Infected??? - Gladiator Security Forum

Forum Rules

Greetings,

Before you post in this forum,please read and follow the instructions in this post: Guidelines for Posting in This Forum

Failure to follow these instructions will only result in delays of the cleaning and removal process.

If you ran other AntiVirus and/or AntiSpyware programs and have the logs available, please post them as well.

Our goal is to help you clean your PC and restore it to pre-infection condition wherever possible.

Thank You

Infected???, hijack this scan check- thanks!

Options

kritaly View Member Profile	Jan 13 2006, 05:16 PM Post #1
Active Member Group: Member Posts: 27 Joined: 13-January 06 Member No.: 17445	I've been trying to figure this out for a while... maybe someone can help. I know that the entry O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB77303-4EAE-4BF9-8CD5-AED2C97EC51D}: NameServer = 212.151.136.246 130.244.127.169 isn't good- problem is, every time I fix it it comes back within a few days. Seems I must be missing something else I need to get rid of... Suggestions? I also don't like that "file missing" setting on my Avast anti-virus. I've already re-installed it twice and suspect something is messing with it... I'd really like to avoid re-installing windows- at least for a bit longer. Thanks! Logfile of HijackThis v1.99.1 Scan saved at 18.09.55, on 13/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\ICQLite\ICQLite.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE C:\Programmi\iTunes\iTunesHelper.exe C:\WINDOWS\System32\realmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\RunDLL32.exe C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Programmi\3M\PSNLite\PsnLite.exe C:\Programmi\Palm\HOTSYNC.EXE C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\Programmi\Alias\Maya7.0\docs\wrapper.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Alias\Maya7.0\docs\jre\bin\java.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\taskmgr.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Sygate\SPF\smc.exe C:\Programmi\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programmi\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe" -CheckReg O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmi\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start O4 - HKLM\..\Run: [Recguard] C:\Programmi\HP\recguard.exe O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE O4 - HKLM\..\Run: [IPSecMon] C:\Programmi\Common files\VPN Network\IPSecMon.exe /vpncheck O4 - HKLM\..\Run: [Windows Update AutoUpdate Client] C:\WINDOWS\System32\winupd\wuauclt.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot O4 - Startup: HotSync Manager.lnk = C:\Programmi\Palm\HOTSYNC.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programmi\AIM\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.it/downloads/BUM/B..._1/axofupld.cab O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclic...ioneTiscali.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB77303-4EAE-4BF9-8CD5-AED2C97EC51D}: NameServer = 212.151.136.246 130.244.127.169 O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Programmi\AliasWavefront\Maya5.0\docs\Wrapper.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Programmi\Alias\Maya7.0\docs\wrapper.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

Mosaic1 View Member Profile	Jan 13 2006, 06:24 PM Post #2
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164	I am suspicious of this one: O4 - HKLM\..\Run: [Windows Update AutoUpdate Client] C:\WINDOWS\System32\winupd\wuauclt.exe Do this before you do anything else. Go to start >run and type msconfig Press enter When msconfig opens, click the startups tab Find and uncheck Windows Update AutoUpdate Client Press apply and ok. Do not restart yet. I would like you to go and have the file scanned here: http://virusscan.jotti.org/ Enter this path into the File to upload box and then press the submit button. C:\WINDOWS\System32\winupd\wuauclt.exe Copy and paste the scan results into your next reply here. ----------------------------- There has been an issue found recently with Sun Java. When newer versions are installed, the older versions are left behind and malware can call these older versions to exploit flaws. Some malware has been found to install this way. First update to the very latest version of Sun Java, which is 1.5.0_06 Then go into Add Remove programs and uninstall any older versions you find listed there. QUOTE also don't like that "file missing" setting on my Avast anti-virus. I've already re-installed it twice and suspect something is messing with it... No. Everything's ok. The files are present and running. Check the running processes in your log. It's a hijackthis glitch. The /Service at the end of the line prevents Hijckthis from finding the files, It therefore reports them as missing. ----------------------------- QUOTE I've been trying to figure this out for a while... maybe someone can help. I know that the entry O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB77303-4EAE-4BF9-8CD5-AED2C97EC51D}: NameServer = 212.151.136.246 130.244.127.169 isn't good- problem is, every time I fix it it comes back within a few days. Seems I must be missing something else I need to get rid of... Suggestions? I think those addresses also belong to your Internet Service Provider. Swipnet If in doubt, check it out with them. A nameserver is essential. We all have them and it should belong to our Internet Service Provider. ------------------ Is this a leftover? Did you have Panda Anti Virus instlled at one time and have since uninstalled? If so, run hijackthis, select this item and press the fix checked button: O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE ------- This shows you installed a hotfix and now you need to install the actual MS patch and then uninstall this. DO NOT fix this: O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll Like this: Goi here and install the patch: http://www.microsoft.com/technet/security/...n/MS06-001.mspx After a restart go to Add Rmove Programs and uninstall Windows WMF Metafile Vulnerability Hotfix 1.2 Then go to Start >Run and paste in this command: regsvr32 /i shimgvw.dll Restart the computer. Ruh hijackthis and post the new log here.

kritaly View Member Profile	Jan 14 2006, 09:07 AM Post #3
Active Member Group: Member Posts: 27 Joined: 13-January 06 Member No.: 17445	AACK! How come my Avast, Spy-Bot and Adaware combined haven't found these results??? Should I change anti-virus programs? Got any suggestions? From http://virusscan.jotti.org/ : File: wuauclt.exe_ Status: INFECTED/MALWARE MD5 4a1912d6924cfa3d4b7b0368f6f63fc0 Packers detected: ASPACK Scanner results AntiVir Found Trojan/Lazar.C ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found Win32.Sober.Z@mm ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found Lazarus-tr Kaspersky Anti-Virus Found Trojan.Win32.Lazar.c NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found MalwareScope.Downloader.Small.3 _________________________________________________ OK- I downloaded the new Java, but I'm not sure if I should delete all the old versions or if one of them is the base application and this is just an update? Here's what I've got: Java Runtime Environment 1.1 Java 2 Runtime Environment SE v.1.4.2 Java 2 Runtime Environment Standard Edition 1.3.1_13 J2SE Runtime Environment 5.0 Update 4 and now... J2SE Runtime Environment 5.0 Update 6 ____________________________________________________ QUOTE I think those addresses also belong to your Internet Service Provider. Swipnet Unfortunately right now I'm between providers- I'm having a nightmarish time switching ADSL and have been on dial-up for a couple of months (I know... this is the source of all my troubles) I alternate between Tiscali and Tele2 as providers and have never heard of "Swipnet" ??? _____________________________________________________ OK... I'm finished downloading and installing everything now. I'll restart and post a new Hijack This log in a few minutes. Thanks so much for taking the time to help me out on this!

kritaly View Member Profile	Jan 14 2006, 09:27 AM Post #4
Active Member Group: Member Posts: 27 Joined: 13-January 06 Member No.: 17445	Here's the new hijack this log. I suppose now the next step is getting rid of wuauclt.exe ??? Thanks again for your help! Logfile of HijackThis v1.99.1 Scan saved at 10.23.05, on 14/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\ICQLite\ICQLite.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE C:\Programmi\iTunes\iTunesHelper.exe C:\WINDOWS\System32\realmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\RunDLL32.exe C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Programmi\3M\PSNLite\PsnLite.exe C:\Programmi\Palm\HOTSYNC.EXE C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\Programmi\Alias\Maya7.0\docs\wrapper.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Alias\Maya7.0\docs\jre\bin\java.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programmi\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe" -CheckReg O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmi\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start O4 - HKLM\..\Run: [Recguard] C:\Programmi\HP\recguard.exe O4 - HKLM\..\Run: [IPSecMon] C:\Programmi\Common files\VPN Network\IPSecMon.exe /vpncheck O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Windows Update AutoUpdate Client] C:\WINDOWS\System32\winupd\wuauclt.exe O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot O4 - Startup: HotSync Manager.lnk = C:\Programmi\Palm\HOTSYNC.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programmi\AIM\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.it/downloads/BUM/B..._1/axofupld.cab O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclic...ioneTiscali.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Programmi\AliasWavefront\Maya5.0\docs\Wrapper.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Programmi\Alias\Maya7.0\docs\wrapper.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

