Condividi:        

Virus???

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Virus???

Postdi ghetuccia » 14/06/08 15:34

Ciao a tutti!il mio ps mi sta dando una serie d problemi...allora innanzitt è un vista premium...e già ho dt tt...xkè questi vista sn un disastro...cmq avveo un sacco d virus..e quindi ho scaricato AVG antivirus...ke adesso è letteralmente impazzito!!!! ogni volta ke provo ad aprire qlsiasi programma o file m da: impossibile accedere al dispositivo, al percorso o al file specificato. E' probabile che non si disponga delle autorizzazioni necessarie.
E poi m compare una finestra cn la scritta: ACCESSED FILE IS INFECTED
Threat detected!
Heal- MOve to vault-ignore
e dice ke ha trovato un win32....
X favore aiutatemi!!!!
ghetuccia
Newbie
 
Post: 4
Iscritto il: 14/06/08 10:35

Sponsor
 

Re: Virus???

Postdi dade25 » 14/06/08 16:33

Fai una scansione con Avg è metti qui il log così gli altri caèiscono meglio il problema e ti sanno aiutare
Avatar utente
dade25
Utente Senior
 
Post: 258
Iscritto il: 30/05/08 18:46
Località: Niella Tanaro

Re: Virus???

Postdi ghetuccia » 16/06/08 11:01

Ecco cosa compare dp la scansione:
Logfile of Spyware Terminator v2.2.1.433 (db:2.006.013.000)
Scan Time: 16/06/2008 10.41.39 length: 4504 s
Platform: VISTA (6.0.0.6000)
User: Admin
Boot Mode: Normal
Scan type: Full_Virus__Spyware_Scan
Scanned Objects: 152898 (Critical:23)
Filter: No System items, No Safe items, No Invalid items

Running Processes
SLsvc.exe [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe
BTNtService.exe : C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
DQLWinService.exe : C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
DTSRVC.exe : C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
IAANTmon.exe [Intel Corporation] : C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
LSSrvc.exe [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
rlservice.exe [RelevantKnowledge] : C:\Windows\system32\rlservice.exe
OSD.exe [OsdMaestro] : C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
IAAnotif.exe [Intel Corporation] : C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
RtHDVCpl.exe [Realtek Semiconductor] : C:\Windows\RtHDVCpl.exe
jureg.exe [Sun Microsystems, Inc.] : C:\Windows\system32\jureg.exe
hpwuSchd2.exe [Hewlett-Packard Co.] : C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
dthtml.exe [Portrait Displays, Inc] : C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
FixCamera.exe : C:\Windows\FixCamera.exe
vsnpstd3.exe : C:\Windows\vsnpstd3.exe
rundll32.exe [Microsoft Corporation] : C:\Windows\system32\rundll32.exe
sidebar.exe [Microsoft Corporation] : C:\Program Files\Windows Sidebar\sidebar.exe
btdna.exe [BitTorrent, Inc.] : C:\Program Files\DNA\btdna.exe
msnmsgr.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
flec006.exe : C:\Users\Aghy\AppData\Roaming\m\flec006.exe
wmpnscfg.exe [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnscfg.exe
EasyShare.exe [Eastman Kodak Company] : C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
SPUVolumeWatcher.exe [Sony Corporation] : C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
youtubeuploader.exe [YouTube, LLC] : C:\Users\Aghy\AppData\Local\YouTube\Uploader\youtubeuploader.exe
rundll32.exe [Microsoft Corporation] : C:\Windows\system32\rundll32.exe
NMIndexingService.exe [Nero AG] : C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
NMIndexStoreSvr.exe [Nero AG] : C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
HookManager.exe [Portrait Displays Inc.] : C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
wmpnetwk.exe [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnetwk.exe
HPHC_Service.exe [Hewlett-Packard] : C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
usnsvc.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\usnsvc.exe

Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60076
R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
02 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - [Google Inc.] : C:\Program Files\google\googletoolbar2.dll

Toolbars
03 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - [Google Inc.] : C:\Program Files\google\googletoolbar2.dll
03 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Sidebar : [Microsoft Corporation] : C:\Program Files\Windows Sidebar\sidebar.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, BitTorrent DNA : [BitTorrent, Inc.] : C:\Program Files\DNA\btdna.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MsnMsgr : [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WMPNSCFG : [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnscfg.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, KBD : : C:\HP\KBD\KbdStub.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, OsdMaestro : [OsdMaestro] : C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, IAAnotif : [Intel Corporation] : C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, RtHDVCpl : [Realtek Semiconductor] : C:\Windows\RtHDVCpl.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Health Check Scheduler : [Hewlett-Packard] : C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Adobe Reader Speed Launcher : [Adobe Systems Incorporated] : C:\Program Files\ADOBE\READER 8.0\READER\READER_SL.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SunJavaUpdateReg : [Sun Microsystems, Inc.] : C:\Windows\system32\jureg.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Software Update : [Hewlett-Packard Co.] : C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, DT HPW : [Portrait Displays, Inc] : C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, FixCamera : : C:\Windows\FixCamera.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, snpstd3 : : C:\Windows\vsnpstd3.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, GrooveMonitor : [Microsoft Corporation] : C:\Program Files\MICROSOFT OFFICE\OFFICE12\GROOVEMONITOR.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NeroFilterCheck : [Nero AG] : C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WEBACID : : C:\ProgramData\POPDEFYDEFY.K62OFF
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dog about manager team : : C:\ProgramData\GRID GREAT SCR.07X5AS9
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NvSvc : [NVIDIA Corporation] : C:\Windows\system32\NVSVC.DLL
04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute : [Crawler.com] : C:\ProgramData\Spyware Terminator\sp_rsdel.exe
04 - Startup: %STARTUP%\Utilità controllo supporti di Picture Motion Browser.lnk [Sony Corporation] : C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
04 - Startup: %STARTUP%\YouTube Uploader.lnk [YouTube, LLC] : C:\Users\Aghy\AppData\Local\YouTube\Uploader\youtubeuploader.exe
04 - Startup: %STARTUPALL%\Kodak EasyShare software.lnk [Eastman Kodak Company] : C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Shell Extensions
CLSID_PreviewMime - {92dbad9f-5025-49b0-9078-2d78f935e341} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CLSID_PreviewEmail - {b9815375-5d7f-4ce2-9245-c9d4da436930} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CLSID_PreviewHtml - {f8b8412b-dea3-4130-b36c-5e8be73106ac} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
Shell Message Handler - {5FA29220-36A1-40f9-89C6-F4B384B7642E} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CompressedFolder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Context Menu - {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder DropHandler - {ed9d80b9-d157-457b-9192-0e7280313bf0} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Windows Photo Gallery Viewer Video Verbs - {E598560B-28D5-46aa-A14A-8A3BEA34B576} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll
&Windows Media Player - {0a4286ea-e355-44fb-8086-af3df7645bd9} - [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpband.dll
- {BB6B2374-3D79-41DB-87F4-896C91846510} - [Microsoft Corporation] : C:\Windows\system32\emdmgmt.dll
Windows Photo Gallery Viewer Autoplay Handler - {9D687A4C-1404-41ef-A089-883B6FBECDE6} - [Microsoft Corporation] : C:\Windows\system32\rundll32.exe
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - [Microsoft Corporation] : C:\Windows\system32\audiodev.dll
PhotoAcqDropTarget - {00f20eb5-8fd6-4d9d-b75e-36801766c8f1} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoAcq.dll
Windows Photo Gallery Viewer Image Verbs - {FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll
Tablet PC Input Panel - {15D633E2-AD00-465b-9EC7-F56B7CDF8E27} - [Microsoft Corporation] : C:\Program Files\Common Files\microsoft shared\ink\TipBand.dll
Windows gadget DropTarget - {6b9228da-9c15-419e-856c-19e768a13bdc} - [Microsoft Corporation] : C:\Program Files\Windows Sidebar\sbdrop.dll
ShellViewRTF - {7F67036B-66F1-411A-AD85-759FB9C5B0DB} - [XSS] : C:\Windows\system32\ShellvRTF.dll
PDI GUI Engine COM Obj - {654D0431-C930-43C4-B8DA-9AA01BA5B486} - [Portrait Displays, Inc] : C:\Program Files\Common Files\Portrait Displays\Shared\HtmlEngine.dll
Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Folder Synchronization - {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove GFS Stub Icon Handler - {A449600E-1DC6-4232-B948-9BD794D62056} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove GFS Context Menu Handler - {6C467336-8281-4E60-8204-430CED96822D} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove XML Icon Handler - {387E725D-DC16-4D76-B310-2C93ED4752A0} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Microsoft Office OneNote Namespace Extension for Windows Desktop Search - {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\ONFILTER.DLL
Microsoft Office Metadata Handler - {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} - [Microsoft Corporation] : C:\Program Files\Common Files\microsoft shared\OFFICE12\msoshext.dll
Microsoft Office Thumbnail Handler - {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} - [Microsoft Corporation] : C:\Program Files\Common Files\microsoft shared\OFFICE12\msoshext.dll
Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
CLSID_WLMCMimeFilter - {0563DB41-F538-4B37-A92D-4659049B7766} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
NeroCoverEdLiveIcons Class - {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} - [Nero AG] : C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
NeroDigitalIconHandler Class - {B327765E-D724-4347-8B16-78AE18552FC3} - [Nero AG] : C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
NeroDigitalPropSheetHandler Class - {7F1CF152-04F8-453A-B34C-E609530A9DC8} - [Nero AG] : C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
- {06A2568A-CED6-4187-BB20-400B8C02BE5A} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Windows Live Photo Gallery Import Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll
Cartelle condivise - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
avast - {472083B0-C522-11CF-8763-00608CC02F24} - [ALWIL Software] : C:\Program Files\Alwil Software\Avast4\ashShell.dll

