Condividi:        

Problemi dialer?? con XP Home Edition

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Problemi dialer?? con XP Home Edition

Postdi ocnarf60 » 03/03/05 18:31

Mi trovo a dover ripulire un pc con S.O. XP Home sp2 completamente aggiornato. Ho utilizzato i seguenti programmi: McAfee 7.1.0, Ad-Aware, SpyBot, tutti aggiornati, (In modalità provvisoria nessuno di questi programmi rileva oggetti nocivi) con i seguenti risultati:

McAfee: nessun file infetto
---
Ad_Aware: due oggetti "istbar" di categoria Malware

S-1-5-21-854245398-1326574676-682003330-1004\software\ist
S-1-5-21-854245398-1326574676-682003330-1004\software\ist "Recover"


---
spybot: due oggetti "DSO exploit" e "DyFuCA"

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-21-854245398-1326574676-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DyFuCA: Impostazioni (Chiave di registro, nothing done)
HKEY_USERS\S-1-5-21-854245398-1326574676-682003330-1004\Software\IST


CHIEDO SCUSA PER LA LUNGHEZZA DEL MESSAGGIO E RINGRAZIO PER L'ATTENZIONE

Ciao
Franco

----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
Di seguito i log di Ad-Aware e SpyBot e HijackThis v1.99.1

Ad-Aware SE Build 1.05
Logfile Created on:giovedì 3 marzo 2005 16.40.28
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R28 16.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
istbar(TAC index:6):2 total references
MRU List(TAC index:0):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


03-03-2005 16.40.28 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1326574676-682003330-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-854245398-1326574676-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-854245398-1326574676-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-854245398-1326574676-682003330-1004\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 476
ThreadCreationTime : 03-03-2005 15.38.19
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 532
ThreadCreationTime : 03-03-2005 15.38.20
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 03-03-2005 15.38.22
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 03-03-2005 15.38.22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applicazione Servizi e Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 612
ThreadCreationTime : 03-03-2005 15.38.22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 03-03-2005 15.38.23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 836
ThreadCreationTime : 03-03-2005 15.38.23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 900
ThreadCreationTime : 03-03-2005 15.38.23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 948
ThreadCreationTime : 03-03-2005 15.38.23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1048
ThreadCreationTime : 03-03-2005 15.38.23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1356
ThreadCreationTime : 03-03-2005 15.38.24
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1396
ThreadCreationTime : 03-03-2005 15.38.24
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1408
ThreadCreationTime : 03-03-2005 15.38.24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [avgserv.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG6\
ProcessID : 1620
ThreadCreationTime : 03-03-2005 15.38.27
BasePriority : Normal
FileVersion : 6.0.1.9
ProductVersion : 6.0.1.9
ProductName : AVG6
CompanyName : GRISOFT(c) SOFTWARE s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
LegalCopyright : Copyright (c) GRISOFT(c) SOFTWARE 1998-2001
OriginalFilename : AvgServ

#:15 [frameworkservice.exe]
FilePath : C:\Programmi\Network Associates\Common Framework\
ProcessID : 1708
ThreadCreationTime : 03-03-2005 15.38.28
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:16 [mcshield.exe]
FilePath : C:\Programmi\Network Associates\VirusScan\
ProcessID : 1816
ThreadCreationTime : 03-03-2005 15.38.28
BasePriority : High


#:17 [vstskmgr.exe]
FilePath : C:\Programmi\Network Associates\VirusScan\
ProcessID : 1852
ThreadCreationTime : 03-03-2005 15.38.28
BasePriority : Normal


#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1900
ThreadCreationTime : 03-03-2005 15.38.29
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Esplora risorse
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : EXPLORER.EXE

#:19 [naprdmgr.exe]
FilePath : C:\PROGRA~1\NETWOR~1\COMMON~1\
ProcessID : 1908
ThreadCreationTime : 03-03-2005 15.38.29
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe

#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2036
ThreadCreationTime : 03-03-2005 15.38.30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 420
ThreadCreationTime : 03-03-2005 15.38.31
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aggiornamenti automatici
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : wuauclt.exe

