasks\goqfruzr.job deleted successfully.
File C:\WINDOWS\Tasks\gvie.job deleted successfully.
File C:\WINDOWS\Tasks\gwzgy.job deleted successfully.
File C:\WINDOWS\Tasks\gyw.job deleted successfully.
File C:\WINDOWS\Tasks\gyyw.job deleted successfully.
File C:\WINDOWS\Tasks\hbq.job deleted successfully.
File C:\WINDOWS\Tasks\hcq.job deleted successfully.
File C:\WINDOWS\Tasks\hcunz.job deleted successfully.
File C:\WINDOWS\Tasks\hdh.job deleted successfully.
File C:\WINDOWS\Tasks\hedphvm.job deleted successfully.
File C:\WINDOWS\Tasks\hemxkcg.job deleted successfully.
File C:\WINDOWS\Tasks\hepg.job deleted successfully.
File C:\WINDOWS\Tasks\hfvhkpq.job deleted successfully.
File C:\WINDOWS\Tasks\hgiotdpn.job deleted successfully.
File C:\WINDOWS\Tasks\hieyufcf.job deleted successfully.
File C:\WINDOWS\Tasks\hjn.job deleted successfully.
File C:\WINDOWS\Tasks\hlog.job deleted successfully.
File C:\WINDOWS\Tasks\hmcec.job deleted successfully.
File C:\WINDOWS\Tasks\hophd.job deleted successfully.
File C:\WINDOWS\Tasks\hozoqbvg.job deleted successfully.
File C:\WINDOWS\Tasks\hra.job deleted successfully.
File C:\WINDOWS\Tasks\hrdspbnm.job deleted successfully.
File C:\WINDOWS\Tasks\hribr.job deleted successfully.
File C:\WINDOWS\Tasks\hsev.job deleted successfully.
File C:\WINDOWS\Tasks\hwar.job deleted successfully.
File C:\WINDOWS\Tasks\hwzstmb.job deleted successfully.
File C:\WINDOWS\Tasks\hyqhgy.job deleted successfully.
File C:\WINDOWS\Tasks\hzaebu.job deleted successfully.
File C:\WINDOWS\Tasks\iajnqxcx.job deleted successfully.
File C:\WINDOWS\Tasks\ifhbhc.job deleted successfully.
File C:\WINDOWS\Tasks\ihvih.job deleted successfully.
File C:\WINDOWS\Tasks\iihxc.job deleted successfully.
File C:\WINDOWS\Tasks\iipknz.job deleted successfully.
File C:\WINDOWS\Tasks\ijoysh.job deleted successfully.
File C:\WINDOWS\Tasks\ijpjosrw.job deleted successfully.
File C:\WINDOWS\Tasks\inawg.job deleted successfully.
File C:\WINDOWS\Tasks\iprdh.job deleted successfully.
File C:\WINDOWS\Tasks\irwxrt.job deleted successfully.
File C:\WINDOWS\Tasks\isl.job deleted successfully.
File C:\WINDOWS\Tasks\itujzg.job deleted successfully.
File C:\WINDOWS\Tasks\jdawmakv.job deleted successfully.
File C:\WINDOWS\Tasks\jfzju.job deleted successfully.
File C:\WINDOWS\Tasks\jhpego.job deleted successfully.
File C:\WINDOWS\Tasks\jjt.job deleted successfully.
File C:\WINDOWS\Tasks\jllhska.job deleted successfully.
File C:\WINDOWS\Tasks\jnuxwt.job deleted successfully.
File C:\WINDOWS\Tasks\jrmpqg.job deleted successfully.
File C:\WINDOWS\Tasks\jsg.job deleted successfully.
File C:\WINDOWS\Tasks\jsztlg.job deleted successfully.
File C:\WINDOWS\Tasks\jtbcixtp.job deleted successfully.
File C:\WINDOWS\Tasks\jtgbk.job deleted successfully.
