Runscanner logfile http://www.runscanner.net
000 General info
----------------
Computer name : NOME-8I55LI28RN
Type of scan : Full scan
RunScanner Version : 0.9.0.0
Creation time : 16/04/2007 10.47.58
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
User Language : Italiano (Italia)
IE version : 6.0.2900.2180
Windows folder : C:\WINDOWS
001 Running processes
---------------------
* c:\programmi\alwil software\avast4\aswupdsv.exe (ALWIL Software)
* c:\programmi\alwil software\avast4\ashserv.exe (ALWIL Software)
c:\windows\soundman.exe (Avance Logic, Inc.)
c:\programmi\microsoft hardware\keyboard\type32.exe (Microsoft Corporation)
c:\programmi\microsoft hardware\mouse\point32.exe (Microsoft Corporation)
c:\windows\system32\spool\drivers\w32x86\3\e_s10ic 2.exe (SEIKO EPSON CORPORATION)
c:\programmi\avpersonal\avgnt.exe (H+BEDV Datentechnik GmbH)
* c:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software)
c:\programmi\avpersonal\avguard.exe (H+BEDV Datentechnik GmbH)
* c:\windows\system32\ati2evxx.exe
c:\programmi\avpersonal\avwupsrv.exe (H+BEDV Datentechnik GmbH, Germany)
c:\programmi\file comuni\epson\ebapi\sagent2.exe (SEIKO EPSON CORPORATION)
* c:\programmi\alwil software\avast4\ashmaisv.exe (ALWIL Software)
* c:\programmi\alwil software\avast4\ashwebsv.exe (ALWIL Software)
c:\docume~1\danilo\impost~1\temp\directory temporanea 2 per runscanner1.zip\runscanner.exe (Runscanner.net)
002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
C:\WINDOWS\soundman.exe (Avance Logic, Inc.)
c:\programmi\microsoft hardware\keyboard\type32.exe (Microsoft Corporation)
- point32.exe
c:\windows\system32\spool\drivers\w32x86\3\e_s10ic 2.exe (SEIKO EPSON CORPORATION)
c:\windows\system32\nerocheck.exe (Ahead Software Gmbh)
c:\programmi\avpersonal\avgnt.exe (H+BEDV Datentechnik GmbH)
* c:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software)
005 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
----------------------------------------------------------------------------------
- c:\programmi\precisiontime\precisiontime.exe
010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
c:\programmi\avpersonal\avguard.exe (AntiVir Service)
* c:\programmi\alwil software\avast4\aswupdsv.exe (avast! iAVS4 Control Service)
* C:\WINDOWS\system32\ati2evxx.exe (ati2evxx.exe)
c:\windows\system32\ati2sgag.exe (ATI Smart)
* c:\programmi\alwil software\avast4\ashserv.exe (avast! Antivirus)
* c:\programmi\alwil software\avast4\ashmaisv.exe (avast! Mail Scanner)
* c:\programmi\alwil software\avast4\ashwebsv.exe (avast! Web Scanner)
c:\programmi\avpersonal\avwupsrv.exe (AntiVir Update)
c:\programmi\file comuni\epson\ebapi\sagent2.exe (EPSON Printer Status Agent2)
011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
C:\WINDOWS\system32\drivers\alcxwdm.sys (Service for Avance AC97 Audio (WDM))
* C:\WINDOWS\system32\drivers\ati2mtag.sys (Video)
c:\programmi\avpersonal\avgntdw.sys (avgntdw)
* C:\WINDOWS\system32\drivers\hsf_bsc2.sys (NTRksample driver)
* C:\WINDOWS\system32\drivers\hsf_fall.sys (Fallback driver)
* C:\WINDOWS\system32\drivers\hsf_fsks.sys (FSKsNT driver)
- d:\install\gmsipci.sys (GMSIPCI)
* C:\WINDOWS\system32\drivers\hcf_msft.sys (Modem)
* C:\WINDOWS\system32\drivers\hsf_msft.sys (WinACHSF driver)
* C:\WINDOWS\system32\drivers\hsf_k56k.sys (K56NT driver)
- d:\ntaccess.sys (NTACCESS)
* C:\WINDOWS\system32\drivers\ptilink.sys (Driver Direct Parallel Link)
* C:\WINDOWS\system32\drivers\hsf_samp.sys (Rksample WDM driver)
* C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv)
- d:\ntglm7x.sys (SetupNTGLM7X)
* C:\WINDOWS\system32\drivers\hsf_faxx.sys (FaxNT driver)
* C:\WINDOWS\system32\drivers\hsf_tone.sys (TonesNT driver)
* C:\WINDOWS\system32\drivers\hsf_v124.sys (V124NT driver)
031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\programmi\file comuni\microsoft shared\web folders\pkmcdo.dll (Microsoft Corporation) {CD00020A-8B95-11D1-82DB-00C04FB1625D}
* c:\progra~1\copern~1\copern~1.dll (Copernic Technologies Inc.) {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6}
* c:\progra~1\copern~1\copern~1.dll (Copernic Technologies Inc.) {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D}
c:\programmi\file comuni\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
c:\programmi\file comuni\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
c:\programmi\file comuni\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF40-A96B-11d1-9C6B-0000F875AC61}
036 HKCU\Software\Microsoft\Internet Explorer\Desktop\Components
----------------------------------------------------------------
About:Home
041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
* c:\programmi\copernic agent\copernicagentext.dll (Copernic Technologies Inc.) {F2E259E8-0FC8-438C-A6E0-342DD80FA53E}
042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
* c:\progra~1\copern~1\copern~1.exe (Copernic Technologies Inc.) {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084}
* c:\progra~1\copern~1\copern~1.exe (Copernic Technologies Inc.) {688DC797-DC11-46A7-9F1B-445F4F58CE6E}
044 HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
------------------------------------------------------------------
* c:\programmi\copernic agent\copernicagentext.dll (Copernic Technologies Inc.) {F2E259E8-0FC8-438C-A6E0-342DD80FA53E}
045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
* c:\programmi\copernic agent\copernicagentext.dll (Copernic Technologies Inc.) {F2E259E8-0FC8-438C-A6E0-342DD80FA53E}
061 HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
----------------------------------------------------------------------------
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
* c:\windows\system32\hticons.dll (Hilgraeve, Inc.) {88895560-9AA2-1069-930E-00AA0030EBC8}
c:\progra~1\fileco~1\micros~1\webfol~1\msonsext.dl l (Microsoft Corporation) {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
c:\programmi\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
autocheck autochk *
065 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
----------------------------------------------------------------------------------
explorer.exe : c:\windows\system32\vkeufpiw.txt (Microsoft Corporation)
069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
--------------------------------------------------------
* C:\WINDOWS\system32\ebpmon2.dll (SEIKO EPSON CORPORATION)
073 %windir%\Tasks
------------------
c:\windows\tasks\bxsghkmm.job
c:\windows\tasks\vdaq.job
c:\windows\tasks\ukweiyyf.job
c:\windows\tasks\wyvccvdd.job
c:\windows\tasks\nygpir.job
c:\windows\tasks\npr.job
c:\windows\tasks\uwptfo.job
c:\windows\tasks\uqano.job
c:\windows\tasks\cwieed.job
c:\windows\tasks\kcmkhcg.job
c:\windows\tasks\pbopl.job
c:\windows\tasks\rldmzb.job
c:\windows\tasks\agwujrvm.job
c:\windows\tasks\frp.job
c:\windows\tasks\gqbm.job
c:\windows\tasks\fiyjdonp.job
c:\windows\tasks\uguvp.job
c:\windows\tasks\xadeu.job
c:\windows\tasks\fwjitxf.job
c:\windows\tasks\wzsjqkbu.job
c:\windows\tasks\kytgxpzo.job
c:\windows\tasks\zhjonjr.job
c:\windows\tasks\vnhkz.job
c:\windows\tasks\fjmbukl.job
c:\windows\tasks\nxg.job
c:\windows\tasks\jqmf.job
c:\windows\tasks\ztck.job
c:\windows\tasks\dnwd.job
c:\windows\tasks\hiaxjiup.job
c:\windows\tasks\smgy.job
c:\windows\tasks\cmffrt.job
c:\windows\tasks\noxgptdr.job
c:\windows\tasks\dbvo.job
c:\windows\tasks\vwcqz.job
c:\windows\tasks\zlcb.job
c:\windows\tasks\dlw.job
c:\windows\tasks\ahwlaokx.job
c:\windows\tasks\ixy.job
c:\windows\tasks\azl.job
c:\windows\tasks\ekpcyj.job
100 Internet Explorer settings
------------------------------
Start Page HKCU : about:blank
Start Page HKLM : http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
Search Page HKCU : http://www.microsoft.com/isapi/redir...ie&ar=iesearch
Search Page HKLM : http://www.microsoft.com/isapi/redir...ie&ar=iesearch
Default_Page_URL HKLM : http://www.wellcome.it
Default_Search_URL HKLM : http://www.microsoft.com/isapi/redir...ie&ar=iesearch
SearchAssistant HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
ShellNext HKCU : iexplore
102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
* c:\programmi\copernic agent\copernicagentext.dll (Copernic Technologies Inc.) {6F480F82-C3A6-4D35-96F7-B297AD49FBE8}
* c:\programmi\copernic agent\copernicagentext.dll (Copernic Technologies Inc.) {F2E259E8-0FC8-438C-A6E0-342DD80FA53E}
104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\windows\system32\macromed\flash\flash6.ocx (Macromedia, Inc.) {D27CDB6E-AE6D-11CF-96B8-444553540000}
106 HKLM\Software\Microsoft\Windows\CurrentVersion\URL
------------------------------------------------------
Default : http://
ftp : ftp://
gopher : gopher://
home : http://
mosaic : http://
www : http://
120 Domain/DNS hijacking
------------------------
NameServer {12152858-840F-42C6-89E7-0C0C44701654} : 212.151.136.246 130.244.127.169
161 HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
------------------------------------------------------------------
dontdisplaylastusername : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1
173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
c:\programmi\avpersonal\avshlext.dll (H+BEDV Datentechnik GmbH) {a7cda720-84ee-11d0-b5c0-00001b3ca278}
c:\programmi\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
180 FileType Hijacking
----------------------
HKEY_CLASSES_ROOT batfile : "%1" %*
HKEY_CLASSES_ROOT cmdfile : "%1" %*
HKEY_CLASSES_ROOT comfile : "%1" %*
HKEY_CLASSES_ROOT exefile : "%1" %*
HKEY_CLASSES_ROOT htafile : C:\WINDOWS\System32\mshta.exe "%1" %*
HKEY_CLASSES_ROOT piffile : "%1" %*
HKEY_CLASSES_ROOT scrfile : "%1" /S
Rispondi quotando