#:22 [khooker.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 892
ThreadCreationTime : 03-03-2005 15.38.33
BasePriority : Normal
FileVersion : 0.0.0.2098
ProductVersion : 0.0.0.2098
ProductName : SIS (R) Compatible Super VGA keyboard daemon for Windows 2000/XP
CompanyName : Silicon Integrated Systems Corporation
FileDescription : SiS Compatible Super VGA Keyboard Daemon
InternalName : KHOOKER 2.09j.03
LegalCopyright : Copyright (C) Silicon Integrated Systems Corp. 1998-2002
OriginalFilename : KHOOKER.EXE
Comments : SiS Compatible Super VGA Keyboard Daemon

#:23 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1020
ThreadCreationTime : 03-03-2005 15.38.34
BasePriority : Normal
FileVersion : 5.0.18
ProductVersion : 5.0.18
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:24 [syntplpr.exe]
FilePath : C:\Programmi\Synaptics\SynTP\
ProcessID : 1056
ThreadCreationTime : 03-03-2005 15.38.34
BasePriority : Normal
FileVersion : 7.2.10 09Jan03
ProductVersion : 7.2.10 09Jan03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe

#:25 [syntpenh.exe]
FilePath : C:\Programmi\Synaptics\SynTP\
ProcessID : 1144
ThreadCreationTime : 03-03-2005 15.38.34
BasePriority : Normal
FileVersion : 7.2.10 09Jan03
ProductVersion : 7.2.10 09Jan03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe

#:26 [pctspk.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1168
ThreadCreationTime : 03-03-2005 15.38.34
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : pctvoice Application
FileDescription : pctvoice MFC Application
InternalName : pctvoice
LegalCopyright : Copyright (C) 2001
OriginalFilename : pctvoice.EXE

#:27 [avgcc32.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG6\
ProcessID : 1200
ThreadCreationTime : 03-03-2005 15.38.34
BasePriority : Normal
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
LegalCopyright : Copyright © 2003 GRISOFT s.r.o.
OriginalFilename : AvgCC32.EXE

#:28 [vvkrchu.exe]
FilePath : C:\WINDOWS\
ProcessID : 1124
ThreadCreationTime : 03-03-2005 15.38.35
BasePriority : Normal


#:29 [asnslf.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1524
ThreadCreationTime : 03-03-2005 15.38.35
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : version Application
FileDescription : version MFC Application
InternalName : version
LegalCopyright : Copyright (C) 2003
OriginalFilename : version.EXE

#:30 [lxbkbmgr.exe]
FilePath : C:\Programmi\Lexmark X1100 Series\
ProcessID : 1580
ThreadCreationTime : 03-03-2005 15.38.35
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Manager
InternalName : lxbkbmgr.exe
LegalCopyright : (C) 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmgr.exe

#:31 [acfrys.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1552
ThreadCreationTime : 03-03-2005 15.38.35
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Redirect Application
FileDescription : Redirect MFC Application
InternalName : Redirect
LegalCopyright : Copyright (C) 2003
OriginalFilename : Redirect.EXE

#:32 [shstat.exe]
FilePath : C:\Programmi\Network Associates\VirusScan\
ProcessID : 1604
ThreadCreationTime : 03-03-2005 15.38.35
BasePriority : Normal


#:33 [lxbkbmon.exe]
FilePath : C:\Programmi\Lexmark X1100 Series\
ProcessID : 1656
ThreadCreationTime : 03-03-2005 15.38.35
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Monitor
InternalName : lxbkbmon.exe
LegalCopyright : (C) 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmon.exe

#:34 [updaterui.exe]
FilePath : C:\Programmi\Network Associates\Common Framework\
ProcessID : 1720
ThreadCreationTime : 03-03-2005 15.38.35
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:35 [msmsgs.exe]
FilePath : C:\Programmi\Messenger\
ProcessID : 2028
ThreadCreationTime : 03-03-2005 15.38.36
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:36 [wincinemamgr.exe]
FilePath : C:\Programmi\InterVideo\Common\Bin\
ProcessID : 2184
ThreadCreationTime : 03-03-2005 15.38.38
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1, 0, 0, 1
ProductName : WinCinema Manager for InterVideo WinCinema products
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright (C) 2000 InterVideo Inc.
OriginalFilename : WinCinemaMgr.EXE