Mosaic1 View Member Profile	Jan 14 2006, 08:19 PM Post #5
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164	Here's an analysis of those IP's you were confused about. As an Admin here, I can see your current address. I have removed that informatoin from this report. It resolves to this: netname: IT-TELE2 descr: Tele2 Italy S.A descr: Tele2 / SWIPNET descr: Dial up In Italy descr: #################################################### In case of improper use originating from our network, please mail <abuse@tele2.it> #################################################### country: IT admin-c: SWIP-RIPE tech-c: SWIP-RIPE status: ASSIGNED PA mnt-by: TELE2-REGISTRY mnt-lower: SWIPNET-LIR-MNT mnt-routes: TELE2EUROPE-MNT source: RIPE # Filtered role: Swipnet Staff address: Tele2 AB/Swedish IP Network DNS/IP Registry LIR/Local Internet Registry Borgarfjordsgatan 16 Box 62 S-16494 Kista SWEDEN phone: +46 8 5626 40 00 fax-no: +46 8 5626 42 10 e-mail: ip@swip.net remarks: The database object describes the staff of SWIPNET LIR. admin-c: KAFO-RIPE tech-c: KAFO-RIPE tech-c: MJ836-RIPE tech-c: MJ845-RIPE tech-c: AGNE-RIPE tech-c: LMJ1-RIPE tech-c: KE516-RIPE nic-hdl: SWIP-RIPE mnt-by: SWIPNET-LIR-MNT source: RIPE # Filtered descr: SWIPNET descr: TELE2-ITALY ##################################################### In case of improper use originating from our network, please mail or <abuse@tele2.it> #################################################### origin: AS1257 mnt-by: AS1257-MNT source: RIPE # Filtered -------------- Ok Now let's look at those two 017 addresses you had previously. I think you'll see what I was telling you earlier. O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB77303-4EAE-4BF9-8CD5-AED2C97EC51D}: NameServer = 212.151.136.246 130.244.127.169 ---------------- % Information related to '212.151.128.0 - 212.151.171.255' inetnum: 212.151.128.0 - 212.151.171.255 netname: EU-TELE2 descr: Pan-european network descr: SWIPNET / Tele2 ################################ In case of improper use, please mail <abuse@swip.net> ################################ country: SE admin-c: SWIP-RIPE tech-c: SWIP-RIPE status: ASSIGNED PA mnt-by: TELE2-REGISTRY mnt-lower: SWIPNET-LIR-MNT mnt-routes: AS1257-MNT source: RIPE # Filtered role: Swipnet Staff address: Tele2 AB/Swedish IP Network DNS/IP Registry LIR/Local Internet Registry Borgarfjordsgatan 16 Box 62 S-16494 Kista SWEDEN phone: +46 8 5626 40 00 fax-no: +46 8 5626 42 10 e-mail: ip@swip.net remarks: The database object describes the staff of SWIPNET LIR. admin-c: KAFO-RIPE tech-c: KAFO-RIPE tech-c: MJ836-RIPE tech-c: MJ845-RIPE tech-c: AGNE-RIPE tech-c: LMJ1-RIPE tech-c: KE516-RIPE nic-hdl: SWIP-RIPE mnt-by: SWIPNET-LIR-MNT source: RIPE # Filtered % Information related to '212.151.0.0/16AS1257' route: 212.151.0.0/16 descr: SWIPNET descr: In case of improper use originating from our network, descr: please mail customer or abuse@swip.net origin: AS1257 mnt-by: AS1257-MNT source: RIPE # Filtered ----------------- Request: 130.244.127.169 connected to whois.arin.net [69.25.34.144:43] ... connected to whois.ripe.net [193.0.0.135:43] ... % This is the RIPE Whois query server #2. % The objects are in RPSL format. % % Note: the default output of the RIPE Whois server % is changed. Your tools may need to be adjusted. See % http://www.ripe.net/db/news/abuse-proposal-20050331.html % for more details. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag % Information related to '130.244.0.0 - 130.244.255.255' inetnum: 130.244.0.0 - 130.244.255.255 netname: SE-SWIPNET-19940728 descr: Swipnet backbone descr: #################################### In case of improper use, please mail <abuse@swip.net> #################################### country: SE admin-c: SWIP-RIPE admin-c: LMJ1-RIPE tech-c: SWIP-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-HM-PI-MNT mnt-lower: RIPE-NCC-HM-PI-MNT mnt-by: SWIPNET-LIR-MNT mnt-routes: SWIPNET-LIR-MNT source: RIPE # Filtered role: Swipnet Staff address: Tele2 AB/Swedish IP Network DNS/IP Registry LIR/Local Internet Registry Borgarfjordsgatan 16 Box 62 S-16494 Kista SWEDEN phone: +46 8 5626 40 00 fax-no: +46 8 5626 42 10 e-mail: ip@swip.net remarks: The database object describes the staff of SWIPNET LIR. admin-c: KAFO-RIPE tech-c: KAFO-RIPE tech-c: MJ836-RIPE tech-c: MJ845-RIPE tech-c: AGNE-RIPE tech-c: LMJ1-RIPE tech-c: KE516-RIPE nic-hdl: SWIP-RIPE mnt-by: SWIPNET-LIR-MNT source: RIPE # Filtered person: Lars Michael Jogback address: Tele2 AB address: Box 62 address: S-164 94 KISTA address: SWEDEN phone: +46 8 5626 4000 fax-no: +46 8 5626 4200 e-mail: lm@swip.net mnt-by: JOGBACK-MNT nic-hdl: LMJ1-RIPE source: RIPE # Filtered % Information related to '130.244.0.0/16AS1257' route: 130.244.0.0/16 descr: SWIPNET descr: In case of improper use originating from our network, descr: please mail customer or abuse@swip.net origin: AS1257 mnt-by: AS1257-MNT source: RIPE # Filtered

Mosaic1 View Member Profile	Jan 14 2006, 08:22 PM Post #6
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164	Uninstall these: Java Runtime Environment 1.1 Java 2 Runtime Environment SE v.1.4.2 Java 2 Runtime Environment Standard Edition 1.3.1_13 J2SE Runtime Environment 5.0 Update 4 All AV doesn't get everything. Some is better than others and for absolute certainty that is the same for Anti Spyware programs. There is so much junk out there nothing is able to keep up. But you shojld also vbe sure that your programs are updated before you run them. Kaspersky AV is considered by many to be the best AV. Nod is good too. Fix this entry using hijackthis: O4 - HKLM\..\Run: [Windows Update AutoUpdate Client] C:\WINDOWS\System32\winupd\wuauclt.exe Log off and back on to windows. What else is in this folder please? I may ask for a copy of it to send out to the AV's. C:\WINDOWS\System32\winupd -------------------------------------

kritaly View Member Profile	Jan 15 2006, 12:24 AM Post #7
Active Member Group: Member Posts: 27 Joined: 13-January 06 Member No.: 17445	Thanks so much for your help- and thanks for the explanation of the name server. I get it now! (and it's right, too) In the C:\WINDOWS\System32\winupd folder there are 2 files... wuauclt.exe 25KB Application 12/06/2002 0.00 wuauclt.exe.dat 1KB Flexlm License File 05/06/1998 0.00 If you'd like a copy, I'll be more than happy to send you a password protected zip. (A couple of years ago- on a different computer- I had to send in some files to the McAfee virus lab so they could write a fix for them. How lucky is that? Is it possible for the same person to get hit twice by new viruses???) I'll see about dowloading Kaspersky. In the meantime, is fixing wuauclt.exe with hijackthis enough to get those trojans off? Currently when I reboot I am getting the MS Configuration window- should I keep booting up this way until all is fixed?

