Luke....
ho fatto la scansione con
bit difender questo è il risultato
BitDefender Online Scanner
Scan report generated at: Mon, Aug 14, 2006 - 15:28:52
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:56:56
Files
371167
Folders
5885
Boot Sectors
2
Archives
7324
Packed Files
33285
Results
Identified Viruses
4
Infected Files
8
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
7
Engines Info
Virus Definitions
444449
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
39
Unpack plugins
5
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\system32\bios.rom
Infected with: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\system32\bios.rom
Deleted
C:\WINDOWS\hosts
Infected with: Trojan.Qhosts.HE
C:\WINDOWS\hosts
Disinfection failed
C:\WINDOWS\hosts
Delete failed
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\7HIJB3VW\idlkqaakm[1].txt
Infected with: Trojan.Qhosts.HE
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\7HIJB3VW\idlkqaakm[1].txt
Deleted
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\7HIJB3VW\qygseikhki[1].htm
Infected with: Trojan.SpySheriff.C
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\7HIJB3VW\qygseikhki[1].htm
Disinfection failed
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\7HIJB3VW\qygseikhki[1].htm
Deleted
C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filFCF9FC64.dat=>(gzip)
Infected with: Trojan.PWS.Sinowal.F
C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filFCF9FC64.dat=>(gzip)
Disinfection failed
C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filFCF9FC64.dat=>(gzip)
Deleted
C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filFCF9FC64.dat
Update failed
C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filDE064F29.dat=>(gzip)
Infected with: Trojan.PWS.Sinowal.F
C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filDE064F29.dat=>(gzip)
Disinfection failed
C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filDE064F29.dat=>(gzip)
Deleted
C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filDE064F29.dat
Update failed
C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filA52557D1.dat=>(gzip)
Infected with: Trojan.PWS.Sinowal.F
C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filA52557D1.dat=>(gzip)
Disinfection failed
C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filA52557D1.dat=>(gzip)
Deleted
C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filA52557D1.dat
Update failed
C:\Program Files\secure32.html
Infected with: Trojan.SpySheriff.C
C:\Program Files\secure32.html
Disinfection failed
C:\Program Files\secure32.html
Deleted
_______
poi ho disistallato il Linkoptimezer con il programma che mi hai detto unistaller, ho controllato in pannelo di controlo non c'è più.
_____
poi ho usato gmer questo è il log del Rootkit
GMER 1.0.10.10122 -
http://www.gmer.net
Rootkit 2006-08-14 15:52:12
Windows 5.1.2600 Service Pack 1
---- System - GMER 1.0.10 ----
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwCreateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwOpenKey
SSDT \??\C:\Programmi\ewido anti-malware\guard.sys ZwOpenProcess
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwSetValueKey
SSDT \??\C:\WINDOWS\System32\DRIVERS\PavProc.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\System32\DRIVERS\PavProc.sys ZwTerminateThread
SSDT \??\C:\WINDOWS\System32\PavSRK.sys ZwWriteVirtualMemory
---- Devices - GMER 1.0.10 ----
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE [F9D4A7D2] ShldDrv.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA [F9D4AB9A] ShldDrv.SYS
Device \Driver\Modem \Device\00000062 IRP_MJ_QUERY_INFORMATION [F9F399D4] COMFiltr.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F9D4A7D2] ShldDrv.SYS
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F9D4AB9A] ShldDrv.SYS
---- Processes - GMER 1.0.10 ----
Library C:\WINDOWS\xlixg1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [1048] 0x021B0000 <-- ROOTKIT !!!
Library C:\WINDOWS\xlixg1.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1520] 0x01E00000 <-- ROOTKIT !!!