Shell Extecute Hooks
Groove GFS Stub Execution Hook - {{B5A7F190-DDA6-4420-B3BA-52453494E6CD}} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

Protocol Handler
Local Groove Web Services Protocol - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
MHTML Asynchronous Pluggable Protocol Handler - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
IEProtocolHandler Class - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - [Skype Technologies] : C:\Program Files\Common Files\Skype\Skype4COM.dll
Windows Live Mail HTML Asynchronous Pluggable Protocol Handler - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll

Services
23 - [ALWIL Software] : C:\Windows\system32\DRIVERS\aswFsBlk.sys
23 - [ALWIL Software] : C:\Windows\system32\DRIVERS\aswMonFlt.sys
23 - [GRISOFT, s.r.o.] : C:\Windows\system32\DRIVERS\AvgAsCln.sys
23 - [IVT Corporation] : C:\Windows\system32\DRIVERS\blueletaudio.sys
23 - : C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
23 - [IVT Corporation] : C:\Windows\system32\DRIVERS\btnetdrv.sys
23 - : C:\Windows\system32\DRIVERS\vbtenum.sys
23 - [IVT Corporation] : C:\Windows\system32\Drivers\BTHidMgr.sys
23 - : C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
23 - : C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
23 - [Intel Corporation] : C:\Windows\system32\DRIVERS\e100b325.sys
23 - [Hewlett-Packard] : C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
23 - [Intel Corporation] : C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
23 - [Intel Corporation] : C:\Windows\system32\drivers\iastor.sys
23 - [Realtek Semiconductor Corp.] : C:\Windows\system32\drivers\RTKVHDA.sys
23 - [Hewlett-Packard Company] : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23 - [Nero AG] : C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
23 - [NVIDIA Corporation] : C:\Windows\system32\DRIVERS\nvlddmkm.sys
23 - [Portrait Displays, Inc.] : C:\Windows\system32\Drivers\PdiPorts.sys
23 - [Hewlett-Packard Company] : C:\Windows\system32\DRIVERS\PS2.sys
23 - [Sonic Solutions] : C:\Windows\system32\Drivers\PxHelp20.sys
23 - [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe
23 - [Sonix Co. Ltd.] : C:\Windows\system32\DRIVERS\snpstd3.sys
23 - [Crawler.com] : C:\Windows\system32\drivers\sp_rsdrv2.sys
23 - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\usnsvc.exe
23 - [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnetwk.exe

Threat Files
<Trojan.Beegle-1> : C:\Users\Aghy\AppData\Roaming\m\flec006.exe
<SDBot.EMP> : C:\HP\KBD\KbdStub.EXE
<Trojan.SDBot.EMP> : C:\HP\KBD\KbdStub.EXE
<Email-Worm.Bagle.of> : C:\Windows\system32\wintems.exe
<Trojan.Downloader.Bagle.fg.2> : C:\Windows\system32\drivers\srosa.sys
<Trojan.Agent.NWA> : C:\Users\Aghy\AppData\Local\Temp\ovaD690.tmp
<Trojan.Agent.NWA> : C:\Users\Aghy\AppData\Local\Temp\gubCA41.tmp
<Trojan.Agent.NWA> : C:\Users\Aghy\AppData\Local\Temp\itdC754.tmp
<Trojan.Agent.NWA> : C:\Users\Aghy\AppData\Local\Temp\mtkC17C.tmp.ren
<Trojan.Click.Agent.afs> : C:\Users\Aghy\AppData\Local\Temp\NAV15.0.0.58\NAV\External\NORTON\symlctnk.dll
<Trojan.Click.Agent.afs> : C:\Users\Aghy\AppData\Local\Temp\NAV15.5.0.23\NAV\External\NORTON\symlctnk.dll
<Trojan.Click.Agent.afs> : C:\Users\Aghy\AppData\Local\Temp\NIS15.0.0.60\Setup\Setup\App\symlctnk.dll
<Trojan.Agent.NWA> : C:\Users\Aghy\AppData\Local\Temp\rna85B2.tmp.ren
<Trojan.Click.Agent.afs> : C:\Users\Aghy\AppData\Roaming\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\NAV\External\NORTON\symlctnk.dll
<Trojan.Click.Agent.afs> : C:\Users\Aghy\AppData\Roaming\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup\Setup\App\symlctnk.dll
<Trojan.Agent.NWA> : C:\Windows\Temp\gka693D.tmp
<Trojan.Agent.NWA> : C:\Windows\Temp\isaBA59.tmp
<Trojan.Agent.NWA> : C:\Windows\Temp\jpa9C5D.tmp.ren
<Trojan.Agent.NWA> : C:\Windows\Temp\msaB97E.tmp
<Trojan.Agent.NWA> : C:\Windows\Temp\nqaA784.tmp
<Trojan.Agent.NWA> : C:\Windows\Temp\tma79C0.tmp
<Trojan.Agent.NWA> : C:\Windows\Temp\yla75F9.tmp
<Trojan.Agent.NWA> : C:\Windows\Temp\ypa98F4.tmp.ren