Mosaic1 View Member Profile	Jan 15 2006, 03:45 PM Post #8
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164	You're welcome. I'd love a zip of the C:\WINDOWS\System32\winupd folder. My email is Katie_3232AThotmail.com Replace the AT with an @ for the address to work. Thanks. When the message comes on screen at startup, put a check in the Don't show me this again box. That will take care of it for you. It's a result of making a change using msconfig. Once you have Kaspersky, don;t forget to either uninstall or doisable your other AV from running in the background. Two AV's can cause conficts and a performance hit. I'd like to see a new hijackthis log please. Fixing the startup entry should stop it from running unless something else is also causing it to run. After I see the files, we'll jave you delete them.

Mosaic1 View Member Profile	Jan 15 2006, 05:38 PM Post #9
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164	After you send me that folder then run the MS Tool here: http://www.microsoft.com/security/malwareremove/default.mspx Let me know the results. I want to see if it picks up the file. It should.

kritaly View Member Profile	Jan 15 2006, 06:30 PM Post #10
Active Member Group: Member Posts: 27 Joined: 13-January 06 Member No.: 17445	Nope. The MS Tool didn't pick up anything- I used the latest version since I already tried that several weeks ago... hmmm... Should I just simply delete those two files and see what happens? Did you get the email I sent with the .rar file? Also... I've noticed that my firewall has been picking up port scans over the last couple of days. Could this be related or do you think it's just more regular internet junk? I've tested my computer with a couple of different on-line security sites and all ports are coming up as stealth... The most recent attack from Sygate: "Somebody is scanning your computer. Your computer's UDP ports: 1031, 1032, 1033, and 4081 have been scanned from 222.38.148.19.." Here's the hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 19.27.55, on 15/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\ICQLite\ICQLite.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE C:\Programmi\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\RunDLL32.exe C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Programmi\3M\PSNLite\PsnLite.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Programmi\Palm\HOTSYNC.EXE C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\Programmi\Alias\Maya7.0\docs\wrapper.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Alias\Maya7.0\docs\jre\bin\java.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skysobig.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programmi\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe" -CheckReg O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmi\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start O4 - HKLM\..\Run: [Recguard] C:\Programmi\HP\recguard.exe O4 - HKLM\..\Run: [IPSecMon] C:\Programmi\Common files\VPN Network\IPSecMon.exe /vpncheck O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot O4 - Startup: HotSync Manager.lnk = C:\Programmi\Palm\HOTSYNC.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programmi\AIM\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.it/downloads/BUM/B..._1/axofupld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclic...ioneTiscali.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB77303-4EAE-4BF9-8CD5-AED2C97EC51D}: NameServer = 212.151.136.246 130.244.127.169 O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Programmi\AliasWavefront\Maya5.0\docs\Wrapper.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Programmi\Alias\Maya7.0\docs\wrapper.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe Thanks again for all your help!

Mosaic1 View Member Profile	Jan 15 2006, 06:49 PM Post #11
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164	You'fre welcome. I just got your email a short time ago and am in the process of sending out the information and doing a more advanced scan on the files. And then sending out this infomration to the security community. Yes. Go ahead and delete the originals and the rar now. I'll send you an email after I have caught up on everything. Of you fix this entry that mscoonfog screen won[t come up again: O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto The firewall caught scans. That address is somewhere3 in China, I think. There is no indication anything was blocked or got in though. Let's do one more test: Download Autoruns from this page: http://www.sysinternals.com/Utilities/Autoruns.html Unzip to a folder and the double click on autoruns.exe Wait until the program has finished running (the status line will show 'Ready') Under the 'Options' menu, make sure that 'Include Empty Sections' is checked. Wait again until ready. Be sure the 'Everything' tab is selected. Select 'File -> Save' and save the output file. Copy the contents of the Autoruns text file and post its contents in your next reply here. But things look good so far. How is everything behaving?

Mosaic1 View Member Profile	Jan 15 2006, 06:55 PM Post #12
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164	Found what I wanted for you: Go here and do the port scan test. Let me know the results please: http://www.dslreports.com/scan

