ho fatto lascansione con spyboot e il report è il seguente:
--- Search result list ---
DoubleClick: [SBI $61F39AC8] Cookie tracciante (Internet Explorer: DAWA) (Cookie, nothing done)
MediaPlex: [SBI $61F39AC8] Cookie tracciante (Internet Explorer: DAWA) (Cookie, nothing done)
FastClick: [SBI $61F39AC8] Cookie tracciante (Internet Explorer: DAWA) (Cookie, nothing done)
Tradedoubler: [SBI $61F39AC8] Cookie tracciante (Internet Explorer: DAWA) (Cookie, nothing done)
TagASaurus: [SBI $61F39AC8] Cookie tracciante (Internet Explorer: DAWA) (Cookie, nothing done)
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
--- Startup entries list ---
Located: HK_LM:Run, mxomssmenu
command: "C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe"
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Located: HK_LM:Run, NWEReboot
command:
Located: HK_LM:Run, SoundMAX
command: "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
Located: HK_LM:Run, SoundMAXPnP
command: C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
Located: HK_LM:Run, SpywareTerminator
command: "C:\Programmi\Spyware Terminator\ SpywareTerminatorShield. exe.
Located: HK_CU:Run, Cacheman
where: S-1-5-21-776561741-1390067357-725345543-1003...
command: C:\Programmi\Cacheman\Cacheman.exe
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-776561741-1390067357-725345543-1003...
command: C:\WINDOWS\system32\ctfmon.exe
Located: HK_CU:Run, eMuleAutoStart
where: S-1-5-21-776561741-1390067357-725345543-1003...
command: C:\Programmi\eMule murph\emule.exe -AutoStart
Located: HK_CU:Run, eMuleAutoStart
where: S-1-5-21-776561741-1390067357-725345543-1003...
command: C:\Programmi\eMule murph\emule.exe -AutoStart
Located: WinLogon, crypt32chain
command: crypt32.dll
Located: WinLogon, cryptnet
command: cryptnet.dll
Located: WinLogon, cscdll
command: cscdll.dll
Located: WinLogon, ScCertProp
command: wlnotify.dll
Located: WinLogon, Schedule
command: wlnotify.dll
Located: WinLogon, sclgntfy
command: sclgntfy.dll
Located: WinLogon, SensLogn
command: WlNotify.dll
Located: WinLogon, termsrv
command: wlnotify.dll
Located: WinLogon, WgaLogon
command: WgaLogon.dll
Located: WinLogon, wlballoon
command: wlnotify.dll
--- Browser helper object list ---
--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
Codebase:
file://C:\WINDOWS\Java\classes\dajava.cab classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
--- Process list ---
PID: 0 ( 0) [System]
PID: 576 ( 0) \SystemRoot\System32\smss.exe
size: 50688
PID: 660 ( 0) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 684 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
size: 504832
PID: 728 ( 0) C:\WINDOWS\system32\services.exe
size: 108544
MD5: E77F6FA2A15390F1727F4C1C55B69DA6
PID: 740 ( 0) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 0815E8DA286775FA432C7C9EE5E10BA1
PID: 884 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 73955B04F209D8A1C633867841267A96
PID: 964 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 73955B04F209D8A1C633867841267A96
PID: 1008 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 73955B04F209D8A1C633867841267A96
PID: 1096 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 73955B04F209D8A1C633867841267A96
PID: 1132 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 73955B04F209D8A1C633867841267A96
PID: 1340 ( 0) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1636 ( 0) C:\Programmi\Maxtor\Sync\SyncServices.exe
size: 156976
MD5: 3E6C47A46BDDE1B6B084012B5B69C069
PID: 1672 ( 0) C:\WINDOWS\Explorer.EXE
size: 1035776
MD5: 7E2817A623E16F830B660F81C0FD63DA
PID: 1816 ( 0) C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 1844 ( 0) C:\WINDOWS\system32\nvsvc32.exe
size: 155716
MD5: 9B2D9EBA917B42FEC30E649C15CA41E7
PID: 1880 ( 0) C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
size: 45056
MD5: 3978F082274F723AD5A0A8058C2417DD
PID: 1896 ( 0) C:\Programmi\Spyware Terminator\sp_rsser.exe
size: 966656
MD5: B1183FDA9B1EE7BD61EE0615D6762565
PID: 1972 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 73955B04F209D8A1C633867841267A96
PID: 436 ( 0) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: D4A42BF3C11302AA3CCD857034EF1E54
PID: 1260 ( 0) C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
size: 1368064
MD5: D3333768300F462F6B309AB53F75BB25
PID: 1268 ( 0) C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
size: 794624
MD5: 0A83AEDEFADE30B5CD28049031E149FA
PID: 1308 ( 0) C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
size: 2778112
MD5: DE5552C171EB156F4BA9E0135E2FB53E
PID: 1400 ( 0) C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe
size: 169264
MD5: 7BAF1CF4F7F5DEE48DAC0EFCAE529969
PID: 1564 ( 0) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5B33B4265966EE063C7FBEA28958D9C2
PID: 1468 ( 0) C:\Programmi\Cacheman\Cacheman.exe
size: 1165312
MD5: 197D794ADB2BE8EDB2F47600E305156F
PID: 2808 ( 0) C:\Programmi\eMule murph\emule.exe
size: 5750784
MD5: 64523D69EEB3F45E53542C94D66EDA1E
PID: 2948 ( 0) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: A49C11376727F7ADC7E206E4C89B24E1
PID: 2636 ( 0) C:\Programmi\Internet Explorer\iexplore.exe
size: 625152
MD5: E854D02E4231F704D9BE782A424E6D8B
PID: 3488 ( 0) C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 25/12/2007 19.26.34
Modificato da prisca85 - 26/Dicembre/2007 alle 06:55