Advanced Files Report
%WINDIR%\TEMP\jpa9C5D.tmp
%SYSDIR%\SLsvc.exe [Microsoft Corporation] [Sistema operativo Microsoft® Windows®] MD5=A1DCD30534835CB67733AD00175125A6 SIZE=2605568
%SYSDIR%\CNBLM3_2.DLL [CANON INC.] [Canon Inkjet Printer Driver] MD5=B511B56672169526847240CD4FA30AA3 SIZE=172544
%SYSDIR%\E_SL2346.DLL [SEIKO EPSON CORPORATION] [EPSON Bidirectional Printer] MD5=5B9D556A93A49CE03E3B905F5FDFC680 SIZE=61598
%SYSDIR%\spool\PRTPROCS\W32X86\CNBPP3.DLL [CANON INC.] [Canon Inkjet Printer Driver] MD5=CE859BBE55692678C20D99B68690F808 SIZE=70144
%PROGRAMFILES%\IVT Corporation\BlueSoleil\BTNtService.exe MD5=55F24E6EC983FCC7510293B05A27CEEC SIZE=110592
%COMMONFILES%\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [DQLWinSe Application] MD5=A0B584C33F55545D56F9E71FB4E203AC SIZE=208896
%COMMONFILES%\Intel\IntelDH\NMS\AdpPlugins\nmsmc.dll [Gteko Ltd.] [TODO: <Product name>] MD5=444913C1ED26EEAD3F84E11D47AE88AE SIZE=282624
%COMMONFILES%\Portrait Displays\Shared\DTSRVC.exe MD5=94E6CE3F9A0751C9B77EF94245067921 SIZE=73728
%PROGRAMFILES%\Intel\Intel Matrix Storage Manager\IAANTmon.exe [Intel Corporation] [RAID Monitor] MD5=9A4DC97E912C5EA375E2C69917946265 SIZE=355096
%PROGRAMFILES%\Intel\Intel Matrix Storage Manager\ISDI.dll [Intel Corporation] [Intel Storage Driver Interface Dynamic Lib] MD5=6FCA7D27097EE8AF07DF67EB045EA396 SIZE=258048
%PROGRAMFILES%\Intel\Intel Matrix Storage Manager\PlugInRAID_ITA.dll [Intel Corporation] [RAID Plug-in for Intel(R) Matrix Storage Console] MD5=A81B7868FCD9F1A41D715807DE67A858 SIZE=114688
%COMMONFILES%\LightScribe\LSSrvc.exe [Hewlett-Packard Company] [LightScribe] MD5=98D884ADC0B8C0FEBCC9D7BEE6D86F90 SIZE=79136
%COMMONFILES%\LightScribe\LSSProxy.dll [Hewlett-Packard Company] [LightScribe] MD5=CE8E4F91A4B0CF432D7CF6F083E20C1A SIZE=110592
%COMMONFILES%\LightScribe\LSLog.dll [Hewlett-Packard Company] [LightScribe] MD5=B9CE75B2385A39F3CE814019F90761FD SIZE=33280
%SYSDIR%\rlservice.exe [RelevantKnowledge] [RelevantKnowledge] MD5=2E6D585AF7C48D5E7A9162E7D6B2D90A SIZE=86016
%SYSDIR%\nvd3dum.dll [NVIDIA Corporation] [NVIDIA Windows Vista WDDM driver] MD5=A8DAC3FD9E6E5A2FD5666CD8C1B940AE SIZE=5263360
%TEMP%\rna85B2.tmp
%COMMONFILES%\Portrait Displays\Shared\dthook.dll MD5=FADEFB390846B3A5BE0BF4E8E53DEFEA SIZE=163840
%COMMONFILES%\Portrait Displays\Shared\PresetsCOM.dll MD5=F26CB98B91AFD7BE723C80909AE5F418 SIZE=102400
%PROGRAMFILES%\Intel\Intel Matrix Storage Manager\IAAMon_ITA.dll [Intel Corporation] [RAID Event Monitor] MD5=FCE3CEADC620BB3A267103671151ADDA SIZE=73728
%PROGRAMFILES%\Intel\IntelDH\bin\IntelDH.dll [Intel(R) Corporation] [Intel(R) Viiv(TM) Software] MD5=C8EB460F03AD239FA54A81BFE3C852FA SIZE=119808
%SYSDIR%\RtkAPO.dll [Realtek Semiconductor Corp.] [Realtek(r) LFX/GFX DSP component] MD5=D330BF0F8742EE1FFFC3A099CE310F9F SIZE=2156544
%WINDIR%\ijl15.dll [Intel Corporation] [Intel® JPEG Library] MD5=1AA06C81A0621E277E755B965B5E4B5F SIZE=372736
%COMMONFILES%\Portrait Displays\Drivers\WrapI2C.dll [Portrait Displays, Inc.] [PDI I2C Wrapper DLL] MD5=39B36ED2FD29439F588A83FE19BE3C11 SIZE=196608
%COMMONFILES%\Portrait Displays\Plugins\CC\colorcal.dll [Portrait Displays, Inc.] [VTune Video Optimizer] MD5=6B7E67F5147BFBF24EBE9F5BC0E5D30A SIZE=118784
%COMMONFILES%\Portrait Displays\Plugins\CC\gui.dll MD5=BAF20A2EED5743D5F61F8A9C46904A1E SIZE=77824
%COMMONFILES%\Portrait Displays\drivers\pdi_nv2.dll [Portrait Displays, Inc.] [nv Dynamic Link Library] MD5=35638E325CBA6C04C8D335A99DCF7046 SIZE=77824
%SYSDIR%\nvapi.dll [NVIDIA Corporation] [NVIDIA Windows drivers] MD5=2A8FA6F82793B835DE2049384560C7A0 SIZE=385024
%SYSDIR%\rundll32.exe [Microsoft Corporation] [Sistema operativo Microsoft® Windows®] MD5=4B555106290BD117334E9A08761C035A SIZE=44544
%PROGRAMFILES%\Windows Live\Messenger\MSIMG32.dll [Patchou] [Messenger Plus! Live] MD5=74F9E855A6A634C99320850758E795C0 SIZE=59728
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLive.dll [Patchou] [Messenger Plus! Live] MD5=6A148850B1B0469C2A68B5CFE2AA5C8B SIZE=3335504
%PROGRAMFILES%\Messenger Plus! Live\Detoured.dll MD5=6256684495C499B22DCDBA266E4F2494 SIZE=4096
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLiveRes.dll [Patchou] [Messenger Plus! Live] MD5=50D3B341178EF2BA876507AB43FFD2C1 SIZE=1818960
%SYSDIR%\vsnpstd3.dll MD5=A81396F3D1AB898A8B1BAAAC4AA00253 SIZE=61440
%PROGRAMFILES%\Messenger Plus! Live\libsndfile.dll MD5=00742B11F1492D15A0A8FF25E36AB9BE SIZE=370688
%PROGRAMFILES%\Messenger Plus! Live\lame_enc.dll MD5=75430D2F8B2E204814247D62D9445CE4 SIZE=390656
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\EasyShare.exe [Eastman Kodak Company] [Kodak EasyShare Software] MD5=B21412B5F63F59D55DCEBA799AAC96B7 SIZE=282624
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\Kfx.dll [KFx Dynamic Link Library] MD5=1E86EFE35CC37F08822648ABB8B15C41 SIZE=338944
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\AppCore.dll [AppCore Dynamic Link Library] MD5=5010F937CA9E5DFCB82D792C6034B671 SIZE=246272
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\Atlas.dll [Atlas Dynamic Link Library] MD5=4FD80997C52083F65785A44810371093 SIZE=338944
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\MEshim.dll MD5=C3D2864923EC9341572106CC197A95B9 SIZE=13824
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\MediaEngine.dll [SOLIDFX, LLC] [MediaEngine] MD5=99B6792F037C9B64464F125870FCE672 SIZE=786432
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\ESApp.dll [Eastman Kodak Company] [Kodak EasyShare software] MD5=C12BDED4C30229B36F1D3C8CEDF37F8F SIZE=1270784
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll [SpiffyExt Dynamic Link Library] MD5=D86C0A1F1501892EEF68FB9BFAA30A59 SIZE=232448
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\VistaDB.esx [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=F7C99B1FE713A452C998FC55939ED609 SIZE=549376
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\VistaImage.dll [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=2403B2CB30B0FD6F4E30D5E072CF1684 SIZE=382464