kritaly View Member Profile	Jan 15 2006, 07:05 PM Post #13
Active Member Group: Member Posts: 27 Joined: 13-January 06 Member No.: 17445	Oh my gosh! This Autoruns file has got everything except my blood type listed! (By the way- activity on my firewall has slowed waaaay down and my dvd drive has stopped popping open and spinning randomly for no reason, so it looks like we're on the right track) I've deleted the 2 suspicious files. I'll do that port scan now and send it in my next post. Here's the Autoruns file: HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit + C:\WINDOWS\system32\userinit.exe Applicazione accesso Userinit Microsoft Corporation c:\windows\system32\userinit.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell + Explorer.exe Esplora risorse Microsoft Corporation c:\windows\explorer.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + Apvxdwin c:\windows\system32\apvxdwin.exe + avast! avast! service GUI component c:\programmi\alwil software\avast4\ashdisp.exe + dla Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswctrl.exe + EPSON Stylus C66 Series EPSON Status Monitor 3 SEIKO EPSON CORPORATION c:\windows\system32\spool\drivers\w32x86\3\e_s4i0s2.exe + eTrust Realtime Monitor c:\windows\system32\realmon.exe + ICQ Lite ICQLite ICQ Ltd. c:\programmi\icqlite\icqlite.exe + IPSecMon c:\programmi\common files\vpn network\ipsecmon.exe + iTunesHelper iTunesHelper Module Apple Computer, Inc. c:\programmi\itunes\ituneshelper.exe + LogitechGalleryRepair ImageStudio Startup Application Logitech Inc. c:\programmi\logitech\imagestudio\isstart.exe + LogitechImageStudioTray ImageStudio Tray Application Logitech Inc. c:\programmi\logitech\imagestudio\logitray.exe + LVCOMS LVCom Server Logitech Inc. c:\programmi\file comuni\logitech\qcdriver3\lvcoms.exe + PSDrvCheck c:\programmi\pinnacle\instant videoalbum\programs\psdrvcheck.exe + QuickTime Task QuickTime Task Apple Computer, Inc. c:\programmi\quicktime\qttask.exe + Recguard c:\programmi\hp\recguard.exe + SmcService Sygate Agent Firewall Sygate Technologies, Inc. c:\programmi\sygate\spf\smc.exe + StorageGuard Sonic Update Manager Sonic Solutions c:\programmi\file comuni\sonic\update manager\sgtray.exe + SunJavaUpdateSched Java™ 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\programmi\java\jre1.5.0_06\bin\jusched.exe + TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\programmi\file comuni\real\update_ob\realsched.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica + Acrobat Assistant.lnk AcroTray Adobe Systems Inc. c:\programmi\adobe\acrobat 5.0\distillr\acrotray.exe + Adobe Gamma Loader.lnk Adobe Gamma Loader Adobe Systems, Inc. c:\programmi\file comuni\adobe\calibration\adobe gamma loader.exe + Pinnacle Scheduler.lnk Pinnacle Scheduler Application Pinnacle Systems GmbH, Braunschweig c:\programmi\pinnacle\shared files\programs\scheduler\pclescheduler.exe + Post-it® Software Notes Lite.lnk Post-it® Software Notes: System 3M c:\programmi\3m\psnlite\psnlite.exe C:\Documents and Settings\Karla\Menu Avvio\Programmi\Esecuzione automatica + HotSync Manager.lnk HotSync® Manager Application Palm, Inc. c:\programmi\palm\hotsync.exe HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Run + DW4 The Weather Channel Interactive c:\programmi\the weather channel fw\desktop weather\desktopweather.exe + OfotoNow USB Detection Modulo di esecuzione DLL come applicazioni Microsoft Corporation c:\windows\system32\rundll32.exe + Skype Skype - Free Internet Telephony Skype Technologies S.A. c:\programmi\skype\phone\skype.exe HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce + ICQ Lite ICQLite ICQ Ltd. c:\programmi\icqlite\icqlite.exe HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components + Internet Explorer Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe + Internet Explorer 6 Internet Explorer 5.0 - Utilità di installazione per utente Microsoft Corporation c:\windows\system32\ie4uinit.exe + Microsoft Outlook Express 6 Libreria dell'installazione di Outlook Express Microsoft Corporation c:\programmi\outlook express\setup50.exe + Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll + NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll + Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe + Personalizzazione del browser DLL di personalizzazione di Microsoft Internet Explorer Microsoft Corporation c:\windows\system32\iedkcs32.dll + Rubrica 6 Libreria dell'installazione di Outlook Express Microsoft Corporation c:\programmi\outlook express\setup50.exe + Themes Setup Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe + Windows Desktop Update Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe + Windows Media Player Utilità di configurazione di Microsoft Windows Media Player Microsoft Corporation c:\windows\inf\unregmp2.exe + Windows Messenger 4.7 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler + Daemon di cache delle categorie di componenti Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Precaricatore Browseui Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad + CDBurn DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll + PostBootReminder DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll + SysTray Oggetto servizio shell Systray Microsoft Corporation c:\windows\system32\stobject.dll + WebCheck Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks + shell32.dll DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + %DESC_PublishDropTarget% Stampa guidata foto Microsoft Corporation c:\windows\system32\photowiz.dll + &Contatti... Trova contatti Microsoft Corporation c:\programmi\outlook express\wabfind.dll + &Indirizzo Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + .CAB file viewer Estensione shell Cabinet File Viewer Microsoft Corporation c:\windows\system32\cabview.dll + Accessibile Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Account utente Procedura guidata Connetti unità di rete/Risorse di rete Microsoft Corporation c:\windows\system32\netplwiz.dll + Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Assistenza utente Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Audio Media Properties Handler Estensione shell programma di estrazione proprietà file multimediale Microsoft Corporation c:\windows\system32\shmedia.dll + Auto Update Property Sheet Extension Pannello di Controllo Aggiornamenti automatici Microsoft Corporation c:\windows\system32\wuaucpl.cpl + avast avast! Shell Extension ALWIL Software c:\programmi\alwil software\avast4\ashshell.dll + Avi Properties Handler Estensione shell programma di estrazione proprietà file multimediale Microsoft Corporation c:\windows\system32\shmedia.dll + BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Barra degli strumenti Microsoft Internet Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Barra delle applicazioni e menu di avvio DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll + Cartella cache ActiveX Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll + Cartella compressa Cartelle compresse Microsoft Corporation c:\windows\system32\zipfldr.dll + Cartella file non in linea Interfaccia della cache sul lato client Microsoft Corporation c:\windows\system32\cscui.dll + Cartella Subscription Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll + CDF Extension Copy Hook Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Cerca Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Channel Handler Object Visualizzatore del file di definizione del canale Microsoft Corporation c:\windows\system32\cdfview.dll + Channel Menu Visualizzatore del file di definizione del canale Microsoft Corporation c:\windows\system32\cdfview.dll + Channel Properties Visualizzatore del file di definizione del canale Microsoft Corporation c:\windows\system32\cdfview.dll + Code Download Agent Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll + Collegamento al canale Visualizzatore del file di definizione del canale Microsoft Corporation c:\windows\system32\cdfview.dll + Completamento automatico Microsoft Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Compressed (zipped) Folder Right Drag Handler Cartelle compresse Microsoft Corporation c:\windows\system32\zipfldr.dll + Compressed (zipped) Folder SendTo Target Cartelle compresse Microsoft Corporation c:\windows\system32\zipfldr.dll + ConnectionAgent Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll + Connessioni di rete Shell connessioni di rete Microsoft Corporation c:\windows\system32\netshell.dll + Connessioni di rete Shell connessioni di rete Microsoft Corporation c:\windows\system32\netshell.dll + Contenitore dell'elenco di Completamento automatico multiplo Microsoft Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Creazione guidata profilo Passport Procedura guidata Connetti unità di rete/Risorse di rete Microsoft Corporation c:\windows\system32\netplwiz.dll + Cronologia Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Darwin App Publisher Gestione