Tech Support Forum - View Single Post

Fantuccio · 11-04-2008, 12:51 PM

I've got Firefox at the moment and I stopped using IE long time ago, but I'm sure that finderg and about:blank pages aren't placed there by me.

Here are the logs:

ComboFix 08-11-03.04 - Enrico Fantini 2008-11-04 20.14.11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1430 [GMT 1:00]
Eseguito da: c:\documents and settings\Enrico Fantini\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\documents and settings\Enrico Fantini\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
.
Os seguintes ficheiros foram desabilitados durante a rodagem:
c:\programmi\Spyware Doctor\tools\swpg.dat

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SYSTEM32\cewmd.dll
c:\windows\SYSTEM32\DRIVERS\jgjdfuls.dat
c:\windows\SYSTEM32\DRIVERS\mcxtjued.dat
c:\windows\system32\drivers\Winro43.sys
c:\windows\system32\drivers\Winye65.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADXAPIE
-------\Legacy_KNPMUYKL
-------\Legacy_WINAC71
-------\Legacy_WINBV25
-------\Legacy_WINCP30
-------\Legacy_WINEV41
-------\Legacy_WINFI22
-------\Legacy_WINFW16
-------\Legacy_WINGL60
-------\Legacy_WININ31
-------\Legacy_WINKA47
-------\Legacy_WINKA81
-------\Legacy_WINKD12
-------\Legacy_WINKM50
-------\Legacy_WINMC18
-------\Legacy_WINMJ70
-------\Legacy_WINPA76
-------\Legacy_WINPF74
-------\Legacy_WINSK41
-------\Legacy_WINSL22
-------\Legacy_WINUC41
-------\Legacy_WINUF68
-------\Legacy_WINUS47
-------\Legacy_WINYE65
-------\Service_adxapie
-------\Service_knpmuykl
-------\Service_Winac71
-------\Service_Winbv25
-------\Service_Wincp30
-------\Service_Windg73
-------\Service_Winev41
-------\Service_Winfi22
-------\Service_Winfw16
-------\Service_Wingl60
-------\Service_Winin31
-------\Service_Winka47
-------\Service_Winka81
-------\Service_Winkd12
-------\Service_Winkm50
-------\Service_Winll36
-------\Service_Winmc18
-------\Service_Winmj70
-------\Service_Winnd42
-------\Service_Winoj67
-------\Service_Winpa76
-------\Service_Winpf74
-------\Service_Winsk41
-------\Service_Winsl22
-------\Service_Winuc41
-------\Service_Winuf68
-------\Service_Winus47
-------\Service_Winye65

((((((((((((((((((((((((( Files Creati Da 2008-10-04 al 2008-11-04 )))))))))))))))))))))))))))))))))))
.