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\KCat40.dll [Eastman Kodak Company] [Kodak Image Catalog SDK] MD5=0F1079CB90488C7FA63E7AD644609D2C SIZE=657920
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\kcor40.dll [Eastman Kodak Company] [Kodak Core Worker] MD5=389391ABB19B7FB5DC8CC654246B4447 SIZE=78336
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LTDIS10N.dll [LEAD Technologies, Inc.] [LEADTOOLS® DLL for Win32] MD5=B54FB37036ED2AC5CABEF9562E51F825 SIZE=229888
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LTKRN10N.dll [LEAD Technologies, Inc.] [LEADTOOLS® DLL for Win32] MD5=1E7BF4BE1DF8DA000F3FEC4D3354C296 SIZE=297984
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LTFIL10N.DLL [LEAD Technologies, Inc.] [LEADTOOLS® DLL for Win32] MD5=02564FDA7BAF6C4326BED1F03FDA0054 SIZE=108032
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LTIMG10N.dll [LEAD Technologies, Inc.] [LEADTOOLS® DLL for Win32] MD5=7BCC155A51C2060290A27FBD1BE60B07 SIZE=114176
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LTEFX10N.dll [LEAD Technologies, Inc.] [LEADTOOLS® DLL for Win32] MD5=57842FF2239BFE302BAC2971D5CBDB65 SIZE=221184
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\VistaControls.esx [VistaControls Dynamic Link Library] MD5=76F0CEBED23765202711B0684148CC72 SIZE=223744
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll [VistaControls Dynamic Link Library] MD5=5A5E992A51C8B91AA961C6B6322AEC9D SIZE=688128
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocESApp.dll [Eastman Kodak Company] [Kodak EasyShare software] MD5=E6F35833BA521973E5879D5A03A777BF SIZE=3264512
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\UIFx.dll [Eastman Kodak Company] [Kodak EasyShare] MD5=B86D9140452FB04A12C21D29089AB56F SIZE=108032
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\Acqmod.esx [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=2E68B86C6FB8C5930C16871DACBAC793 SIZE=480256
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll [LocAcqMod Dynamic Link Library] MD5=7915D780108506110BB35B18062C17DA SIZE=90112
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\AddressBook.esx [Eastman Kodak] [AddressBook Dynamic Link Library] MD5=0A4889B2798AF389EAB4D23CA9EEEB91 SIZE=138240
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\CameraCollection.esx [TODO: <Company name>] [TODO: <Product name>] MD5=C7A6F7FFA83B24F2A8D28DA97F463F2D SIZE=200192
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\CreativeProjects.esx [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=5FDBC09297077FBD518848FFAEC48DB0 SIZE=192512
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx [DXRawFor Dynamic Link Library] MD5=EC259E3F3D35539972E2DAF0D640B929 SIZE=77312
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\DibLibIP.dll [DibIPLib Dynamic Link Library] MD5=E746EED5A01275173BDA136FE93AFA8B SIZE=61952
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll MD5=0F27C10C6A5CD81E87740CA1DC72824F SIZE=1564672
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\EGCreatives.esx [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=576AE98CFD8A5742DC4432860A7AED92 SIZE=345088
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocEGCreatives.dll [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=851A68290D13469A8197675A62CDE986 SIZE=26112
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\ESColl.esx [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=59A186E02F411B454AF2BD008935A181 SIZE=1312256
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocESColl.dll [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=745F7BD271AA76B53A195792EFD5D164 SIZE=122880
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\ESDeviceSetup.esx [TODO: <Company name>] [TODO: <Product name>] MD5=8B7487457E815C35F15CB6ED2EED89C6 SIZE=285696
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocESDeviceSetup.dll [TODO: <Company name>] [TODO: <Product name>] MD5=491D6B73E6FACAA21AF8E442145F9424 SIZE=630784
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\ESEmail.esx [VistaEmail Dynamic Link Library] MD5=C418D761A3AA29ACE401FFEF7A0BD46B SIZE=667648
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\keml40.dll [KEmail Dynamic Link Library] MD5=21A90A7E6EB6D89F6B681752BCE92AC7 SIZE=83968
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocESEmail.dll [VistaEmail Dynamic Link Library] MD5=1075CC1C04EA50803FEC379E27222887 SIZE=163840
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\ESPrint.esx [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=BA5D375DCF9CF370001637C49DD033E4 SIZE=544768
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\kpries40.dll [print Dynamic Link Library] MD5=CCACBABF82F70EF340B8CF7B73B99E52 SIZE=120832
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocESPrint.dll [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=1820FE0C79E0F034A034461A0548D854 SIZE=249856
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\ESShastaEditPipe.esx [Eastman Kodak Company] [ESShasta Dynamic Link Library] MD5=01259648D0906978E04ED3C6F1A4502D SIZE=96768
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\ShastaPath.dll [Eastman Kodak Company] [Eastman Kodak Company ShastaPath] MD5=AEB044F75C3AC1702424B4AA306D8DB1 SIZE=208896
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\ESSkin.esx [ESSkin Dynamic Link Library] MD5=F634EED94842102E690855264C5BC909 SIZE=1035264
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll MD5=106A2A96A76A6B62F79F027EF929D928 SIZE=770048
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll MD5=8D5CD1267710094235BBAAD1E1119E3B SIZE=835584
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll MD5=80F0E8EAB52D30195A8A7A94086C0859 SIZE=430080
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll MD5=883D83D06E7D47EF03DD50A3760E1BEB SIZE=495616
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll MD5=494AA42C0FF1E2082FA75F60F7821AB0 SIZE=786432
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll MD5=C60A3F6DA8BDBF67C34A99195076E709 SIZE=2052096