#:37 [soffice.exe]
FilePath : C:\Programmi\OpenOffice.org1.1.0\program\
ProcessID : 2344
ThreadCreationTime : 03-03-2005 15.38.39
BasePriority : Normal
FileVersion : 6.00.8679
ProductVersion : 6.00.8679
CompanyName : OpenOffice.org
FileDescription : OpenOffice.org 1.1.0
InternalName : SOFFICE
LegalCopyright : Copyright © 2000 by Sun Microsystems, Inc.
OriginalFilename : SOFFICE.EXE

#:38 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2536
ThreadCreationTime : 03-03-2005 15.38.40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:39 [ad-aware.exe]
FilePath : C:\Programmi\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2124
ThreadCreationTime : 03-03-2005 15.40.15
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-1326574676-682003330-1004\software\ist

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-1326574676-682003330-1004\software\ist
Value : Recover

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 6


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 6




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6

16.46.00 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00.05.31.453
Objects scanned:73254
Objects identified:2
Objects ignored:0
New critical objects:2

----------------------------------------------------------------------------------
Spybot - Search && Destroy version: 1.3

--- Search result list ---
DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-21-854245398-1326574676-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DyFuCA: Impostazioni (Chiave di registro, nothing done)
HKEY_USERS\S-1-5-21-854245398-1326574676-682003330-1004\Software\IST


--- Spybot - Search && Destroy version: 1.3 ---
2004-07-09 Includes\Cookies.sbi
2004-07-09 Includes\Dialer.sbi
2004-07-09 Includes\Hijackers.sbi
2004-07-09 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-07-09 Includes\Malware.sbi
2003-04-28 Includes\plugin-ignore.ini
2004-05-12 Includes\Revision.sbi
2004-07-02 Includes\Security.sbi
2004-07-09 Includes\Spybots.sbi
2004-07-09 Includes\Tracks.uti
2004-07-09 Includes\Trojans.sbi


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Security Update for Microsoft Data Access Components
/ Windows Media Player: Aggiornamento rapido di Windows Media Player [Per ulteriori informazioni vedere Q828026]
/ Windows Media Player / SP0: Aggiornamento rapido di Windows Media Player [Per ulteriori informazioni vedere Q828026]
/ Windows Media Player: Windows Media Update 817787
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB834707
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB867282
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB873333
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB873339
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB885250
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB885835
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB885836
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB886185
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB887472
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB887742
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB888113
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB888302
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB890047
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB890175
/ Windows XP / SP3: Aggiornamento rapido per Windows XP - KB891781


--- Startup entries list ---
Located: HK_LM:Run, AVG_CC
command: C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
size: 345661
MD5: a21829ad1ff2db8b77f3d6e42d76b9e1

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 472632fe4c2577cd4dcab43e6c38130e

Located: HK_LM:Run, Lexmark X1100 Series
command: "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
file: C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
size: 57344
MD5: c8d789540712d748ff4da473913255d7

Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
file: C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
size: 135251
MD5: a5123363892c9fd682dcac6b450a991c

Located: HK_LM:Run, PCTVOICE
command: pctspk.exe
file: C:\WINDOWS\system32\pctspk.exe
size: 176128
MD5: fe0e8dd4e6d0409678e47a578c674186

Located: HK_LM:Run, secure
command: C:\WINDOWS\system32\Acfrys.exe
file: C:\WINDOWS\system32\Acfrys.exe
size: 176128
MD5: 69efd0148c914b38f84a469db0ab975f

Located: HK_LM:Run, ShStatEXE
command: "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
file: C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
size: 81990
MD5: f0814bd93969e2283a240ad4c6a04843