2008-11-02 00:50 . 2008-11-02 00:50 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-02 00:50 . 2008-11-02 00:50 1,409 --a------ c:\windows\QTFont.for
2008-11-01 11:59 . 2008-11-01 11:59 <DIR> d-------- C:\rsit
2008-11-01 11:27 . 2008-11-01 11:27 250 --a------ c:\windows\gmer.ini
2008-11-01 10:57 . 2008-11-01 11:08 <DIR> d-------- c:\programmi\Unlocker
2008-11-01 10:55 . 2008-11-01 10:57 <DIR> d-------- c:\programmi\FileASSASSIN
2008-10-29 13:35 . 2008-10-29 13:35 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-10-15 21:39 . 2008-10-15 21:39 208 --a------ c:\windows\SYSTEM32\MRT.INI
2008-10-09 16:09 . 2008-10-09 19:38 <DIR> d-------- c:\programmi\World of Warcraft Public Test
2008-10-09 16:00 . 2008-10-09 16:00 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Blizzard
2008-10-09 01:47 . 2008-10-09 01:47 42,320 --a------ c:\windows\SYSTEM32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 09:30 --------- d-----w c:\programmi\eMule
2008-10-27 16:00 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\uTorrent
2008-10-23 09:19 --------- d-s---w c:\programmi\Xfire
2008-10-22 17:42 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\Xfire
2008-10-22 12:10 --------- d-----w c:\programmi\World of Warcraft
2008-10-17 12:05 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\Skype
2008-10-15 11:56 --------- d-----w c:\programmi\NCSoft
2008-10-13 12:51 182,928 ----a-w c:\windows\SYSTEM32\PnkBstrB.exe
2008-10-13 12:51 138,376 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-13 12:48 66,872 ----a-w c:\windows\SYSTEM32\PnkBstrA.exe
2008-10-09 15:58 --------- d-----w c:\programmi\File comuni\Blizzard Entertainment
2008-10-09 15:03 --------- d-----w c:\programmi\ThriXXX
2008-10-07 19:35 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\teamspeak2
2008-10-03 20:53 --------- d-----w c:\programmi\Microsoft SQL Server
2008-10-02 20:50 --------- d-----w c:\programmi\Microsoft CAPICOM 2.1.0.2
2008-10-01 13:55 --------- d-----w c:\programmi\MessengerDiscovery
2008-10-01 13:48 --------- d-----w c:\programmi\Messenger Plus! Live
2008-10-01 13:48 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2008-10-01 13:44 --------- d-----w c:\programmi\MSN Messenger
2008-10-01 12:59 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2008-10-01 12:57 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-10-01 12:44 --------- d-----w c:\programmi\Windows Live
2008-10-01 12:13 --------- d-----w c:\programmi\StuffPlug3
2008-09-28 14:08 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-09-28 14:07 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\GetRightToGo
2008-09-21 09:41 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\SecondLife
2008-09-18 11:56 --------- d-----w c:\programmi\Microsoft LifeChat
2008-09-15 15:38 1,846,016 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-09 10:24 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ATI
2008-09-09 10:21 --------- d-----w c:\programmi\ATI Technologies
2008-09-09 08:59 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\atitray
2008-09-07 22:29 --------- d-----w c:\programmi\SystemRequirementsLab
2008-08-20 05:35 662,016 ----a-w c:\windows\SYSTEM32\wininet.dll
2008-08-14 13:42 2,139,648 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2008-08-14 13:42 2,019,328 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2007-09-11 22:19 22,328 ----a-w c:\documents and settings\Enrico Fantini\Dati applicazioni\PnkBstrK.sys
2006-05-29 15:39 36,816 -c--a-w c:\documents and settings\Enrico Fantini\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-06-19 09:04 32 -c--a-r c:\documents and settings\All Users\hash.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-04_14.52.33.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-04 13:04:40 81,842 ----a-w c:\windows\SYSTEM32\PERFC009.DAT
+ 2008-11-04 17:39:36 81,842 ----a-w c:\windows\SYSTEM32\PERFC009.DAT
- 2008-11-04 13:04:40 98,522 ----a-w c:\windows\SYSTEM32\PERFC010.DAT
+ 2008-11-04 17:39:36 98,522 ----a-w c:\windows\SYSTEM32\PERFC010.DAT
- 2008-11-04 13:04:40 454,378 ----a-w c:\windows\SYSTEM32\PERFH009.DAT
+ 2008-11-04 17:39:36 454,378 ----a-w c:\windows\SYSTEM32\PERFH009.DAT
- 2008-11-04 13:04:40 509,148 ----a-w c:\windows\SYSTEM32\PERFH010.DAT
+ 2008-11-04 17:39:36 509,148 ----a-w c:\windows\SYSTEM32\PERFH010.DAT
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"DMXLauncher"="c:\programmi\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DAEMON Tools"="c:\programmi\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2005-12-20 278528]
"snpstd"="c:\windows\vsnpstd.exe" [2004-05-10 286720]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2007-05-14 35328]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LifeChat"="c:\programmi\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-07-29 155648]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"Spyware Doctor"="c:\programmi\Spyware Doctor\swdoctor.exe" [2007-03-28 2115728]