File C:\WINDOWS\Tasks\jtwfniyk.job deleted successfully.
File C:\WINDOWS\Tasks\jtzusj.job deleted successfully.
File C:\WINDOWS\Tasks\jxfclsrp.job deleted successfully.
File C:\WINDOWS\Tasks\jxoh.job deleted successfully.
File C:\WINDOWS\Tasks\kdlyx.job deleted successfully.
File C:\WINDOWS\Tasks\kdwgxu.job deleted successfully.
File C:\WINDOWS\Tasks\keyei.job deleted successfully.
File C:\WINDOWS\Tasks\kfucwm.job deleted successfully.
File C:\WINDOWS\Tasks\kim.job deleted successfully.
File C:\WINDOWS\Tasks\klmxwx.job deleted successfully.
File C:\WINDOWS\Tasks\kpxuze.job deleted successfully.
File C:\WINDOWS\Tasks\kqggcq.job deleted successfully.
File C:\WINDOWS\Tasks\krvjfaug.job deleted successfully.
File C:\WINDOWS\Tasks\kvo.job deleted successfully.
File C:\WINDOWS\Tasks\ladinr.job deleted successfully.
File C:\WINDOWS\Tasks\ljtp.job deleted successfully.
File C:\WINDOWS\Tasks\lkjitrkz.job deleted successfully.
File C:\WINDOWS\Tasks\llpipj.job deleted successfully.
File C:\WINDOWS\Tasks\lohqad.job deleted successfully.
File C:\WINDOWS\Tasks\lomznqm.job deleted successfully.
File C:\WINDOWS\Tasks\lpvopv.job deleted successfully.
File C:\WINDOWS\Tasks\lqrnevay.job deleted successfully.
File C:\WINDOWS\Tasks\lsefwnt.job deleted successfully.
File C:\WINDOWS\Tasks\lzl.job deleted successfully.
File C:\WINDOWS\Tasks\mclvdrf.job deleted successfully.
File C:\WINDOWS\Tasks\mcyki.job deleted successfully.
File C:\WINDOWS\Tasks\mezoh.job deleted successfully.
File C:\WINDOWS\Tasks\mkrqgojm.job deleted successfully.
File C:\WINDOWS\Tasks\mkv.job deleted successfully.
File C:\WINDOWS\Tasks\mmjge.job deleted successfully.
File C:\WINDOWS\Tasks\mpzw.job deleted successfully.
File C:\WINDOWS\Tasks\mqfir.job deleted successfully.
File C:\WINDOWS\Tasks\mqs.job deleted successfully.
File C:\WINDOWS\Tasks\mvvnvke.job deleted successfully.
File C:\WINDOWS\Tasks\mwjbo.job deleted successfully.
File C:\WINDOWS\Tasks\mxogw.job deleted successfully.
File C:\WINDOWS\Tasks\mytcpbr.job deleted successfully.
File C:\WINDOWS\Tasks\myz.job deleted successfully.
File C:\WINDOWS\Tasks\negcatqn.job deleted successfully.
File C:\WINDOWS\Tasks\nhfrov.job deleted successfully.
File C:\WINDOWS\Tasks\nhljjris.job deleted successfully.
File C:\WINDOWS\Tasks\nid.job deleted successfully.
File C:\WINDOWS\Tasks\nisqurk.job deleted successfully.
File C:\WINDOWS\Tasks\nkclggw.job deleted successfully.
File C:\WINDOWS\Tasks\nkfgtrn.job deleted successfully.
File C:\WINDOWS\Tasks\nlx.job deleted successfully.
File C:\WINDOWS\Tasks\nlzvxdxg.job deleted successfully.
File C:\WINDOWS\Tasks\nodbyj.job deleted successfully.
File C:\WINDOWS\Tasks\nubngses.job deleted successfully.
File C:\WINDOWS\Tasks\nybwsk.job deleted successfully.
File C:\WINDOWS\Tasks\ocvmtl.job deleted successfully.
File C:\WINDOWS\Tasks\oedji.job deleted successfully.
File C:\WINDOWS\Tasks\ofl.job deleted successfully.
File C:\WINDOWS\Tasks\ogp.job deleted successfully.
File C:\WINDOWS\Tasks\ojtkljj.job deleted successfully.
File C:\WINDOWS\Tasks\ojv.job deleted successfully.
File C:\WINDOWS\Tasks\ollmb.job deleted successfully.
File C:\WINDOWS\Tasks\olnif.job deleted successfully.
File C:\WINDOWS\Tasks\oraujq.job deleted successfully.
File C:\WINDOWS\Tasks\paquhyfh.job deleted successfully.
File C:\WINDOWS\Tasks\pidxhfm.job deleted successfully.
File C:\WINDOWS\Tasks\pioqhk.job deleted successfully.
File C:\WINDOWS\Tasks\piyhylb.job deleted successfully.
File C:\WINDOWS\Tasks\pjzvgds.job deleted successfully.
File C:\WINDOWS\Tasks\pmscxep.job deleted successfully.
File C:\WINDOWS\Tasks\pncfwzxp.job deleted successfully.
File C:\WINDOWS\Tasks\pnnls.job deleted successfully.
File C:\WINDOWS\Tasks\prlndu.job deleted successfully.
File C:\WINDOWS\Tasks\prxmbw.job deleted successfully.
File C:\WINDOWS\Tasks\pumd.job deleted successfully.
File C:\WINDOWS\Tasks\pvevh.job deleted successfully.
File C:\WINDOWS\Tasks\pvnfqdb.job deleted successfully.
File C:\WINDOWS\Tasks\pzwvnodt.job deleted successfully.
File C:\WINDOWS\Tasks\qbijj.job deleted successfully.
File C:\WINDOWS\Tasks\qfqcdxw.job deleted successfully.
File C:\WINDOWS\Tasks\qgxybjk.job deleted successfully.
File C:\WINDOWS\Tasks\qgzplq.job deleted successfully.
File C:\WINDOWS\Tasks\qhgq.job deleted successfully.
File C:\WINDOWS\Tasks\qja.job deleted successfully.
File C:\WINDOWS\Tasks\qkjwfaj.job deleted successfully.
File C:\WINDOWS\Tasks\qkwop.job deleted successfully.
File C:\WINDOWS\Tasks\qlenwozo.job deleted successfully.
File C:\WINDOWS\Tasks\qmn.job deleted successfully.
File C:\WINDOWS\Tasks\qop.job deleted successfully.
File C:\WINDOWS\Tasks\qpcariud.job deleted successfully.
File C:\WINDOWS\Tasks\qpdtdc.job deleted successfully.
File C:\WINDOWS\Tasks\qpir.job deleted successfully.
File C:\WINDOWS\Tasks\qrwqelh.job deleted successfully.
File C:\WINDOWS\Tasks\qzie.job deleted successfully.
File C:\WINDOWS\Tasks\rcb.job deleted successfully.
File C:\WINDOWS\Tasks\rea.job deleted successfully.
File C:\WINDOWS\Tasks\rkaqdgm.job deleted successfully.
File C:\WINDOWS\Tasks\rniqcn.job deleted successfully.
File C:\WINDOWS\Tasks\rodxrze.job deleted successfully.
File C:\WINDOWS\Tasks\rpblxjgz.job deleted successfully.
File C:\WINDOWS\Tasks\rpd.job deleted successfully.
File C:\WINDOWS\Tasks\rtodm.job deleted successfully.
File C:\WINDOWS\Tasks\rtwkahp.job deleted successfully.
File C:\WINDOWS\Tasks\rvawsgr.job deleted successfully.
File C:\WINDOWS\Tasks\rvtoy.job deleted successfully.
File C:\WINDOWS\Tasks\rydhgfp.job deleted successfully.
File C:\WINDOWS\Tasks\ryxbshh.job deleted successfully.
File C:\WINDOWS\Tasks\rzxdej.job deleted successfully.
File C:\WINDOWS\Tasks\sadzgt.job deleted successfully.
File C:\WINDOWS\Tasks\sijwrgt.job deleted successfully.
File C:\WINDOWS\Tasks\smndfww.job deleted successfully.
File C:\WINDOWS\Tasks\stfqqnhj.job deleted successfully.
File C:\WINDOWS\Tasks\svpcntu.job deleted successfully.
File C:\WINDOWS\Tasks\swvmhc.job deleted successfully.
File C:\WINDOWS\Tasks\tab.job deleted successfully.
File C:\WINDOWS\Tasks\tahyvxyz.job deleted successfully.
File C:\WINDOWS\Tasks\tbzhzd.job deleted successfully.
File C:\WINDOWS\Tasks\tcoihf.job deleted successfully.
File C:\WINDOWS\Tasks\tfccoyo.job deleted successfully.
File C:\WINDOWS\Tasks\tkc.job deleted successfully.
File C:\WINDOWS\Tasks\tlayzfc.job deleted successfully.
File C:\WINDOWS\Tasks\tlbyg.job deleted successfully.
File C:\WINDOWS\Tasks\trffcv.job deleted successfully.
File C:\WINDOWS\Tasks\ttcawgy.job deleted successfully.
File C:\WINDOWS\Tasks\ttppml.job deleted successfully.
File C:\WINDOWS\Tasks\ttqkm.job deleted successfully.
File C:\WINDOWS\Tasks\tvbg.job deleted successfully.
File C:\WINDOWS\Tasks\tvbilsk.job deleted successfully.
File C:\WINDOWS\Tasks\twfpn.job deleted successfully.
File C:\WINDOWS\Tasks\twmmm.job deleted successfully.
File C:\WINDOWS\Tasks\uehb.job deleted successfully.
File C:\WINDOWS\Tasks\uehen.job deleted successfully.
File C:\WINDOWS\Tasks\ufuyzo.job deleted successfully.
File C:\WINDOWS\Tasks\ugqlhb.job deleted successfully.
File C:\WINDOWS\Tasks\uhsf.job deleted successfully.
File C:\WINDOWS\Tasks\ujllhlgw.job deleted successfully.
File C:\WINDOWS\Tasks\unx.job deleted successfully.
File C:\WINDOWS\Tasks\unxcgko.job deleted successfully.
File C:\WINDOWS\Tasks\unzzo.job deleted successfully.
File C:\WINDOWS\Tasks\uodqq.job deleted successfully.
File C:\WINDOWS\Tasks\uoxmuon.job deleted successfully.
File C:\WINDOWS\Tasks\uparpgpj.job deleted successfully.
File C:\WINDOWS\Tasks\uryfzdmd.job deleted successfully.
File C:\WINDOWS\Tasks\uscut.job deleted successfully.
File C:\WINDOWS\Tasks\usgp.job deleted successfully.
File C:\WINDOWS\Tasks\uuoqtt.job deleted successfully.
File C:\WINDOWS\Tasks\uwkmmz.job deleted successfully.
File C:\WINDOWS\Tasks\uwsgn.job deleted successfully.
File C:\WINDOWS\Tasks\uzqjyr.job deleted successfully.
File C:\WINDOWS\Tasks\vcmc.job deleted successfully.
File C:\WINDOWS\Tasks\vcndqscu.job deleted successfully.
File C:\WINDOWS\Tasks\vgwue.job deleted successfully.
File C:\WINDOWS\Tasks\vhlwu.job deleted successfully.
File C:\WINDOWS\Tasks\viwega.job deleted successfully.
File C:\WINDOWS\Tasks\vleqjd.job deleted successfully.
File C:\WINDOWS\Tasks\vqnhdiv.job deleted successfully.
File C:\WINDOWS\Tasks\vxj.job deleted successfully.
File C:\WINDOWS\Tasks\vzj.job deleted successfully.