applicazioni shell Microsoft Corporation c:\windows\system32\appwiz.cpl + DfsShell Estensione DFS di Shell Microsoft Corporation c:\windows\system32\dfsshlex.dll + Directory Context Menu Verbs Interfaccia utente comune del servizio directory Microsoft Corporation c:\windows\system32\dsuiext.dll + Directory Object Find Ricerca del servizio directory Microsoft Corporation c:\windows\system32\dsquery.dll + Directory Property UI Interfaccia utente comune del servizio directory Microsoft Corporation c:\windows\system32\dsuiext.dll + Directory Query UI Ricerca del servizio directory Microsoft Corporation c:\windows\system32\dsquery.dll + Directory Start/Search Find Ricerca del servizio directory Microsoft Corporation c:\windows\system32\dsquery.dll + Disk Quota UI DLL UI quota disco Shell di Windows Microsoft Corporation c:\windows\system32\dskquoui.dll + Display TroubleShoot CPL Extension Proprietà avanzate prestazioni di visualizzazione Microsoft Corporation c:\windows\system32\deskperf.dll + DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswshx.dll + Elenco di Completamento automatico della Cronologia di Microsoft Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Elenco di Completamento automatico di Shell Folder di Microsoft Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Elenco di Completamento automatico MRU Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Elenco di Completamento automatico MRU personalizzato Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Enumeratore applicazioni installate Gestione applicazioni shell Microsoft Corporation c:\windows\system32\appwiz.cpl + Esegui... Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Estensione copia dischi Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll + Estensione Crypto PKO Estensioni della shell di crittografia Microsoft Corporation c:\windows\system32\cryptext.dll + Estensione di icona di HyperTerminal HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll + Estensione firma crittografata Estensioni della shell di crittografia Microsoft Corporation c:\windows\system32\cryptext.dll + Estensione monitor del Pannello di controllo Proprietà avanzate monitor Microsoft Corporation c:\windows\system32\deskmon.dll + Estensione panoramica video del Pannello di controllo File not found: deskpan.dll + Estensione scheda video del Pannello di controllo Proprietà avanzate scheda video Microsoft Corporation c:\windows\system32\deskadp.dll + Estensione shell per la stampante Web DLL dell'interfaccia utente di stampa Microsoft Corporation c:\windows\system32\printui.dll + Estensione shell per Windows Script Host Microsoft ® Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll + Estensioni shell per la condivisione Estensioni shell per la condivisione Microsoft Corporation c:\windows\system32\ntshrui.dll + Estensioni shell per la condivisione Estensioni shell per la condivisione Microsoft Corporation c:\windows\system32\ntshrui.dll + Estensioni shell per oggetti Rete Microsoft Windows Interfaccia utente shell Network object Microsoft Corporation c:\windows\system32\ntlanui2.dll + Explorer Band Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Favorites Band Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + File del canale Visualizzatore del file di definizione del canale Microsoft Corporation c:\windows\system32\cdfview.dll + File temporanei Internet Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + File temporanei Internet Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + FTP Folders Webview Estensione shell della cartella FTP di Microsoft Internet Explorer Microsoft Corporation c:\windows\system32\msieftp.dll + FTP Surfer Shell Extension wtftpshx Whisper Technology Limited c:\programmi\whisper technology\ftp surfer\wtftpshx.dll + GDI + programma di estrazione file in anteprima Visualizzatore immagini e fax per Windows Microsoft Corporation c:\windows\system32\shimgvw.dll + Gestione applicazioni shell Gestione applicazioni shell Microsoft Corporation c:\windows\system32\appwiz.cpl + Gestore dati dei ritagli di shell Gestore oggetti dei ritagli di Shell Microsoft Corporation c:\windows\system32\shscrap.dll + Gestore monitor ICM DLL di interfaccia utente Microsoft Color Matching System Microsoft Corporation c:\windows\system32\icmui.dll + Gestore scanner ICM DLL di interfaccia utente Microsoft Color Matching System Microsoft Corporation c:\windows\system32\icmui.dll + Gestore stampante ICM DLL di interfaccia utente Microsoft Color Matching System Microsoft Corporation c:\windows\system32\icmui.dll + Guida in linea e supporto tecnico Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Guida in linea e supporto tecnico Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Hook per la ricerca di URL Microsoft Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + ICQ Lite Shell Extension ICQLiteShell Module c:\programmi\icqlite\icqliteshell.dll + Impostazioni cartella globale Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Indicatore di avanzamento popup Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Internet Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Internet Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Internet Name Space Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + InternetShortcut Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + ISFBand OC Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + iTunes iTunes Mini Player DLL Apple Computer, Inc. c:\programmi\itunes\itunesminiplayer.dll + Logitech Gallery Logitech Gallery Logitech Inc. c:\programmi\logitech\imagestudio\namespc.dll + Media Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll + Microsoft Browser Architecture Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\programmi\file comuni\system\ole db\oledb32.dll + Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Midi Properties Handler Estensione shell programma di estrazione proprietà file multimediale Microsoft Corporation c:\windows\system32\shmedia.dll + MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshext.dll + MyDocs Copy Hook UI cartella Documenti Microsoft Corporation c:\windows\system32\mydocs.dll + MyDocs Drop Target UI cartella Documenti Microsoft Corporation c:\windows\system32\mydocs.dll + MyDocs Properties UI cartella Documenti Microsoft Corporation c:\windows\system32\mydocs.dll + Offline Files Folder Options Interfaccia della cache sul lato client Microsoft Corporation c:\windows\system32\cscui.dll + Offline Files Menu Interfaccia della cache sul lato client Microsoft Corporation c:\windows\system32\cscui.dll + Oggetto Pubblicazione guidata sul Web Procedura guidata Connetti unità di rete/Risorse di rete Microsoft Corporation c:\windows\system32\netplwiz.dll + OpenOffice Property Sheet Handler Sun Microsystems, Inc. c:\programmi\openoffice.org1.1.4\program\shlxthdl.dll + Operazioni pianificate DLL dell'interfaccia dell'Utilità di pianificazione Microsoft Corporation c:\windows\system32\mstask.dll + Ordinazione di stampe tramite Web Procedura guidata Connetti unità di rete/Risorse di rete Microsoft Corporation c:\windows\system32\netplwiz.dll + Pagina compatibilità DLL estensione shell scheda compatibilità Microsoft Corporation c:\windows\system32\slayerxp.dll + Pagina di proprietà di Docfile OLE Pagina di proprietà di Docfile OLE Microsoft Corporation c:\windows\system32\docprop.dll + Pagina di protezione della stampante Estensione shell di protezione Microsoft Corporation c:\windows\system32\rshx32.dll + Pagina di protezione DS Interfaccia utente protezione servizio directory Microsoft Corporation c:\windows\system32\dssec.dll + Pagina di protezione NTFS Estensione shell di protezione Microsoft Corporation c:\windows\system32\rshx32.dll + Parser della barra degli indirizzi Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + PlusPack CPL Extension API di Windows Theme Microsoft Corporation c:\windows\system32\themeui.dll + Portable Media Devices Estensione shell dispositivi portatili multimediali Microsoft Corporation c:\windows\system32\audiodev.dll + Portable Media Devices Menu Estensione shell dispositivi portatili multimediali Microsoft Corporation c:\windows\system32\audiodev.dll + Posta elettronica Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + PostAgent Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll + Previous Versions File not found: C:\WINDOWS\System32\twext.dll + Previous Versions Property Page File not found: C:\WINDOWS\System32\twext.dll + Profilo ICC DLL di interfaccia utente Microsoft Color Matching System Microsoft Corporation c:\windows\system32\icmui.dll + Programma di estrazione pagine HTML in anteprima Visualizzatore immagini e fax per Windows Microsoft Corporation c:\windows\system32\shimgvw.dll + Proprietà dei file Multimedia Estensioni multimediali della shell Microsoft Corporation c:\windows\system32\mmsys.cpl + Pubblicazione guidata sul Web Procedura guidata Connetti unità di rete/Risorse di rete Microsoft Corporation c:\windows\system32\netplwiz.dll + RecordNow! SendToExt Shell Extensions Sonic Solutions c:\programmi\sonic\recordnow!