---- Files - GMER 1.0.10 ----
File C:\WINDOWS\system32\com2.szq
File C:\WINDOWS\xlixg1.dll
---- EOF - GMER 1.0.10 ----
________
questo invece il log dell' Autostart
GMER 1.0.10.10122 -
http://www.gmer.net
Autostart 2006-08-14 15:57:24
Windows 5.1.2600 Service Pack 1
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr@DLLName = avldr.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\System32\com2.szq
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ewido security suite control /*ewido security suite control*/@ = C:\Programmi\ewido anti-malware\ewidoctrl.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
NVSvc /*NVIDIA Driver Helper Service*/@ = %SystemRoot%\System32\nvsvc32.exe
PAVFNSVR /*Panda Function Service*/@ = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe"
PavPrSrv /*Panda Process Protection Service*/@ = "C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe"
PAVSRV /*Panda anti-virus service*/@ = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe"
PNMSRV /*Panda Network Manager*/@ = "c:\programmi\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE"
PSIMSVC /*Panda IManager Service*/@ = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
TPSrv /*Panda TPSrv*/@ = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe"
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
WebJao /*WebJao*/@ = "\\?\C:\Programmi\File comuni\System\lpt4.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@LWBMOUSEC:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE = C:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
@MediaKeyC:\PROGRA~1\MediaKey\MediaKey.EXE = C:\PROGRA~1\MediaKey\MediaKey.EXE
@DSLSTATEXEC:\Program Files\Libero\Adsl\dslstat.exe icon /*file not found*/ = C:\Program Files\Libero\Adsl\dslstat.exe icon /*file not found*/
@DSLAGENTEXEC:\Program Files\Libero\Adsl\dslagent.exe = C:\Program Files\Libero\Adsl\dslagent.exe
@APVXDWIN"C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@LogitechVideoTrayC:\Programmi\Logitech\Video\LogiTray.exe = C:\Programmi\Logitech\Video\LogiTray.exe
@LogitechVideoRepairC:\Programmi\Logitech\Video\ISStart.exe = C:\Programmi\Logitech\Video\ISStart.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run@LogitechSoftwareUpdate = C:\Programmi\Logitech\Video\ManifestEngine.exe boot
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{54D9498B-CF93-414F-8984-8CE7FDE0D391} = C:\Programmi\ewido anti-malware\shellhook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{A4DF5659-0801-4A60-9607-1C48695EFDA9} /*Cartella di caricamento Share-to-Web*/C:\Programmi\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL = C:\Programmi\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} /*Immagini Logitech*/C:\Programmi\Logitech\Video\Namespc2.dll = C:\Programmi\Logitech\Video\Namespc2.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{65756541-C65C-11CD-0000-4B656E696100} /*Panda Antivirus*/C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
ewido@{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programmi\ewido anti-malware\context.dll
IMMenuShellExt@{F8984111-38B6-11D5-8725-0050DA2761C4} = C:\Programmi\IncrediMail\bin\IMShExt.dll
Panda Antivirus@{65756541-C65C-11CD-0000-4B656E696100} = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ewido@{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programmi\ewido anti-malware\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Panda Antivirus@{65756541-C65C-11CD-0000-4B656E696100} = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{79D5FD0B-EDC6-268C-D5B0-84099F83436C}C:\WINDOWS\xlixg1.dll = C:\WINDOWS\xlixg1.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr
HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.spop@Location = C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URL =
@Start
Pagehttp://www.msn.com =
http://www.msn.com
@Local Page =
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URL =
@Start
Pagehttp://liberomail.libero.it/ =
http://liberomail.libero.it/
@Local Page =
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\System32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll
000000000002@PackedCatalogItem = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll
000000000003@PackedCatalogItem = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Microsoft Office.lnk = Microsoft Office.lnk
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
NkbMonitor.exe.lnk = NkbMonitor.exe.lnk
officejet 6100.lnk = officejet 6100.lnk
hp psc 2000 Series.lnk = hp psc 2000 Series.lnk
---- EOF - GMER 1.0.10 ----
_______
infine ti aggiungo il nuovo logfile con HijachThis, dimmi se devo spulciare qualche voce.
Logfile of HijackThis v1.99.1
Scan saved at 15.58.30, on 14/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
c:\programmi\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\PROGRA~1\MediaKey\MediaKey.EXE
C:\Program Files\Libero\Adsl\dslstat.exe
C:\Program Files\Libero\Adsl\dslagent.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\giulia\Documenti\gmer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\giulia\Documenti\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://liberomail.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {79D5FD0B-EDC6-268C-D5B0-84099F83436C} - C:\WINDOWS\xlixg1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MediaKey.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Libero\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v ... 0424360437
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://213.82.168.210:8001/activex/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZI ... b31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) -
http://eu.download.games.yahoo.com/zylo ... loader.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) -
http://acs.pandasoftware.com/activescan ... roinst.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F49BFC6B-F2C0-4592-B0BF-3C82F332C2B2} (TwoWeb2.WebTwo2) -
http://www.ilmiodomani.com/cab/TwoWeb2_oro.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{366866F6-4D08-468B-95B0-7151324D661D}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\programmi\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WebJao - Unknown owner - \\?\C:\Programmi\File comuni\System\lpt4.exe (file missing)
Registrazione
mi appare in installazioni aplicazioni LInkOptimizer