c:\documents and settings\Enrico Fantini\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-12 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\KEM.exe [2005-10-22 581632]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Programmi\\GameSpy Arcade\\Aphex.exe"=
"c:\\Programmi\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Programmi\\Xfire\\Xfire.exe"=
"c:\\Programmi\\SHOUTcast\\sc_serv.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\YVD\\n00b-IRC.exe"=
"c:\\Programmi\\YVD\\YGO Virtual Desktop V086.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\StubInstaller.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\FantasyGrounds\\FantasyGrounds.exe"=
"c:\\Programmi\\VoipStunt\\VoipStunt\\VoipStunt.exe"=
"c:\\Program Files\\Apprentice\\Appr.exe"=
"c:\\Programmi\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\Enrico Fantini\\Desktop\\Desctozz\\RPGONLINE\\RPGONLINE\\RPGOnline.exe"=
"m:\\NeverwinterNights\\NWN\\nwmain.exe"=
"m:\\FEAR\\FEAR.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"c:\\Programmi\\NetMeeting\\CONF.EXE"=
"c:\\Programmi\\Winamp\\winamp.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Programmi\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Programmi\\Last.fm\\LastFM.exe"=
"m:\\WoWServer\\wamp\\Apache2\\bin\\httpd.exe"=
"c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\ascent1722\\Ascent1722\\logonserver.exe"=
"c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\Ascent Rev2355\\Ascent Rev2355\\logonserver.exe"=
"c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\Rev2902\\Rev2902\\logonserver.exe"=
"c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\AC WEB REPACK 7.4\\Ascent\\logonserver.exe"=
"c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\AC WEB REPACK 7.4\\Ascent\\ascent.exe"=
"c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\Ascent3361\\Ascent 3361\\logonserver.exe"=
"c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\Ascent3361\\Ascent 3361\\voicechat.exe"=
"c:\\Programmi\\World of Warcraft\\BackgroundDownloader.exe"=
"m:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"m:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"m:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Programmi\\TmNationsForever\\TmForever.exe"=
"c:\\Programmi\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"m:\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Programmi\\The All-Seeing Eye\\eye.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\World of Warcraft\\WoW-2.4.3.8568-to-3.0.2.8916-enGB-downloader.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2350:TCP"= 2350:TCP:TMNations1
"3450:TCP"= 3450:TCP:TMNations2
"2350:UDP"= 2350:UDP:TMNationsUDP1
"3450:UDP"= 3450:UDP:TMNationsUDP2
"6370:TCP"= 6370:TCP:*:Disabled:ppLive
"7251:UDP"= 7251:UDP:*:Disabled:ppLive
"3204:TCP"= 3204:TCP:*:Disabled:ppLive
"2588:UDP"= 2588:UDP:*:Disabled:ppLive
"7624:TCP"= 7624:TCP:*:Disabled:ppLive
"4565:UDP"= 4565:UDP:*:Disabled:ppLive
"5340:TCP"= 5340:TCP:WarRockTCP
"5350:UDP"= 5350:UDP:WarRockUDP
"8000:TCP"= 8000:TCP:Winamp
"8000:UDP"= 8000:UDP:Winamp
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 RXG350XP;Roper 802.11g XG350 Driver;c:\windows\system32\DRIVERS\WlanCTG.sys [2005-05-26 481664]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [ ]
S3 wampapache;wampapache;m:\wowserver\wamp\apache2\bin\httpd.exe [2007-09-05 24635]
S3 wampmysqld;wampmysqld;m:\wowserver\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 5730304]
.
Contenuto della cartella 'Scheduled Tasks'

2008-09-18 c:\windows\Tasks\LifeChatTask.job
- c:\programmi\Microsoft LifeChat\LifeChat.exe [2008-08-21 10:16]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{0E00AB23-3C82-4C02-B18F-40F44636EE49} - c:\windows\system32\cewmd.dll

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 20:23:28
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\ati2evxx.exe
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\programmi\Spyware Doctor\sdhelp.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\SYSTEM32\WGATray.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
c:\programmi\Logitech\SetPoint\KHALMNPR.exe
c:\progra~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
c:\programmi\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-04 20:47:28 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-04 19:47:22
ComboFix2.txt 2008-11-04 13:53:29