Located: HK_LM:Run, SiS KHooker
command: C:\WINDOWS\System32\khooker.exe
file: C:\WINDOWS\System32\khooker.exe
size: 290816
MD5: 72be43d079aa46a7c8eb1f0e114df3b0

Located: HK_LM:Run, SiSUSBRG
command: C:\WINDOWS\SiSUSBrg.exe
file: C:\WINDOWS\SiSUSBrg.exe
size: 106496
MD5: eccdcf23cd86f033274306790a4e23e3

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 47104
MD5: 064809a57ff62924dd19ce212e00ce4d

Located: HK_LM:Run, SynTPEnh
command: C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
file: C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
size: 581632
MD5: 5a3fe2f813e8a879b3d193b99718ec68

Located: HK_LM:Run, SynTPLpr
command: C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
file: C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
size: 126976
MD5: 018d4fadd73655b6cf0913051e894b30

Located: HK_LM:Run, tm7QCcX
command: C:\WINDOWS\vvkrchu.exe
file: C:\WINDOWS\vvkrchu.exe
size: -
MD5: d41d8cd98f00b204e9800998ecf8427e

Located: HK_LM:Run, version
command: C:\WINDOWS\system32\Asnslf.exe
file: C:\WINDOWS\system32\Asnslf.exe
size: 36864
MD5: 9a1f3cf70a56a527669d93cf7cd4b531

Located: HK_CU:Run, Cleaner
command: msn.exe

Located: HK_CU:Run, lsass2k Update
command: lsass2k.exe

Located: HK_CU:Run, Microsoft Update
command: wuampd.exe

Located: HK_CU:Run, MSMSGS
command: "C:\Programmi\Messenger\msmsgs.exe" /background
file: C:\Programmi\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: Esecuzione automatica (comune), InterVideo WinCinema Manager.lnk
command: C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
file: C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 106496
MD5: b79d5c8ab814fae9a6e5b76eb272025c

Located: Esecuzione automatica (utente), OpenOffice.org 1.1.0.lnk
command: C:\Programmi\OpenOffice.org1.1.0\program\quickstart.exe
file: C:\Programmi\OpenOffice.org1.1.0\program\quickstart.exe
size: 61440
MD5: 915c1968c59d0fcad6a716aa6c90264a



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: ACROIEHELPER.OCX
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 0.47.54
Date (last access): 03/03/2005 16.38.24
Date (last write): 15/05/2003 0.47.54
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 0.6.0.0

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12/05/2004 1.03.00
Date (last access): 03/03/2005 16.38.24
Date (last write): 12/05/2004 1.03.00
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3



--- ActiveX list ---
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 09/06/2004 15.59.26
Date (last access): 03/03/2005 15.16.34
Date (last write): 09/06/2004 15.59.26
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 0.7.0.0



--- Process list ---
Spybot - Search && Destroy process list report, 03/03/2005 17.04.10