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll MD5=0A0C630019D3A234245D8E015AAB6EBD SIZE=1339392
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\ESSlideShow.esx [Eastman Kodak Company] [Kodak EasyShare] MD5=B64A392EF028A7F566950EC2849E1814 SIZE=116224
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\ESUIWireless.esx [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=17AD7E527EF4C5499620899FD8486164 SIZE=228352
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocESUIWireless.dll [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=3E6914BAA1901271397F33F7B451C32D SIZE=19456
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\ESWireless.esx [Eastman Kodak Company] [Kodak EasyShare] MD5=17226AB2C2D68374D03552ED6B4D0825 SIZE=161792
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx [IStorageMediaStore Dynamic Link Library] MD5=271B4BAF93BE8B88CA1BF8931CF06763 SIZE=115200
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\KDCImagePath.esx [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=B6EA086D4869D3A8E9D94F933E9F40F9 SIZE=3293184
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\PTP.esx [Eastman Kodak Company] [PTP Dynamic Link Library] MD5=520727735E731BD384AF1DB891D89A93 SIZE=1015808
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\Pcd.esx [Picture CD Dynamic Link Library] MD5=46538E987B936B194875776479865055 SIZE=171008
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll [KPCDInterface Dynamic Link Library] MD5=EA9DE3EFFD87BDEDC825989B33D1A66C SIZE=51712
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll [KPrintOnlineHelper Dynamic Link Library] MD5=685F35E5ED17E4E059A975914A7325BE SIZE=139264
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocPCD.dll [Picture CD Dynamic Link Library] MD5=D00211BCD05D84E726F84F420B80E9DA SIZE=9216
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx [Check for Updates Dynamic Link Library] MD5=E7FC75AE2C5763606F09F0A90FDC57F8 SIZE=81920
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll [Check for Updates Dynamic Link Library] MD5=89545DB70F29D60F7FD53E709DAF4392 SIZE=9216
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx [VistaAdapter Dynamic Link Library] MD5=D0F50000ADFEE98332B411A96B7FD845 SIZE=335872
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll [VistaAdapter Dynamic Link Library] MD5=C168816EACD0BD1A2BAE301136CB2A7A SIZE=10240
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\VistaBBook.esx [Eastman Kodak Company] [Kodak EasyShare] MD5=9CDB2CBA1FF7F4A0E44F01FE73113EAF SIZE=164352
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocVistaBBook.dll [Eastman Kodak Company] [Kodak EasyShare] MD5=CB05266378062924E74FE3A63A22C185 SIZE=73728
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\VistaBrowser.esx [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=506F29B291011B938324540135DB1F74 SIZE=100864
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocVistaBrowser.dll [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=F549586381453A4DA7C508BD4213A868 SIZE=73728
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx [VistaCDBackup Dynamic Link Library] MD5=F0B4099333F59693086354F22D679579 SIZE=95744
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\VistaCDR.dll [Eastman Kodak Company] [VistaCDR Dynamic Link Library] MD5=C61E3B59D6228AE5495C4EB850C978EE SIZE=32768
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\PRIMOSDK.dll [Sonic Solutions] [Prassi PrimoSDK] MD5=40E26105E8BF96ECA53F37C8CB83B97E SIZE=163840
%SYSDIR%\PX.dll [Sonic Solutions] [Px] MD5=137AECA65AEED91A85142D8F033045CD SIZE=547576
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll [VistaCDBackup Dynamic Link Library] MD5=EADF1778478A7F40C5162C423C57533D SIZE=151552
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\VistaEdit.esx [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=BC2DA23C12491B281FAD787700280350 SIZE=475136
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocVistaEdit.dll [Eastman Kodak Company] [KODAK EASYSHARE Software] MD5=6D0BE74CCE4BD1EC4ED312EE74E16FBB SIZE=524288
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx [VistaPrintOnLine Dynamic Link Library] MD5=FF5FFEF8C889F961469BB3D92BC3FF17 SIZE=303104
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll [VPrintOnline Dynamic Link Library] MD5=982E30DFE375C09CEC24EED5E7711E18 SIZE=679936
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll [VistaPrintOnLine Dynamic Link Library] MD5=939925356415964111C559A177ABF768 SIZE=90112
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\XMIApi.esx [Eastman Kodak Company] [Kodak EasyShare] MD5=D29F88DFBA3A1959C8A497A2B2B02DB5 SIZE=737280
%PROGRAMFILES%\QuickTime\QTSystem\QuickTime.qts [Apple Computer, Inc.] [QuickTime] MD5=5872BEBE1D212B7E7081E3429F7AF4EE SIZE=13263360
%PROGRAMFILES%\QuickTime\QTSystem\CoreVideo.qtx [Apple Computer, Inc.] [QuickTime] MD5=48562013CC12F291A57A9E2B8D46187D SIZE=237568
%PROGRAMFILES%\QuickTime\QTSystem\QuickTime3GPP.qtx [Apple Computer, Inc.] [QuickTime] MD5=DED51762ACA3CB0212A2952C0CF3C21F SIZE=331776
%PROGRAMFILES%\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx [Apple Computer, Inc.] [QuickTime] MD5=21E45692C39206F13EC0F630817169BA SIZE=462848
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeAudioSupport.qtx [Apple Computer, Inc.] [QuickTime] MD5=CC8CB7B975FB34ACE90C7FA5F85EFA6C SIZE=1495040
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeAuthoring.qtx [Apple Computer, Inc.] [QuickTime] MD5=9D1B2B0CD667F1E7C9C4A3A61E62C1DD SIZE=1916928
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeCapture.qtx [Apple Computer, Inc.] [QuickTime] MD5=A52762D8DE1A126DAA87CD5099D5E7D4 SIZE=315392
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeEffects.qtx [Apple Computer, Inc.] [QuickTime] MD5=90D41A3042C0EBA231E42384FB41DBD5 SIZE=548864
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeEssentials.qtx [Apple Computer, Inc.] [QuickTime] MD5=E2230DDBC056A54A1B73E7CED4B831F0 SIZE=479232