File C:\WINDOWS\Tasks\wdzd.job deleted successfully.
File C:\WINDOWS\Tasks\weqf.job deleted successfully.
File C:\WINDOWS\Tasks\whvq.job deleted successfully.
File C:\WINDOWS\Tasks\wjkfoxm.job deleted successfully.
File C:\WINDOWS\Tasks\wkebcepk.job deleted successfully.
File C:\WINDOWS\Tasks\wnhrd.job deleted successfully.
File C:\WINDOWS\Tasks\wpare.job deleted successfully.
File C:\WINDOWS\Tasks\wvu.job deleted successfully.
File C:\WINDOWS\Tasks\wyxuqil.job deleted successfully.
File C:\WINDOWS\Tasks\wyzh.job deleted successfully.
File C:\WINDOWS\Tasks\xbdvaib.job deleted successfully.
File C:\WINDOWS\Tasks\xbie.job deleted successfully.
File C:\WINDOWS\Tasks\xciy.job deleted successfully.
File C:\WINDOWS\Tasks\xji.job deleted successfully.
File C:\WINDOWS\Tasks\xjj.job deleted successfully.
File C:\WINDOWS\Tasks\xrnps.job deleted successfully.
File C:\WINDOWS\Tasks\xsflovpv.job deleted successfully.
File C:\WINDOWS\Tasks\xskjcpy.job deleted successfully.
File C:\WINDOWS\Tasks\xteyqxjv.job deleted successfully.
File C:\WINDOWS\Tasks\xwom.job deleted successfully.
File C:\WINDOWS\Tasks\xwv.job deleted successfully.
File C:\WINDOWS\Tasks\xxggx.job deleted successfully.
File C:\WINDOWS\Tasks\xydz.job deleted successfully.
File C:\WINDOWS\Tasks\yammrt.job deleted successfully.
File C:\WINDOWS\Tasks\ybukqra.job deleted successfully.
File C:\WINDOWS\Tasks\yclq.job deleted successfully.
File C:\WINDOWS\Tasks\yecxsv.job deleted successfully.
File C:\WINDOWS\Tasks\ygdsgcu.job deleted successfully.
File C:\WINDOWS\Tasks\ygegn.job deleted successfully.
File C:\WINDOWS\Tasks\ygmug.job deleted successfully.
File C:\WINDOWS\Tasks\yhvrap.job deleted successfully.
File C:\WINDOWS\Tasks\yicwcr.job deleted successfully.
File C:\WINDOWS\Tasks\ymb.job deleted successfully.
File C:\WINDOWS\Tasks\yvwdr.job deleted successfully.
File C:\WINDOWS\Tasks\ywkiz.job deleted successfully.
File C:\WINDOWS\Tasks\yyjzure.job deleted successfully.
File C:\WINDOWS\Tasks\yznukdcl.job deleted successfully.
File C:\WINDOWS\Tasks\zbduju.job deleted successfully.
File C:\WINDOWS\Tasks\zhuoz.job deleted successfully.
File C:\WINDOWS\Tasks\zikzdd.job deleted successfully.
File C:\WINDOWS\Tasks\ziu.job deleted successfully.
File C:\WINDOWS\Tasks\zixd.job deleted successfully.
File C:\WINDOWS\Tasks\zjzfln.job deleted successfully.
File C:\WINDOWS\Tasks\zlxmsiz.job deleted successfully.
File C:\WINDOWS\Tasks\znkpvqs.job deleted successfully.
File C:\WINDOWS\Tasks\zpalhhm.job deleted successfully.
File C:\WINDOWS\Tasks\zsdzg.job deleted successfully.
File C:\WINDOWS\Tasks\ztuzc.job deleted successfully.
File C:\WINDOWS\Tasks\zubj.job deleted successfully.
File C:\WINDOWS\Tasks\zvzhl.job deleted successfully.
File C:\WINDOWS\Tasks\zxmxciye.job deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|svclsnlf deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
log hjt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\Utente\Desktop\ECCE14A.exe" -scan
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: StopDialers4.lnk = C:\Programmi\StopDialers4\stopdialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polpettina89.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blynd88.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O22 - SharedTaskScheduler: {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - cholecyst - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FILECO~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 5629 bytes
link
log.html
grazie |
|
| Top |
|
|
Ricky
Mortale devoto
Registrato: 18/01/08 19:28
Messaggi: 12
|
| Inviato: 27 Gen 2008 22:01 Oggetto: |
|
|
bdoriano non abbandonarmi! 
sei la mia unica speranza  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 29 Gen 2008 11:10 Oggetto: |
|
|
Il log di Kaspersky evidenzia mIRC come programma "pericoloso" e un paio di voci nella quarantena di Norton.
Hijackthis sembra pulito.
Riscontri ancora problemi?
Per sicurezza:
- Scarica FixWareOut da uno di questi siti:
Sito 1
Sito 2
Sito 3
- Salvalo sul desktop
- Avvialo
- Clicca Next
- Clicca Install
- Assicurati che ci sia il segno di spunta su "Run fixit"
- Clicca Finish.
- Segui le indicazioni.
- Ti chiederà di riavviare il pc, fallo.
- Ci metterà parecchio a riavviarsi. Sii paziente.
- Alla fine dell'operazione, riavvia ancora il pc.
- Rifai il log di hijackthis e postalo insieme al file C:\fixwareout\report.txt
Ri-segui le istruzioni di questo topic per postare il log di combofix. |
|
| Top |
|
|
Ricky
Mortale devoto
Registrato: 18/01/08 19:28
Messaggi: 12
|
| Inviato: 29 Gen 2008 12:43 Oggetto: |
|
|
graziee!
log fixwareout
Username "Utente" - 2008-01-29 11:28:25 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
Svuotata la cache del resolver DNS.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SoundMan"="SOUNDMAN.EXE"
"UnlockerAssistant"="\"C:\\Programmi\\Unlocker\\UnlockerAssistant.exe\""
"QuickTime Task"="\"C:\\Programmi\\QuickTime\\qttask.exe\" -atboottime"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Programmi\\File comuni\\Real\\Update_OB\\realsched.exe\" -osboot"
"Motive SmartBridge"="C:\\PROGRA~1\\ALICET~1\\SMARTB~1\\MotiveSB.exe"
"avgnt"="\"C:\\Programmi\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"PrevxRootkitRemovalTool"="\"C:\\Documents and Settings\\Utente\\Desktop\\ECCE14A.exe\" -scan"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\\Programmi\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Programmi\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"CTSyncU.exe"="\"C:\\Programmi\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
log HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36, on 2008-01-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\Utente\Desktop\ECCE14A.exe" -scan
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: StopDialers4.lnk = C:\Programmi\StopDialers4\stopdialers.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polpettina89.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blynd88.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O22 - SharedTaskScheduler: {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - cholecyst - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FILECO~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe |
|
| Top |
|
|
Ricky
Mortale devoto
Registrato: 18/01/08 19:28
Messaggi: 12
|
| Inviato: 29 Gen 2008 12:47 Oggetto: |
|
|
ComboFix 08-01-23.2 - Utente 2008-01-29 11:38:10.2 - NTFSx86
edit by bdoriano: log eliminato perché incompleto. I logs vanno caricati su FreeFileHosting come indicato qui. |
|
| Top |
|
|
Ricky
Mortale devoto
Registrato: 18/01/08 19:28
Messaggi: 12
|
| Inviato: 29 Gen 2008 12:51 Oggetto: |
|
|
| ok scusa provvedo |
|
| Top |
|
|
Ricky
Mortale devoto
Registrato: 18/01/08 19:28
Messaggi: 12
|
| Inviato: 29 Gen 2008 12:55 Oggetto: |
 |
|
fatto!
log28.txt |
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