Pre-Run: 21.496.389.632 byte disponibili
Post-Run: 21,477,548,032 byte disponibili

300 --- E O F --- 2008-11-03 21:50:04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.51.19, on 04/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Microsoft LifeChat\LifeChat.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmi\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LifeChat] "C:\Programmi\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://labirreriadifantom.spaces.liv...d/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://labirreriadifantom.spaces.liv...d/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: wampapache - Apache Software Foundation - M:\WoWServer\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - M:\WoWServer\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 10452 bytes

11-04-2008, 12:51 PM	#5 (permalink)
Fantuccio Registered User Join Date: Nov 2008 Posts: 8 OS: Win XP Home, SP2	Re: File cannot be deleted: cewmd.dll I've got Firefox at the moment and I stopped using IE long time ago, but I'm sure that finderg and about:blank pages aren't placed there by me. Here are the logs: ComboFix 08-11-03.04 - Enrico Fantini 2008-11-04 20.14.11.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1430 [GMT 1:00] Eseguito da: c:\documents and settings\Enrico Fantini\Desktop\ComboFix.exe Interruttori di comando utilizzati :: c:\documents and settings\Enrico Fantini\Desktop\CFScript.txt * Creato nuovo punto di ripristino . Os seguintes ficheiros foram desabilitados durante a rodagem: c:\programmi\Spyware Doctor\tools\swpg.dat ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\SYSTEM32\cewmd.dll c:\windows\SYSTEM32\DRIVERS\jgjdfuls.dat c:\windows\SYSTEM32\DRIVERS\mcxtjued.dat c:\windows\system32\drivers\Winro43.sys c:\windows\system32\drivers\Winye65.sys . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ADXAPIE -------\Legacy_KNPMUYKL -------\Legacy_WINAC71 -------\Legacy_WINBV25 -------\Legacy_WINCP30 -------\Legacy_WINEV41 -------\Legacy_WINFI22 -------\Legacy_WINFW16 -------\Legacy_WINGL60 -------\Legacy_WININ31 -------\Legacy_WINKA47 -------\Legacy_WINKA81 -------\Legacy_WINKD12 -------\Legacy_WINKM50 -------\Legacy_WINMC18 -------\Legacy_WINMJ70 -------\Legacy_WINPA76 -------\Legacy_WINPF74 -------\Legacy_WINSK41 -------\Legacy_WINSL22 -------\Legacy_WINUC41 -------\Legacy_WINUF68 -------\Legacy_WINUS47 -------\Legacy_WINYE65 -------\Service_adxapie -------\Service_knpmuykl -------\Service_Winac71 -------\Service_Winbv25 -------\Service_Wincp30 -------\Service_Windg73 -------\Service_Winev41 -------\Service_Winfi22 -------\Service_Winfw16 -------\Service_Wingl60 -------\Service_Winin31 -------\Service_Winka47 -------\Service_Winka81 -------\Service_Winkd12 -------\Service_Winkm50 -------\Service_Winll36 -------\Service_Winmc18 -------\Service_Winmj70 -------\Service_Winnd42 -------\Service_Winoj67 -------\Service_Winpa76 -------\Service_Winpf74 -------\Service_Winsk41 -------\Service_Winsl22 -------\Service_Winuc41 -------\Service_Winuf68 -------\Service_Winus47 -------\Service_Winye65 ((((((((((((((((((((((((( Files Creati Da 2008-10-04 al 2008-11-04 ))))))))))))))))))))))))))))))))))) . 2008-11-02 00:50 . 2008-11-02 00:50 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-02 00:50 . 2008-11-02 00:50 1,409 --a------ c:\windows\QTFont.for 2008-11-01 11:59 . 2008-11-01 11:59 <DIR> d-------- C:\rsit 2008-11-01 11:27 . 2008-11-01 11:27 250 --a------ c:\windows\gmer.ini 2008-11-01 10:57 . 2008-11-01 11:08 <DIR> d-------- c:\programmi\Unlocker 2008-11-01 10:55 . 2008-11-01 10:57 <DIR> d-------- c:\programmi\FileASSASSIN 2008-10-29 13:35 . 2008-10-29 13:35 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage 2008-10-15 21:39 . 2008-10-15 21:39 208 --a------ c:\windows\SYSTEM32\MRT.INI 2008-10-09 16:09 . 