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeH264.qtx [Apple Computer, Inc.] [QuickTime] MD5=88BDD262F4E7AEBCB7E15BA94FDCFCFD SIZE=2428928
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeImage.qtx [Apple Computer, Inc.] [QuickTime] MD5=4C1B2896918EBDD522E1474F30DFA3A5 SIZE=942080
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeInternetExtras.qtx [Apple Computer, Inc.] [QuickTime] MD5=B5C3DD7BC1A10DCAAE84306462E12C18 SIZE=888832
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeMPEG.qtx [Apple Computer, Inc] [QuickTime] MD5=F01FFECD82CFFC506A76F68E5C8BC096 SIZE=434176
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeMPEG4.qtx [Apple Computer, Inc.] [QuickTime] MD5=AAB25F4FE26A0C97FE5483280B72683B SIZE=307200
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx [Apple Computer, Inc.] [QuickTime] MD5=0E29B90A30ACBA7BAEE7220AA42D517E SIZE=528384
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeMusic.qtx [Apple Computer, Inc.] [QuickTime] MD5=80550E5DEFE858C71F456612D450D804 SIZE=561152
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeQD3D.qtx [Apple Computer, Inc.] [QuickTime] MD5=1F09D31DD279E980CCE56DC205DC19CB SIZE=200704
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeStreaming.qtx [Apple Computer, Inc.] [QuickTime] MD5=9B188B6BEC6D5A4AFF09FC2A0995842C SIZE=827392
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx [Apple Computer, Inc.] [QuickTime] MD5=C731E0F891787812DCDA5EC13C6B317A SIZE=335872
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx [Apple Computer, Inc.] [QuickTime] MD5=2288024E26B1D72DBE5CC1D0A5F56775 SIZE=131072
%PROGRAMFILES%\QuickTime\QTSystem\QuickTimeVR.qtx [Apple Computer, Inc] [QuickTime] MD5=243678A71268FBE676AEF9562B950432 SIZE=757760
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\Escom.dll [ESCom Module] MD5=8626CD2D535A93A1180033F0A339582F SIZE=405504
%PROGRAMFILES%\Kodak\Kodak EasyShare software\bin\LocCamBack.dll [Vista] MD5=E803C250E0E2F923DB4DD00697392775 SIZE=57344
%PROGRAMFILES%\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [Sony Corporation] [Picture Motion Browser] MD5=145076536DB5E6561C0E24E047B07A62 SIZE=344064
%PROGRAMFILES%\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcherLOC.DLL [Sony Corporation] [Picture Motion Browser] MD5=6D9764E624D7D5DF47DEB644E79C521E SIZE=65536
%USERPROFILE%\Local\YouTube\Uploader\youtubeuploader.exe [YouTube, LLC] [YouTube Uploader] MD5=E1E2BBF850825BAE7C692FC8CE0DD5C1 SIZE=71152
%USERPROFILE%\Local\YouTube\Uploader\youtubeuploader.dll MD5=3082F2F9E96D1AE456733FC32BE6850E SIZE=349680
%COMMONFILES%\Ahead\Lib\NMIndexingService.exe [Nero AG] [Nero Home] MD5=17A29A10BBFEB7DB89FA2C3E170394C1 SIZE=452058
%COMMONFILES%\Ahead\Lib\NMIndexingServicePS.dll [Nero AG] [Nero Home] MD5=7A733B19EDBB72C8A853BD9E71595D9D SIZE=59440
%COMMONFILES%\Ahead\Lib\NMLogCxx.dll [Nero AG] [Nero Home] MD5=4F266F317AD48F9127BEEF08D43EC05F SIZE=71216
%COMMONFILES%\Ahead\Lib\log4cxx.dll [Nero AG] [Nero Home] MD5=77DA24CC291B2BB3C001AC9196BC83AE SIZE=742960
%COMMONFILES%\Ahead\Lib\NMDataServices.dll [Nero AG] [Nero Home] MD5=95273094268B65087D2EBB3D509B1B4C SIZE=2750000
%COMMONFILES%\Ahead\Lib\NMIndexStoreSvr.exe [Nero AG] [Nero Home] MD5=74EA847B9CB2B2B56B6F2DCC064D8CB9 SIZE=1390038
%COMMONFILES%\Ahead\Lib\NMSQLDB.dll [Nero AG] [Nero Home] MD5=577489E0B1178CA0CCD726C2527EB33F SIZE=321072
%COMMONFILES%\Ahead\Lib\NMCoFoundation.dll [Nero AG] [Nero Home] MD5=D053B92AE72B533F602184F2D5211C10 SIZE=542256
%COMMONFILES%\Ahead\Lib\NMPluginBase.dll [Nero AG] [Nero Home] MD5=7F4C9599EE135EA3170697423D0AFFA6 SIZE=108080
%COMMONFILES%\Ahead\Lib\NMFullTextExtraction.dll [Nero AG] [Nero Home] MD5=B64657C1607CAA2F1B76ABE1C34A5F4E SIZE=181808
%COMMONFILES%\Ahead\Lib\NMSearchPluginSimilarImages.dll [Nero AG] [Nero Home] MD5=EC887F39C825DD70DF8CDEAF106EB369 SIZE=181808
%COMMONFILES%\Ahead\Lib\NeroIPP.dll [Nero AG] [Nero Suite] MD5=7403DA4C3D15D837EC3AF694A4C501B6 SIZE=3376688
%COMMONFILES%\Ahead\Lib\NMIndexStoreSvrPS.dll [Nero AG] [Nero Home] MD5=7166EDCCBAAF359DFED42B46F4587044 SIZE=21040
%COMMONFILES%\Portrait Displays\Shared\HookManager.exe [Portrait Displays Inc.] [HookManager Application] MD5=CA286A369EED2D6EAFF79A1050CDBC15 SIZE=110592
%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe [Microsoft Corporation] [Sistema operativo Microsoft® Windows®] MD5=ACB2E63D50157E3EA7140F29D9E76A48 SIZE=895488
%PROGRAMFILES%\Hewlett-Packard\HP Health Check\HPHC_Service.exe [Hewlett-Packard] [HP Health Check Service] MD5=E48B80F6614D4BEFA7768B960FFEF514 SIZE=61440
%WINDIR%\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll [Hewlett-Packard] [HP Active Support Library] MD5=C6AB9DC71CE8FB2445CA14EE0FEC5ED6 SIZE=73728
%PROGRAMFILES%\Windows Live\Messenger\usnsvc.exe [Microsoft Corporation] [Messenger] MD5=9D19B042A4FD5C02195071EA2FE0C821 SIZE=98328
%PROGRAMFILES%\google\googletoolbar2.dll [Google Inc.] [Google Toolbar per IE] MD5=F0B634B957E774E90EDF0F90D0039303 SIZE=2423872
%PROGRAMFILES%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Inc.] [Yahoo! Toolbar] MD5=839BC91F49F8ADA29F3E3B8366057016 SIZE=803864
%SYSDIR%\inetcomm.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=0D444215D80FC50E43F02E4B5A43877D SIZE=737792
%SYSDIR%\zipfldr.dll [Microsoft Corporation] [Sistema operativo Microsoft® Windows®] MD5=C9F8C752ED450D74A51FC4DA40B0DA16 SIZE=338432
%PROGRAMFILES%\Windows Photo Gallery\PhotoViewer.dll [Microsoft Corporation] [Sistema operativo Microsoft® Windows®] MD5=7CB1C510F55B2D5E3DE24823839D320D SIZE=2313216
%PROGRAMFILES%\Windows Media Player\wmpband.dll [Microsoft Corporation] [Sistema operativo Microsoft® Windows®] MD5=4AEED1FBB53F915CBE30671793776A80 SIZE=99328
%SYSDIR%\emdmgmt.dll [Microsoft Corporation] [Sistema operativo Microsoft® Windows®] MD5=3226FDA08988526E819E364E8CCE4CEE SIZE=560640
%SYSDIR%\audiodev.dll [Microsoft Corporation] [Sistema operativo Microsoft® Windows®] MD5=BC59360E14159C67FF257FB424F3B723 SIZE=244224
%PROGRAMFILES%\Windows Photo Gallery\PhotoAcq.dll [Microsoft Corporation] [Sistema operativo Microsoft® Windows®] MD5=571B269F346E518F0D2BB7B067ECFFCD SIZE=1030656
%COMMONFILES%\microsoft shared\ink\TipBand.dll [Microsoft Corporation] [Sistema operativo Microsoft® Windows®] MD5=A8F2BB769FA35F9C2867746B671EB662 SIZE=114688
%PROGRAMFILES%\Windows Sidebar\sbdrop.dll [Microsoft Corporation] [Sistema operativo Microsoft® Windows®] MD5=1690302570CC80160F68B604E6806802 SIZE=66048
%SYSDIR%\ShellvRTF.dll [XSS] [XSS ShellvRTF] MD5=91FA8D1DB1EC243CECD4A0977C91CC6F SIZE=237568
%COMMONFILES%\Portrait Displays\Shared\HtmlEngine.dll [Portrait Displays, Inc] [TODO: <Product name>] MD5=AC85DDBF80848EE56F063FA82953A095 SIZE=139264
%PROGRAMFILES%\OPENOFFICE.ORG 2.3\PROGRAM\SHLXTHDL.DLL
%PROGRAMFILES%\Microsoft Office\Office12\ONFILTER.DLL [Microsoft Corporation] [Microsoft Office OneNote] MD5=DF8AADA641FE10C4748899F62A530A28 SIZE=75144
%COMMONFILES%\microsoft shared\OFFICE12\msoshext.dll [Microsoft Corporation] [Microsoft Office] MD5=0079E7EE294AC629D57FB8259F5A803E SIZE=935832
%COMMONFILES%\Microsoft Shared\Web Folders\MSONSEXT.DLL [Microsoft Corporation] [Web folders and Rosebud Windows Redistributable Package] MD5=CE0A7504F2553234E9CE732D33EAF8B4 SIZE=973168
%PROGRAMFILES%\Windows Live\Mail\mailcomm.dll [Microsoft Corporation] [Messenger] MD5=6A69BEDDD514F21B8A216B85EAF330B5 SIZE=858136
%PROGRAMFILES%\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] [Cover Designer] MD5=33077AC03F3236EBA4090AB0F121E81E SIZE=1963568
%COMMONFILES%\Ahead\Lib\NeroDigitalExt.dll [Nero AG] [Nero Digital Tools] MD5=7D7FCD33061D13B40CB54CE250005121 SIZE=1807920
%PROGRAMFILES%\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Microsoft Corporation] [Windows Live Photo Gallery] MD5=FA4445E6AB200B46BB140DF4529F60BB SIZE=405468
%PROGRAMFILES%\Windows Live\Photo Gallery\PhotoViewerShim.dll [Microsoft Corporation] [Windows Live Photo Gallery] MD5=024F4D95154039B2292F4B856A52AB7D SIZE=46112
%SYSDIR%\rundll32.exe "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll",PhotoViewerComServer {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}
%SYSDIR%\rundll32.exe "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll",PhotoViewerComServer {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}
%SYSDIR%\rundll32.exe "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll",PhotoViewerComServer {00F374B7-B390-4884-B372-2FC349F2172B}
%PROGRAMFILES%\WinRAR\rarext.dll MD5=3B42317C8A22B82B04BF8C4E13B27CF0 SIZE=125440
%PROGRAMFILES%\Windows Live\Messenger\fsshext.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=8BDE1F61DFBAAE7A2916170E8B75FE0F SIZE=329240
%PROGRAMFILES%\Alwil Software\Avast4\ashShell.dll [ALWIL Software] [avast! Antivirus] MD5=ABD1D845FC1EA9BDACBFBB284AD3E974 SIZE=75128
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\DRIVERS\aswFsBlk.sys [ALWIL Software] [avast! Antivirus System] MD5=922C09ED986C31D6D4445DC937465103 SIZE=20560
%SYSDIR%\DRIVERS\aswMonFlt.sys [ALWIL Software] [avast! Antivirus System] MD5=1329D1B7F101E313EEDEEDE7D0AFBE70 SIZE=50768
%SYSDIR%\svchost.exe -k LocalSystemNetworkRestricted
%SYSDIR%\svchost.exe -k LocalServiceNetworkRestricted
%SYSDIR%\DRIVERS\AvgAsCln.sys [GRISOFT, s.r.o.] [AVG7 Clean Driver] MD5=856B0CEE009946BF2D327E6B24FE7E3F SIZE=10872
%SYSDIR%\svchost.exe -k LocalServiceNoNetwork
%SYSDIR%\DRIVERS\blueletaudio.sys [IVT Corporation] [Windows (R) 2000 DDK driver] MD5=04E84C8049EE93614A2FF6D676D1E247 SIZE=20480
%SYSDIR%\DRIVERS\btnetdrv.sys [IVT Corporation] [BlueSoleil] MD5=D1813668A0117AE05BC0B81C874F91D4 SIZE=10804
%SYSDIR%\DRIVERS\vbtenum.sys MD5=161969D2DD1D39CD2F1EDBC60C61FA99 SIZE=11860
%SYSDIR%\Drivers\BTHidMgr.sys [IVT Corporation] [BlueSoleil(c)] MD5=A9164C2A39BD917B9F42AE087560AC3D SIZE=28271
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\svchost.exe -k DcomLaunch
%SYSDIR%\DRIVERS\e100b325.sys [Intel Corporation] [Scheda Intel(R) PRO/100] MD5=C0B00E55CF82D122D25983C7A6A53DEA SIZE=163328
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\drivers\iastor.sys [Intel Corporation] [Intel Matrix Storage Manager driver] MD5=2D8143C90F246D0F1735AF7D05D515F3 SIZE=304920
%SYSDIR%\drivers\RTKVHDA.sys [Realtek Semiconductor Corp.] [Realtek(r) High Definition Audio Function Driver] MD5=EDC37B918E583A5A813C53D4F5588255 SIZE=2047576
%SYSDIR%\DRIVERS\nvlddmkm.sys [NVIDIA Corporation] [NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 169.60] MD5=351265910A8EF5FC6CC4535A00054049 SIZE=8237120
%SYSDIR%\Drivers\PdiPorts.sys [Portrait Displays, Inc.] [PDI Kernel Ports Driver] MD5=18ED1D71FEF6F71D38C24263500BBD01 SIZE=15920
%SYSDIR%\svchost.exe -k NetworkServiceNetworkRestricted
%SYSDIR%\DRIVERS\PS2.sys [Hewlett-Packard Company] [Hewlett-Packard Company PS2 SYS] MD5=390C204CED3785609AB24E9C52054A84 SIZE=19072
%SYSDIR%\Drivers\PxHelp20.sys [Sonic Solutions] [PxHelp20] MD5=49452BFCEC22F36A7A9B9C2181BC3042 SIZE=43872
%SYSDIR%\rlservice.exe \service
%SYSDIR%\svchost.exe -k rpcss
%SYSDIR%\DRIVERS\snpstd3.sys [Sonix Co. Ltd.] [USB PC Camera] MD5=11BB0E11D42CC3A43D741D9B30839BE1 SIZE=10252544
%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=CCD6E6C387E3EFA3BA5FE0E7883821C1 SIZE=141312
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\svchost.exe -k swprv
%SYSDIR%\svchost.exe -k WerSvcGroup
%SYSDIR%\SearchIndexer.exe \Embedding
%PROGRAMFILES%\Microsoft Office\Office12\GrooveSystemServices.dll [Microsoft Corporation] [GrooveSystemServices Module] MD5=C48CBBD38D7FBB0E86F4364062EBC66E SIZE=224128
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=56319E6B4D190A2DEB4463A9CE4D4F74 SIZE=66072
%COMMONFILES%\Skype\Skype4COM.dll [Skype Technologies] [Skype4COM] MD5=B608D23E4BC4DF3CB42EE2D69C24C8D1 SIZE=1934672
%SYSDIR%\msdxm.ocx [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=506CF5D6E38FD7DEC7B6D7D3030E7BC9 SIZE=4096
%SYSDIR%\powrprof.dll [Microsoft Corporation] [Sistema operativo Microsoft® Windows®] MD5=3CDEC51291F735C5C276B957239017A3 SIZE=96768
%SYSDIR%\WPDSP.DLL [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=C72D3E9282DFE01E1D363DDB5DC1A66C SIZE=349184

End of Report


Procedura per la Rimozione:

Preparazione delle strutture
Creazione del punto di ripristino
Rimuovi Trojan.Beegle-1
Rilevamento File non riuscito (Failed) : C:\Users\Aghy\AppData\Roaming\m\flec006.exe
File set for deletion after restart: C:\Users\Aghy\AppData\Roaming\m\flec006.exe
Rilevamento File non riuscito: C:\Users\Aghy\AppData\Roaming\m\flec006.exe
Rimuovi Trojan.Agent.NWA
File eliminato: C:\Users\Aghy\AppData\Local\Temp\ovaD690.tmp
File eliminato: c:\Users\Aghy\AppData\Local\Temp\gubCA41.tmp
File eliminato: c:\Users\Aghy\AppData\Local\Temp\itdC754.tmp
File eliminato: c:\Users\Aghy\AppData\Local\Temp\mtkC17C.tmp.ren
Rilevamento File non riuscito (Failed) : c:\Users\Aghy\AppData\Local\Temp\rna85B2.tmp.ren
Rilevamento File non riuscito: c:\Users\Aghy\AppData\Local\Temp\rna85B2.tmp.ren
File eliminato: c:\Windows\Temp\gka693D.tmp
File eliminato: c:\Windows\Temp\isaBA59.tmp
Rilevamento File non riuscito (Failed) : c:\Windows\Temp\jpa9C5D.tmp.ren
Rilevamento File non riuscito: c:\Windows\Temp\jpa9C5D.tmp.ren
File eliminato: c:\Windows\Temp\msaB97E.tmp
File eliminato: c:\Windows\Temp\nqaA784.tmp
File eliminato: c:\Windows\Temp\tma79C0.tmp
File eliminato: c:\Windows\Temp\yla75F9.tmp
File eliminato: c:\Windows\Temp\ypa98F4.tmp.ren
Rimuovi Trojan.Click.Agent.afs
File eliminato: c:\Users\Aghy\AppData\Local\Temp\NAV15.0.0.58\NAV\External\NORTON\symlctnk.dll
File eliminato: c:\Users\Aghy\AppData\Local\Temp\NAV15.5.0.23\NAV\External\NORTON\symlctnk.dll
File eliminato: c:\Users\Aghy\AppData\Local\Temp\NIS15.0.0.60\Setup\Setup\App\symlctnk.dll
File eliminato: c:\Users\Aghy\AppData\Roaming\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\NAV\External\NORTON\symlctnk.dll
File eliminato: c:\Users\Aghy\AppData\Roaming\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup\Setup\App\symlctnk.dll
Rimuovi SDBot.EMP
File eliminato: C:\HP\KBD\KbdStub.EXE
Registry eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KBD
Rimuovi Email-Worm.Bagle.of
Rilevamento File non riuscito (Failed) : C:\Windows\system32\wintems.exe
File set for deletion after restart: C:\Windows\system32\wintems.exe
Rilevamento File non riuscito: C:\Windows\system32\wintems.exe
Rimuovi Trojan.Downloader.Bagle.fg.2
Rilevamento File non riuscito (Failed) : C:\Windows\system32\drivers\srosa.sys
File set for deletion after restart: C:\Windows\system32\drivers\srosa.sys
Rilevamento File non riuscito: C:\Windows\system32\drivers\srosa.sys
Chiusura del punto di ripristino
Fine
ghetuccia
Newbie
 
Post: 4
Iscritto il: 14/06/08 10:35

Re: Virus???

Postdi dade25 » 16/06/08 11:36

Vedo che ti ha tolto un pò di roba ,ma ora va meglio ho hai ancora problemi?
Avatar utente
dade25
Utente Senior
 
Post: 258
Iscritto il: 30/05/08 18:46
Località: Niella Tanaro

Re: Virus???

Postdi Luke57 » 17/06/08 07:48

Ciao, segui questa procedura alla lettera:

Scarica questi programmie e lasciali sul desktop
http://us1.filseclab-res.com/down/twister_en.zip
http://download.bleepingcomputer.com/ol ... oveIt2.exe
http://www.zonavirus.com/datos/descarga ... ibagla.asp

Disattiva ripristino configurazione sistema
http://www.p2pforum.it/forum/showthread.php?t=182092
disconnetti da internet spegnendo il modem
lancia elibagla(se non dovesse avviarsi insisti riavviando il sistema più volte) e clicca su explorar,terminato riavvia e usa nuovamente elibagla.
Solo dopo aver usato elibagla avvia il S.O in modalità provvisoria (dovrebbe funzionare)
http://www.p2pforum.it/forum/showthread.php?t=182092
Doppio click su OTMoveIT2.exe
Copia/incolla quanto segue nella finestra "Paste List of Files/Folders
to be moved"

%SystemDrive%\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%\WINDOWS\system32\wintems.exe
%SystemDrive%\WINDOWS\system32\hldrrr.exe
%SystemDrive%\WINDOWS\system32\trusted.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%UserProfile%\Dati applicazioni\hidires\hidr.exe
%UserProfile%\Dati applicazioni\hidires\rosa.sys
%UserProfile%\Dati applicazioni\m\list.oct
%UserProfile%\Dati applicazioni\m\data.oct
%UserProfile%\Dati applicazioni\m\flec006.exe
%SystemDrive%\system32\re_file.exe
%SystemDrive%\elist.xpt
%UserProfile%\Dati applicazioni\hidires\m_hook.sys
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.ex_
%SystemDrive%\WINDOWS\system32\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\edlm.exe
%SystemDrive%\WINDOWS\system32\edlm2.exe
%SystemDrive%\Windows\system32\ldR64.dll
%SystemDrive%\WINDOWS\system32\german.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys.
%SystemDrive%\WINDOWS\system32\mdelk.exe.
%SystemDrive%\WINDOWS\system32\wintems.exe.
%SystemDrive%\WINDOWS\system32\1.exe
%SystemDrive%\WINDOWS\exefqd
%SystemDrive%\WINDOWS\exefnd
%SystemDrive%\WINDOWS\exefld
%UserProfile%\Dati applicazioni\hidires
%UserProfile%\Dati applicazioni\hidn
%UserProfile%\Dati applicazioni\m
%SystemDrive%\WINDOWS\System32\drivers\down
%SystemDrive%\WINDOWS\system32\drivers\downld
%SystemDrive%\WINDOWS\temp\
%UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5
%UserProfile%\Impostazioni locali\Temporary Internet Files
%UserProfile%\Impostazioni locali\Temp


clicca su MoveIT
Se ti viene proposto il riavvio non farlo e usa nuovamete elibagla,ora
riavvia.
La procedura fino qui va fatta tutta disconnesso da internet


Estrai Twister zip Antivirus (è immune da beagle) installalo aggiornalo (IMPORTANTE) scansioni tutto il disco e elimini quello che trova.
Posta infine il log di elibagla C:\InfoSat.txt e di OTMoveIt2 in C:\_OTMoveIt\MovedFiles.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "Virus???":


Chi c’è in linea

Visitano il forum: Nessuno e 24 ospiti