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 188 (1900) C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
PID: 476 ( 4) \SystemRoot\System32\smss.exe
PID: 532 ( 476) csrss.exe
PID: 556 ( 476) \??\C:\WINDOWS\system32\winlogon.exe
PID: 600 ( 556) C:\WINDOWS\system32\services.exe
PID: 612 ( 556) C:\WINDOWS\system32\lsass.exe
PID: 760 ( 600) C:\WINDOWS\system32\svchost.exe
PID: 836 ( 600) svchost.exe
PID: 892 (1900) C:\WINDOWS\System32\khooker.exe
PID: 900 ( 600) C:\WINDOWS\System32\svchost.exe
PID: 948 ( 600) svchost.exe
PID: 1020 (1900) C:\WINDOWS\SOUNDMAN.EXE
PID: 1048 ( 600) svchost.exe
PID: 1056 (1900) C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
PID: 1124 (1900) C:\WINDOWS\vvkrchu.exe
PID: 1144 (1900) C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
PID: 1168 (1900) C:\WINDOWS\system32\pctspk.exe
PID: 1200 (1900) C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
PID: 1356 ( 600) C:\WINDOWS\system32\LEXBCES.EXE
PID: 1396 (1356) C:\WINDOWS\system32\LEXPPS.EXE
PID: 1408 ( 600) C:\WINDOWS\system32\spoolsv.exe
PID: 1524 (1900) C:\WINDOWS\system32\Asnslf.exe
PID: 1552 (1900) C:\WINDOWS\system32\Acfrys.exe
PID: 1580 (1900) C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
PID: 1604 (1900) C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
PID: 1620 ( 600) C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
PID: 1656 (1580) C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
PID: 1708 ( 600) C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
PID: 1720 (1900) C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
PID: 1816 ( 600) C:\Programmi\Network Associates\VirusScan\Mcshield.exe
PID: 1852 ( 600) C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
PID: 1900 (1764) C:\WINDOWS\Explorer.EXE
PID: 1908 ( 760) naPrdMgr.exe
PID: 2028 (1900) C:\Programmi\Messenger\msmsgs.exe
PID: 2036 ( 600) C:\WINDOWS\System32\svchost.exe
PID: 2184 (1900) C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
PID: 2344 (2240) C:\Programmi\OpenOffice.org1.1.0\program\soffice.exe
PID: 2536 ( 600) alg.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 03/03/2005 17.04.10

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]

Protocol 1: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FDA972BD-543E-4F82-9EAB-536F3F32F64D}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FDA972BD-543E-4F82-9EAB-536F3F32F64D}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{815D297B-AEC8-4C08-9023-92013598731F}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{815D297B-AEC8-4C08-9023-92013598731F}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{25B913AE-204C-4A20-93BB-E1DD6311B2FB}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{25B913AE-204C-4A20-93BB-E1DD6311B2FB}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1E54DEA2-5E21-42B6-A5B7-4F669A919BF4}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1E54DEA2-5E21-42B6-A5B7-4F669A919BF4}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF5DBDED-EA47-4166-8807-5A9485177FCF}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF5DBDED-EA47-4166-8807-5A9485177FCF}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A2382136-883A-4A97-A22E-256C05FEF36C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A2382136-883A-4A97-A22E-256C05FEF36C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F3EE330-113B-4E43-A7FE-1E6D8CAE0521}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F3EE330-113B-4E43-A7FE-1E6D8CAE0521}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Spazio dei nomi NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

----------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18.13.14, on 03/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\vvkrchu.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\Acfrys.exe
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\OpenOffice.org1.1.0\program\soffice.exe
C:\DOCUME~1\CACCIA~1\IMPOST~1\Temp\Directory temporanea 2 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [tm7QCcX] C:\WINDOWS\vvkrchu.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Asnslf.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Acfrys.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [lsass2k Update] lsass2k.exe
O4 - HKCU\..\Run: [Cleaner] msn.exe
O4 - HKCU\..\Run: [Microsoft Update] wuampd.exe
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Programmi\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: AVG6 Service (AvgServ) - GRISOFT(c) SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
ocnarf60
Newbie
 
Post: 5
Iscritto il: 17/11/04 16:05

Sponsor
 

Postdi LUPO21 » 03/03/05 19:29

Non servivano tutti log,bastava che dicessi cos segnalavano,comunque il log di HT mettilo qui e vedi:
http://hijackthis.de/index.php?langselect=italian
mi sembra che tu abbia una back door:
O4 - HKCU\..\Run: [Microsoft Update] wuampd.exe
eliminalo,e poi vedi alcuni processi sconosciuti che possono essere! Che connessione hai 56k? se è cosi i dialer li becchi ma non mi sembra che ce ne siano! ;)
LA VITA E' COME UNA PARTITA DI CALCIO: SI RICORDA CHI HA FATTO IL GOL NON CHI HA FATTO L'ASSIST!
LUPO21
Utente Senior
 
Post: 1145
Iscritto il: 03/01/05 17:45
Località: Castelli Romani


Torna a Sicurezza e Privacy


Topic correlati a "Problemi dialer?? con XP Home Edition":


Chi c’è in linea

Visitano il forum: Nessuno e 17 ospiti

cron