2008-10-09 19:38 <DIR> d-------- c:\programmi\World of Warcraft Public Test 2008-10-09 16:00 . 2008-10-09 16:00 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Blizzard 2008-10-09 01:47 . 2008-10-09 01:47 42,320 --a------ c:\windows\SYSTEM32\xfcodec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-01 09:30 --------- d-----w c:\programmi\eMule 2008-10-27 16:00 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\uTorrent 2008-10-23 09:19 --------- d-s---w c:\programmi\Xfire 2008-10-22 17:42 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\Xfire 2008-10-22 12:10 --------- d-----w c:\programmi\World of Warcraft 2008-10-17 12:05 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\Skype 2008-10-15 11:56 --------- d-----w c:\programmi\NCSoft 2008-10-13 12:51 182,928 ----a-w c:\windows\SYSTEM32\PnkBstrB.exe 2008-10-13 12:51 138,376 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-10-13 12:48 66,872 ----a-w c:\windows\SYSTEM32\PnkBstrA.exe 2008-10-09 15:58 --------- d-----w c:\programmi\File comuni\Blizzard Entertainment 2008-10-09 15:03 --------- d-----w c:\programmi\ThriXXX 2008-10-07 19:35 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\teamspeak2 2008-10-03 20:53 --------- d-----w c:\programmi\Microsoft SQL Server 2008-10-02 20:50 --------- d-----w c:\programmi\Microsoft CAPICOM 2.1.0.2 2008-10-01 13:55 --------- d-----w c:\programmi\MessengerDiscovery 2008-10-01 13:48 --------- d-----w c:\programmi\Messenger Plus! Live 2008-10-01 13:48 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus! 2008-10-01 13:44 --------- d-----w c:\programmi\MSN Messenger 2008-10-01 12:59 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller 2008-10-01 12:57 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller 2008-10-01 12:44 --------- d-----w c:\programmi\Windows Live 2008-10-01 12:13 --------- d-----w c:\programmi\StuffPlug3 2008-09-28 14:08 --------- d--h--w c:\programmi\InstallShield Installation Information 2008-09-28 14:07 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\GetRightToGo 2008-09-21 09:41 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\SecondLife 2008-09-18 11:56 --------- d-----w c:\programmi\Microsoft LifeChat 2008-09-15 15:38 1,846,016 ----a-w c:\windows\SYSTEM32\win32k.sys 2008-09-09 10:24 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ATI 2008-09-09 10:21 --------- d-----w c:\programmi\ATI Technologies 2008-09-09 08:59 --------- d-----w c:\documents and settings\Enrico Fantini\Dati applicazioni\atitray 2008-09-07 22:29 --------- d-----w c:\programmi\SystemRequirementsLab 2008-08-20 05:35 662,016 ----a-w c:\windows\SYSTEM32\wininet.dll 2008-08-14 13:42 2,139,648 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe 2008-08-14 13:42 2,019,328 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe 2007-09-11 22:19 22,328 ----a-w c:\documents and settings\Enrico Fantini\Dati applicazioni\PnkBstrK.sys 2006-05-29 15:39 36,816 -c--a-w c:\documents and settings\Enrico Fantini\Dati applicazioni\GDIPFONTCACHEV1.DAT 2005-06-19 09:04 32 -c--a-r c:\documents and settings\All Users\hash.dat . ((((((((((((((((((((((((((((( snapshot@2008-11-04_14.52.33.07 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-04 13:04:40 81,842 ----a-w c:\windows\SYSTEM32\PERFC009.DAT + 2008-11-04 17:39:36 81,842 ----a-w c:\windows\SYSTEM32\PERFC009.DAT - 2008-11-04 13:04:40 98,522 ----a-w c:\windows\SYSTEM32\PERFC010.DAT + 2008-11-04 17:39:36 98,522 ----a-w c:\windows\SYSTEM32\PERFC010.DAT - 2008-11-04 13:04:40 454,378 ----a-w c:\windows\SYSTEM32\PERFH009.DAT + 2008-11-04 17:39:36 454,378 ----a-w c:\windows\SYSTEM32\PERFH009.DAT - 2008-11-04 13:04:40 509,148 ----a-w c:\windows\SYSTEM32\PERFH010.DAT + 2008-11-04 17:39:36 509,148 ----a-w c:\windows\SYSTEM32\PERFH010.DAT . -- Snapshot per reimpostare la data corrente -- . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . Nota i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] "DMXLauncher"="c:\programmi\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "DAEMON Tools"="c:\programmi\DAEMON Tools\daemon.exe" [2005-11-08 128920] "BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336] "iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2005-12-20 278528] "snpstd"="c:\windows\vsnpstd.exe" [2004-05-10 286720] "WinampAgent"="c:\programmi\Winamp\winampa.exe" [2007-05-14 35328] "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376] "StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "LifeChat"="c:\programmi\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296] "QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-07-29 155648] "UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] "Spyware Doctor"="c:\programmi\Spyware Doctor\swdoctor.exe" [2007-03-28 2115728] c:\documents and settings\Enrico Fantini\Menu Avvio\Programmi\Esecuzione automatica\ Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-12 113664] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\KEM.exe [2005-10-22 581632] Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "c:\\Programmi\\GameSpy Arcade\\Aphex.exe"= "c:\\Programmi\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"= "c:\\Programmi\\Xfire\\Xfire.exe"= "c:\\Programmi\\SHOUTcast\\sc_serv.exe"= "c:\\Programmi\\Mozilla Firefox\\firefox.exe"= "c:\\Programmi\\YVD\\n00b-IRC.exe"= "c:\\Programmi\\YVD\\YGO Virtual Desktop V086.exe"= "c:\\Programmi\\iTunes\\iTunes.exe"= "c:\\StubInstaller.exe"= "c:\\Programmi\\LimeWire\\LimeWire.exe"= "c:\\Programmi\\FantasyGrounds\\FantasyGrounds.exe"= "c:\\Programmi\\VoipStunt\\VoipStunt\\VoipStunt.exe"= "c:\\Program Files\\Apprentice\\Appr.exe"= "c:\\Programmi\\uTorrent\\utorrent.exe"= "c:\\Documents and Settings\\Enrico Fantini\\Desktop\\Desctozz\\RPGONLINE\\RPGONLINE\\RPGOnline.exe"= "m:\\NeverwinterNights\\NWN\\nwmain.exe"= "m:\\FEAR\\FEAR.exe"= "c:\\Programmi\\mIRC\\mirc.exe"= "c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"= "c:\\Programmi\\NetMeeting\\CONF.EXE"= "c:\\Programmi\\Winamp\\winamp.exe"= "c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"= "c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"= "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"= "c:\\Programmi\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "c:\\Programmi\\Last.fm\\LastFM.exe"= "m:\\WoWServer\\wamp\\Apache2\\bin\\httpd.exe"= "c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\ascent1722\\Ascent1722\\logonserver.exe"= "c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\Ascent Rev2355\\Ascent Rev2355\\logonserver.exe"= "c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\Rev2902\\Rev2902\\logonserver.exe"= "c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\AC WEB REPACK 7.4\\Ascent\\logonserver.exe"= "c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\AC WEB REPACK 7.4\\Ascent\\ascent.exe"= "c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\Ascent3361\\Ascent 3361\\logonserver.exe"= "c:\\Documents and Settings\\Enrico Fantini\\Desktop\\WoWprivato\\Ascent3361\\Ascent 3361\\voicechat.exe"= "c:\\Programmi\\World of Warcraft\\BackgroundDownloader.exe"= "m:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "m:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "m:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Programmi\\TmNationsForever\\TmForever.exe"= "c:\\Programmi\\Shareaza Applications\\Shareaza\\Shareaza.exe"= "m:\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Programmi\\The All-Seeing Eye\\eye.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "c:\\Programmi\\eMule\\emule.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programmi\\World of Warcraft\\WoW-2.4.3.8568-to-3.0.2.8916-enGB-downloader.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2350:TCP"= 2350:TCP:TMNations1 "3450:TCP"= 3450:TCP:TMNations2 "2350:UDP"= 2350:UDP:TMNationsUDP1 "3450:UDP"= 3450:UDP:TMNationsUDP2 "6370:TCP"= 6370:TCP::Disabled:ppLive "7251:UDP"= 7251:UDP::Disabled:ppLive "3204:TCP"= 3204:TCP::Disabled:ppLive "2588:UDP"= 2588:UDP::Disabled:ppLive "7624:TCP"= 7624:TCP::Disabled:ppLive "4565:UDP"= 4565:UDP::Disabled:ppLive "5340:TCP"= 5340:TCP:WarRockTCP "5350:UDP"= 5350:UDP:WarRockUDP "8000:TCP"= 8000:TCP:Winamp "8000:UDP"= 8000:UDP:Winamp "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R3 RXG350XP;Roper 802.11g XG350 Driver;c:\windows\system32\DRIVERS\WlanCTG.sys [2005-05-26 481664] S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [ ] S3 wampapache;wampapache;m:\wowserver\wamp\apache2\bin\httpd.exe [2007-09-05 24635] S3 wampmysqld;wampmysqld;m:\wowserver\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 5730304] . Contenuto della cartella 'Scheduled Tasks' 2008-09-18 c:\windows\Tasks\LifeChatTask.job - c:\programmi\Microsoft LifeChat\LifeChat.exe [2008-08-21 10:16] . - - - - ORFÃOS REMOVIDOS - - - - BHO-{0E00AB23-3C82-4C02-B18F-40F44636EE49} - c:\windows\system32\cewmd.dll ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-04 20:23:28 Windows 5.1.2600 Service Pack 2 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv] "ImagePath"="\??\c:\windows\TEMP\mc21.tmp" . ------------------------ Altri processi in esecuzione ------------------------ . c:\windows\SYSTEM32\ati2evxx.exe c:\windows\SYSTEM32\ati2evxx.exe c:\programmi\Lavasoft\Ad-Aware\aawservice.exe c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE c:\windows\SYSTEM32\CTSVCCDA.EXE c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe c:\programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe c:\windows\SYSTEM32\PnkBstrA.exe c:\programmi\Spyware Doctor\sdhelp.exe c:\programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\SYSTEM32\WGATray.exe c:\programmi\iPod\bin\iPodService.exe c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe c:\programmi\Logitech\SetPoint\KHALMNPR.exe c:\progra~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE c:\programmi\Java\jre1.6.0_05\bin\jucheck.exe . ************************************************************************ . Ora fine scansione: 2008-11-04 20:47:28 - macchina è stato riavviato ComboFix-quarantined-files.txt 2008-11-04 19:47:22 ComboFix2.txt 2008-11-04 13:53:29 Pre-Run: 21.496.389.632 byte disponibili Post-Run: 21,477,548,032 byte disponibili 300 --- E O F --- 2008-11-03 21:50:04 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20.51.19, on 04/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programmi\Spyware Doctor\sdhelp.exe C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Analog Devices\Core\smax4pnp.exe C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe C:\Programmi\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\iTunes\iTunesHelper.exe C:\WINDOWS\vsnpstd.exe C:\Programmi\Winamp\winampa.exe C:\Programmi\iPod\bin\iPodService.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Programmi\Microsoft LifeChat\LifeChat.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\Unlocker\UnlockerAssistant.exe C:\Programmi\Logitech\SetPoint\KEM.exe C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe C:\Programmi\Java\jre1.6.0_05\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programmi\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [LifeChat] "C:\Programmi\Microsoft LifeChat\LifeChat.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://labirreriadifantom.spaces.liv...d/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://labirreriadifantom.spaces.liv...d/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe O23 - Service: wampapache - Apache Software Foundation - M:\WoWServer\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - M:\WoWServer\wamp\mysql\bin\mysqld-nt.exe -- End of file - 10452 bytes