\shlext.dll + Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remotepg.dll + Ricerca all'interno Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Ricerca Web Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Scanner e fotocamere digitali Interfaccia utente cartella shell periferiche di acquisizione immagini Microsoft Corporation c:\windows\system32\wiashext.dll + Scanner e fotocamere digitali Interfaccia utente cartella shell periferiche di acquisizione immagini Microsoft Corporation c:\windows\system32\wiashext.dll + Scanner e fotocamere digitali Interfaccia utente cartella shell periferiche di acquisizione immagini Microsoft Corporation c:\windows\system32\wiashext.dll + Scanner e fotocamere digitali Interfaccia utente cartella shell periferiche di acquisizione immagini Microsoft Corporation c:\windows\system32\wiashext.dll + Scanner e fotocamere digitali Interfaccia utente cartella shell periferiche di acquisizione immagini Microsoft Corporation c:\windows\system32\wiashext.dll + Schermata iniziale applicazioni Internet Explorer 4 Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Search Assistant OC Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + SearchBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Sendmail service Invia posta Microsoft Corporation c:\windows\system32\sendmail.dll + Sendmail service Invia posta Microsoft Corporation c:\windows\system32\sendmail.dll + Servizio Cronologia Url Microsoft Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Shell Automation Inproc Service Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Shell DocObject Viewer Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Shell Extensions for RealOne Player RealOne Player Shell Extensions RealNetworks c:\programmi\real\realone player\rpshellext.dll + Shell Folder 2 accresciuto Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Shell Folder accresciuto Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Shell Image Data Factory Visualizzatore immagini e fax per Windows Microsoft Corporation c:\windows\system32\shimgvw.dll + Shell Image Property Handler Visualizzatore immagini e fax per Windows Microsoft Corporation c:\windows\system32\shimgvw.dll + Shell Image Verbs Visualizzatore immagini e fax per Windows Microsoft Corporation c:\windows\system32\shimgvw.dll + Shell properties for a DS object Ricerca del servizio directory Microsoft Corporation c:\windows\system32\dsquery.dll + Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Sincronia file Sincronia file per Windows Microsoft Corporation c:\windows\system32\syncui.dll + SmartFTP Shell Extension DLL SmartFTP Shell Extension SmartFTP c:\programmi\smartftp\smarthook.dll + Stato del download Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Strumenti di amministrazione Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Subscription Mgr Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll + Summary Info Thumbnail handler (DOCFILES) Visualizzatore immagini e fax per Windows Microsoft Corporation c:\windows\system32\shimgvw.dll + Tasks Folder Icon Handler DLL dell'interfaccia dell'Utilità di pianificazione Microsoft Corporation c:\windows\system32\mstask.dll + Tasks Folder Shell Extension DLL dell'interfaccia dell'Utilità di pianificazione Microsoft Corporation c:\windows\system32\mstask.dll + Tipi di carattere Cartella Tipi di carattere Microsoft Corporation c:\windows\system32\fontext.dll + Tipi di carattere Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + TrayAgent Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll + TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Utilità opzioni della struttura del Registro di sistema Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Video Media Properties Handler Estensione shell programma di estrazione proprietà file multimediale Microsoft Corporation c:\windows\system32\shmedia.dll + Video Thumbnail Extractor Estensione shell programma di estrazione proprietà file multimediale Microsoft Corporation c:\windows\system32\shmedia.dll + Wav Properties Handler Estensione shell programma di estrazione proprietà file multimediale Microsoft Corporation c:\windows\system32\shmedia.dll + WebCheck Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll + WebCheck SyncMgr Handler Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll + WebCheckChannelAgent Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll + WebCheckWebCrawler Utilità di monitoraggio siti Web Microsoft Corporation c:\windows\system32\webcheck.dll + Windows Media Player Add to Playlist Context Menu Handler Utilità di avvio di Windows Media Player Microsoft Corporation c:\windows\system32\wmpshell.dll + Windows Media Player Burn Audio CD Context Menu Handler Utilità di avvio di Windows Media Player Microsoft Corporation c:\windows\system32\wmpshell.dll + Windows Media Player Play as Playlist Context Menu Handler Utilità di avvio di Windows Media Player Microsoft Corporation c:\windows\system32\wmpshell.dll + WinRAR shell extension c:\programmi\winrar\rarext.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved HKLM\Software\Classes\Folder\Shellex\ColumnHandlers + {0D2E74C4-3C34-11d2-A27E-00C04FC30871} DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll + {24F14F01-7B1C-11d1-838f-0000F80461CF} DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll + {24F14F02-7B1C-11d1-838f-0000F80461CF} DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll + {66742402-F9B9-11D1-A202-0000F81FEDEE} DLL comune della shell di Windows Microsoft Corporation c:\windows\system32\shell32.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + AcroIEHlprObj Class AcroIEHelper Module c:\programmi\adobe\acrobat 5.0\acrobat\activex\acroiehelper.ocx + DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswshx.dll + EpsonToolBandKicker Class EPSON Web-To-Page SEIKO EPSON CORPORATION c:\programmi\epson\epson web-to-page\epson web-to-page.dll + Google Toolbar Helper Google IE Client Toolbar Google Inc. c:\programmi\google\googletoolbar1.dll + SSVHelper Class Java™ 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\programmi\java\jre1.5.0_06\bin\ssv.dll HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks + shdocvw.dll Shell Doc Object e Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll HKLM\Software\Microsoft\Internet Explorer\Toolbar HKLM\Software\Microsoft\Internet Explorer\Extensions + AIM AOL Instant Messenger America Online, Inc. c:\programmi\aim\aim.exe + ICQ Lite ICQLite ICQ Ltd. c:\programmi\icqlite\icqlite.exe + Messenger Messenger Microsoft Corporation c:\programmi\messenger\msmsgs.exe Task Scheduler HKLM\System\CurrentControlSet\Services + aswUpdSv Provides automatic updating for the avast! antivirus. c:\programmi\alwil software\avast4\aswupdsv.exe + AudioSrv Gestisce periferiche audio per programmi basati su Windows. Se il servizio è stato arrestato, le periferiche audio e gli effetti non funzioneranno correttamente. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe + avast! Antivirus Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. c:\programmi\alwil software\avast4\ashserv.exe + BITS Utilizza la larghezza di banda inattiva della rete per trasferire i dati. Microsoft Corporation c:\windows\system32\svchost.exe + Browser Mantiene un elenco aggiornato dei computer in rete e lo fornisce ai computer designati come browser. Se il servizio è stato arrestato, l'elenco non verrà aggiornato o mantenuto. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe + CryptSvc Fornisce tre servizi di gestione: il servizio Database catalogo, che serve per confermare le firme dei file di Windows; il servizio Archivio principale protetto, per aggiungere e rimuovere dal computer i certificati dell'autorità di certificazione delle fonti attendibili; e il servizio Chiave, che aiuta a registrare i certificati nel computer. Se questo servizio è interrotto, i servizi di gestione non funzioneranno in modo corretto. Se il servizio è disabilitato, tutti i servizi che dipendono direttamente da questo non potranno essere avviati. Microsoft Corporation c:\windows\system32\svchost.exe + Dhcp Gestisce la configurazione di rete registrando e aggiornando indirizzi IP e nomi DNS. Microsoft Corporation c:\windows\system32\svchost.exe + Dnscache Risolve e salva nella cache nomi DNS per il computer. Se il servizio è stato arrestato, il computer non sarà in grado di risolvere i nomi DNS e di individuare i controller di dominio Active Directory. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe + ERSvc Consente la segnalazione di errori per servizi e applicazioni eseguiti in ambienti non standard. Microsoft Corporation c:\windows\system32\svchost.exe + Eventlog Abilita i messaggi del registro eventi rilasciati dai programmi di Windows e rende possibile la visualizzazione dei componenti in Visualizzatore eventi. Impossibile interrompere questo servizio. Microsoft Corporation c:\windows\system32\services.exe + helpsvc Consente l'esecuzione di Guida in linea e supporto tecnico. Se il servizio è arrestato, Guida in linea e supporto tecnico non è disponibile. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe + lanmanserver Supporta la condivisione in rete di file, stampa e named-pipe per il computer in uso. Se il servizio è stato arrestato, queste funzionalità non saranno disponibili. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe + lanmanworkstation Crea e mantiene le connessioni di rete tra client e server remoti. Se il servizio è stato arrestato, le connessioni non saranno disponibili. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe + LmHosts Attiva il servizio Supporto NetBIOS su TCP/IP (NetBT) e risoluzione nomi NetBIOS. Microsoft Corporation c:\windows\system32\svchost.exe + maya70docserver Searchable online docs for Alias software c:\programmi\alias\maya7.0\docs\wrapper.exe + NVSvc NVIDIA Driver Helper Service, Version 45.01 NVIDIA Corporation c:\windows\system32\nvsvc32.exe + PlugPlay Abilita un computer a riconoscere e adattarsi alle modifiche hardware con il minimo input da parte dell'utente o senza alcun input. Se il servizio viene arrestato o disabilitato, il sistema diventerà instabile. Microsoft Corporation c:\windows\system32\services.exe + PolicyAgent Gestisce la protezione IP e avvia ISAKMP/Oakley (IKE) e il driver di protezione IP. Microsoft Corporation c:\windows\system32\lsass.exe + ProtectedStorage Fornisce l'archiviazione protetta per dati importanti, come chiavi private, per evitare l'accesso di servizi, processi, utenti non autorizzati. Microsoft Corporation c:\windows\system32\lsass.exe + RpcSs Fornisce il mapper dell'endpoint e altri servizi RPC. Microsoft Corporation c:\windows\system32\svchost.exe + SamSs Archivia le informazioni di protezione per gli account utenti locali. Microsoft Corporation c:\windows\system32\lsass.exe + Schedule Abilita l'utente a configurare e pianificare operazioni automatizzate sul computer in uso. Se il servizio è stato arrestato, le operazioni non verranno eseguite secondo gli orari pianificati. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe + seclogon Abilita l'avvio di processi con credenziali alternative. Se il servizio è stato arrestato, questo tipo di accesso non sarà disponibile. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe + SENS Registra eventi di sistema come accessi a Windows, eventi di rete e alimentazione. Notifica questi eventi ai sottoscrittori COM+ Event System. Microsoft Corporation c:\windows\system32\svchost.exe + SharedAccess Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale. Microsoft Corporation c:\windows\system32\svchost.exe + ShellHWDetection Generic Host Process for Win32 Services Microsoft Corporation c:\windows\system32\svchost.exe + SmcService Sygate Agent Firewall Sygate Technologies, Inc. c:\programmi\sygate\spf\smc.exe + Spooler Carica i file in memoria per stampare in un secondo momento. Microsoft Corporation c:\windows\system32\spoolsv.exe + srservice Esegue le funzioni di ripristino del sistema. Per interrompere il servizio, disattivare Ripristino configurazione di sistema nella scheda Ripristino configurazione di sistema in Risorse del computer->Proprietà Microsoft Corporation c:\windows\system32\svchost.exe + stisvc Fornisce servizi di acquisizione immagini per scanner e fotocamere. Microsoft Corporation c:\windows\system32\svchost.exe + Themes Consente la gestione dei temi. Microsoft Corporation c:\windows\system32\svchost.exe + TrkWks Gestisce collegamenti tra file NTFS in un computer o tra più computer in un dominio di rete. Microsoft Corporation c:\windows\system32\svchost.exe + UMWdf Consente driver in modalità utente di Windows. Microsoft Corporation c:\windows\system32\wdfmgr.exe + uploadmgr Gestisce i trasferimenti di file sincroni ed asincroni tra client e server in rete. Se il servizio è arrestato, i trasferimenti di file sincroni ed asincroni tra client e server in rete non possono avvenire. Se il servizio è disabilitato, i servizi esplicitamente dipendenti da esso non possono essere avviati. Microsoft Corporation c:\windows\system32\svchost.exe + w32time Assicura la sincronizzazione data e ora su tutti i client e i server della rete. Se il servizio viene interrotto, la sincronizzazione data e ora non sarà disponibile. Se questo servizio è disattivato, non potrà essere avviato alcun servizio che dipende direttamente da esso. Microsoft Corporation c:\windows\system32\svchost.exe + WebClient Abilita i programmi basati su Windows per creare, accedere e modificare i file basati su Internet. Se il servizio è stato arrestato, queste funzionalità non saranno disponibili. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe + winmgmt Fornisce un modello di interfacce e di oggetti comune per accedere alle informazioni di gestione sul sistema operativo, le periferiche, le applicazioni e i servizi. Se il servizio viene interrotto, la maggior parte del software basato su Windows non funzionerà in modo corretto. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. Microsoft Corporation c:\windows\system32\svchost.exe + wuauserv Consente il download e l'installazione di aggiornamenti importanti di Windows. Se il servizio è disattivato, è possibile eseguire manualmente l'aggiornamento del sistema operativo nel sito Web Windows Update. Microsoft Corporation c:\windows\system32\svchost.exe + WZCSVC Fornisce la configurazione automatica per le schede 802.11 Microsoft Corporation c:\windows\system32\svchost.exe HKLM\System\CurrentControlSet\Services + 3xHybrid Pinnacle PCTV Stereo capture driver Philips Semiconductors GmbH c:\windows\system32\drivers\3xhybrid.sys + ACPI Driver ACPI per NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys + aeaudio Andrea Audio Stub Driver Andrea Electronics Corporation c:\windows\system32\drivers\aeaudio.sys + aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys + AFD Ancillary Function Driver for WinSock Microsoft Corporation c:\windows\system32\drivers\afd.sys + agp440 440 NT AGP Filter Microsoft Corporation c:\windows\system32\drivers\agp440.sys + ASAPIW2k ASAPI VOB Computersysteme GmbH c:\windows\system32\drivers\asapiw2k.sys + AsyncMac Driver per supporti asincroni RAS Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys + atapi IDE/ATAPI Port Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys + Atmarpc Protocollo client ARP ATM Microsoft Corporation c:\windows\system32\drivers\atmarpc.sys + audstub AudStub Driver Microsoft Corporation c:\windows\system32\drivers\audstub.sys + basic2 NTRksample driver Conexant c:\windows\system32\drivers\hsf_bsc2.sys + C-Dilla C-Dilla Windows NT RTS Macrovision c:\windows\system32\drivers\cdant.sys + CCDECODE WDM Closed Caption VBI Codec Microsoft Corporation c:\windows\system32\drivers\ccdecode.sys + Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys + CoachCap COACHCAP Zoran Microelectronics Ltd. c:\windows\system32\drivers\coachcap.sys + Disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys + DMusic Microsoft Kernel DLS Synthesizer Microsoft Corporation c:\windows\system32\drivers\dmusic.sys + drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys + drvmcdb Device Driver Sonic Solutions c:\windows\system32\drivers\drvmcdb.sys + DS1410D c:\windows\system32\drivers\ds1410d.sys + E100B Intel® PRO/100 Adapter NDIS 5.1 driver Intel Corporation c:\windows\system32\drivers\e100b325.sys + EL90XBC 3Com EtherLink PCI Driver 3Com Corporation c:\windows\system32\drivers\el90xbc5.sys + Fallback Fallback driver Conexant c:\windows\system32\drivers\hsf_fall.sys + Fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\drivers\fdc.sys + Flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\drivers\flpydisk.sys + Fsks FSKsNT driver Conexant c:\windows\system32\drivers\hsf_fsks.sys + Ftdisk Driver FT del disco Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys + GEARAspiWDM CDRom Class Filter Driver GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys + Gpc Utilità di classificazione pacchetti - no pills needed - Microsoft Corporation c:\windows\system32\drivers\msgpc.sys + hardlock Hardlock Device Driver for Windows NT Aladdin Knowledge Systems c:\windows\system32\drivers\hardlock.sys + Haspnt HASP Kernel Device Driver for Windows NT Aladdin Knowledge Systems c:\windows\system32\drivers\haspnt.sys + HidUsb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\drivers\hidusb.sys + hsf_msft WinACHSF driver Conexant c:\windows\system32\drivers\hsf_msft.sys + HTTP Questo servizio implementa il protocollo di trasferimento HyperText (HTTP). Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati. File not found: System32\Drivers\HTTP.sys + i8042prt Driver della porta i8042 Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys + i81x Miniport Driver for Intel Graphics Driver Intel Corporation c:\windows\system32\drivers\i81xnt5.sys + iAimFP0 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\wadv01nt.sys + iAimFP1 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\wadv02nt.sys + iAimFP2 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\wadv05nt.sys + iAimFP3 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\wsiintxx.sys + iAimFP4 Local Flat Panel Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\wvchntxx.sys + iAimTV0 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\watv01nt.sys + iAimTV1 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\watv02nt.sys + iAimTV2 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\watv03nt.sys + iAimTV3 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\watv04nt.sys + iAimTV4 Digital Display Minidriver for Intel® Graphics Driver Intel Corporation c:\windows\system32\drivers\wch7xxnt.sys + Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys + intelppm File not found: System32\DRIVERS\intelppm.sys + ip6fw Fornisce servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale. File not found: system32\drivers\ip6fw.sys + IpFilterDriver Driver filtro traffico IP Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys + IpInIp Driver tunnel IP in IP Microsoft Corporation c:\windows\system32\drivers\ipinip.sys + IpNat Traduttore indirizzi di rete IP Microsoft Corporation c:\windows\system32\drivers\ipnat.sys + IPSec Driver IPSEC Microsoft Corporation c:\windows\system32\drivers\ipsec.sys + IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys + isapnp Driver bus PNP ISA Microsoft Corporation c:\windows\system32\drivers\isapnp.sys + K56 K56NT driver Conexant c:\windows\system32\drivers\hsf_k56k.sys + Kbdclass Driver classe tastiera Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys + kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\windows\system32\drivers\kmixer.sys + lusbaudio Sound Driver Logitech Inc. c:\windows\system32\drivers\lvsound2.sys + Mouclass Driver Mouse Class Microsoft Corporation c:\windows\system32\drivers\mouclass.sys + mouhid Driver del filtro del mouse HID Microsoft Corporation c:\windows\system32\drivers\mouhid.sys + MP30005 USB Driver 0c57 c:\windows\system32\drivers\c570005.sys + MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys + MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys + MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys + MSTEE WDM Tee/Communication Transform Filter Microsoft Corporation c:\windows\system32\drivers\mstee.sys + NABTSFEC WDM NABTS/FEC VBI Codec Microsoft Corporation c:\windows\system32\drivers\nabtsfec.sys + NdisIP Microsoft IP Driver Microsoft Corporation c:\windows\system32\drivers\ndisip.sys + NdisTapi Driver TAPI NDIS di accesso remoto Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys + Ndisuio Protocollo I/O modalità utente su NDIS Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys + NdisWan Driver WAN NDIS di accesso remoto Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys + NetBT NetBios su Tcpip Microsoft Corporation c:\windows\system32\drivers\netbt.sys + nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.01 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys + NwlnkFlt Driver filtro traffico IPX Microsoft Corporation c:\windows\system32\drivers\nwlnkflt.sys + NwlnkFwd Driver inoltratore traffico IPX Microsoft Corporation c:\windows\system32\drivers\nwlnkfwd.sys + omci OMCI Device Driver Dell Computer Corporation c:\windows\system32\drivers\omci.sys + P3 Driver di periferica processore Microsoft Corporation c:\windows\system32\drivers\p3.sys + PalmUSBD USB Driver for Palm OS Handheld Devices Palm, Inc. c:\windows\system32\drivers\palmusbd.sys + Parport Driver della porta parallela Microsoft Corporation c:\windows\system32\drivers\parport.sys + PCI Enumeratore PCI Plug and Play per NT Microsoft Corporation c:\windows\system32\drivers\pci.sys + PCIIde Driver bus PCI IDE generico Microsoft Corporation c:\windows\system32\drivers\pciide.sys + pctvvbi VBI Service Pinnacle Systems c:\windows\system32\drivers\pctvvbi.sys + Pfc Padus® ASPI Shell Padus, Inc. c:\windows\system32\drivers\pfc.sys + PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys + Processor Driver di periferica processore Microsoft Corporation c:\windows\system32\drivers\processr.sys + PSched Utilità di pianificazione pacchetti QoS Microsoft Corporation c:\windows\system32\drivers\psched.sys + Ptilink Driver Direct Parallel Link Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys + PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys + QCEmerald Video Minidriver Logitech Inc. c:\windows\system32\drivers\lvce.sys + RasAcd Driver connessione automatica Accesso remoto Microsoft Corporation c:\windows\system32\drivers\rasacd.sys + Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys + RasPppoe Driver PPPOE di accesso remoto Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys + Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys + RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys + rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\drivers\rdpdr.sys + redbook Driver del filtro audio Redbook Microsoft Corporation c:\windows\system32\drivers\redbook.sys + Rksample Rksample WDM driver Conexant c:\windows\system32\drivers\hsf_samp.sys + S6U12BScanner USB Scanner Driver Microsoft Corporation c:\windows\system32\drivers\usbscan.sys + Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys + Sentinel Sentinel System Driver (NT Parallel driver) Rainbow Technologies, Inc. c:\windows\system32\drivers\sentinel.sys + serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys + Serial Driver della periferica seriale Microsoft Corporation c:\windows\system32\drivers\serial.sys + SLIP Microsoft Slip Deframing Filter Minidriver Microsoft Corporation c:\windows\system32\drivers\slip.sys + smwdm SoundMAX Integrated Digital Audio Analog Devices, Inc. c:\windows\system32\drivers\smwdm.sys + Sntnlusb Rainbow Technologies Sentinel Device Driver Rainbow Technologies Inc. c:\windows\system32\drivers\sntnlusb.sys + SoftFax FaxNT driver Conexant c:\windows\system32\drivers\hsf_faxx.sys + splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys + Stmatm ATM/ADSL miniport STMicroelectronics c:\windows\system32\drivers\stmatm.sys + streamip Microsoft IP Driver Microsoft Corporation c:\windows\system32\drivers\streamip.sys + swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys + swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys + sysaudio System Audio WDM Filter Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys + TaurusUsb ADSL Modem Driver STMicroelectronics c:\windows\system32\drivers\torususb.sys + Tcpip Driver protocollo TCP/IP Microsoft Corporation c:\windows\system32\drivers\tcpip.sys + Teefer Teefer Driver Sygate Technologies, Inc. c:\windows\system32\drivers\teefer.sys + TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys + Tones TonesNT driver Conexant c:\windows\system32\drivers\hsf_tone.sys + Update Update Driver Microsoft Corporation c:\windows\system32\drivers\update.sys + usbccgp USB Common Class Generic Parent Driver Microsoft Corporation c:\windows\system32\drivers\usbccgp.sys + usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbehci.sys + usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys + usbprint USB Printer driver Microsoft Corporation c:\windows\system32\drivers\usbprint.sys + USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\drivers\usbstor.sys + usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbuhci.sys + V124 V124NT driver Conexant c:\windows\system32\drivers\hsf_v124.sys + VgaSave Controlla la scheda video VGA per fornire funzionalità di visualizzazione di base. Microsoft Corporation c:\windows\system32\drivers\vga.sys + Wanarp Driver ARP IP di accesso remoto Microsoft Corporation c:\windows\system32\drivers\wanarp.sys + wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\windows\system32\drivers\wdmaud.sys + wg3n wgxn Sygate Technologies, Inc. c:\windows\system32\drivers\wg3n.sys + wg4n wgxn Sygate Technologies, Inc. c:\windows\system32\drivers\wg4n.sys + wg5n wgxn Sygate Technologies, Inc. c:\windows\system32\drivers\wg5n.sys

kritaly View Member Profile	Jan 15 2006, 07:13 PM Post #14
Active Member Group: Member Posts: 27 Joined: 13-January 06 Member No.: 17445	Hmmm.. can't seem to get that port scan to start. Says to wait for the Java applet, but nothing is happening... Could this be related to all the old versions of java I uninstalled? And in the meantime someone in China is scanning me again... aack!

Mosaic1 View Member Profile	Jan 15 2006, 07:19 PM Post #15
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164	I'll look at the autoruns in a second. Test to see if your java is working. If not, reinstall it. Here's that page: http://www.java.com/en/download/help/testvm.xml

« Next Oldest · HELP! Think you are Infected? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members: