Moderatori: m.paolo, kadosh, Luke57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.56.28, on 25/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\SSLEmptyCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\NETGEAR\WPN111\wpn111.exe
C:\Programmi\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2530241
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bit4id store register] RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Programmi\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199542780575
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199543378106
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-9bf7d499a98e9995.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72B5849B-4291-4A63-8624-7279DE92EBD2}: NameServer = 85.37.17.15 85.38.28.74
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/User/IMPOST~1/Temp/msohtmlclip1/01/clip_image002.jpg
--
End of file - 14658 bytes
ComboFix 10-03-25.03 - User 25/03/2010 23.11.48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.488 [GMT 1:00]
Eseguito da: c:\programmi\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
[i] ADS - WINDOWS: deleted 72 bytes in 1 streams. [/i]
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\User\Dati applicazioni\inst.exe
c:\windows\system32\bit4cnsp.dll
c:\windows\system32\ctfmon .exe
.
((((((((((((((((((((((((( Files Creati Da 2010-02-25 al 2010-03-25 )))))))))))))))))))))))))))))))))))
.
2010-03-25 21:58 . 2010-03-25 21:58 3902266 ----a-r- c:\programmi\ComboFix.exe
2010-03-24 04:40 . 2010-03-24 04:40 -------- d-----w- c:\programmi\Trend Micro
2010-03-24 04:40 . 2010-03-24 04:40 812344 ----a-w- c:\programmi\HijackThisInstaller.exe
2010-03-21 11:23 . 2010-02-09 16:26 52224 ----a-w- c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
2010-03-21 11:23 . 2010-02-09 16:26 101376 ----a-w- c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
2010-03-21 11:19 . 2010-03-21 11:20 233824 ----a-w- c:\programmi\SoftonicDownloader44879.exe
2010-03-21 11:09 . 2003-03-25 14:08 286720 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-03-21 11:09 . 2002-12-03 02:11 143872 ----a-w- c:\windows\system32\NCTWMAFile.dll
2010-03-21 11:09 . 2008-09-24 19:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2010-03-21 11:09 . 2003-03-26 05:59 573440 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2010-03-21 11:09 . 2002-12-03 02:07 168448 ----a-w- c:\windows\system32\NCTAudioPlayer.dll
2010-03-21 11:09 . 2002-12-03 02:02 491520 ----a-w- c:\windows\system32\NCTAudioFile.dll
2010-03-21 11:08 . 2010-03-21 11:08 6366356 ----a-w- c:\programmi\4UWMAMP3Converter.exe
2010-03-21 08:29 . 2010-03-21 08:29 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-21 08:05 . 2010-03-21 08:08 97132879 ----a-w- c:\programmi\adaware_82.zip
2010-03-20 19:36 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-20 19:36 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-20 19:36 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-20 19:36 . 2010-01-22 08:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-20 19:36 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-20 19:36 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-03-20 09:20 . 2010-03-20 09:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-03-20 09:20 . 2010-03-22 05:48 -------- d-----w- c:\documents and settings\User\Dati applicazioni\SUPERAntiSpyware.com
2010-03-20 09:20 . 2010-03-22 05:48 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-03-20 09:19 . 2010-03-20 09:19 7757856 ----a-w- c:\programmi\SUPERAntiSpyware.exe
2010-03-19 19:50 . 2010-03-19 19:50 702000 ----a-w- c:\programmi\awale-1.3-w32.zip
2010-03-19 13:02 . 2010-03-19 13:02 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-03-18 05:50 . 2010-03-18 05:50 0 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-03-18 05:39 . 2010-03-18 05:39 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Malwarebytes
2010-03-18 05:38 . 2010-03-18 05:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-18 05:37 . 2010-03-18 05:37 5115824 ----a-w- c:\programmi\mbam-setup.exe
2010-03-16 17:38 . 2010-03-16 17:38 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-16 16:55 . 2010-03-16 16:55 73944 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-15 12:52 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-15 12:49 . 2010-03-15 12:52 59916 ----a-w- c:\windows\system32\bit4cnsp-uninst.exe
2010-03-15 12:35 . 2010-03-15 12:35 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-15 12:35 . 2010-03-15 12:35 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-15 12:35 . 2010-03-15 12:35 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-15 12:35 . 2010-03-15 12:35 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-15 12:35 . 2010-03-15 12:35 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-15 12:35 . 2010-03-15 12:35 300616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-15 12:35 . 2010-03-15 12:35 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-15 12:35 . 2010-03-15 12:35 329312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-15 12:34 . 2010-03-15 12:34 -------- d-----w- c:\programmi\File comuni\xing shared
2010-03-15 12:19 . 2010-03-15 12:19 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-03-15 12:19 . 2010-03-15 12:19 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-03-15 12:18 . 2010-03-15 12:18 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Threat Expert
2010-03-15 12:18 . 2010-03-15 12:18 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Yahoo!
2010-03-15 12:17 . 2010-03-15 12:18 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-03-15 07:34 . 2010-03-15 07:34 360584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-03-15 07:34 . 2010-03-15 07:34 28424 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmfx86.sys
2010-03-15 07:34 . 2010-03-15 07:34 333192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgldx86.sys
2010-03-15 07:34 . 2010-03-15 07:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 07:32 . 2010-03-09 13:10 1658136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-03-15 07:32 . 2010-03-09 13:10 1007896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2010-03-15 07:32 . 2010-03-09 13:10 800536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avginet.dll
2010-03-15 07:32 . 2010-03-09 13:10 613656 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2010-03-13 22:18 . 2010-03-13 22:18 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Threat Expert
2010-03-13 22:02 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-13 22:02 . 2010-03-10 10:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-13 22:02 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-13 22:02 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-13 22:02 . 2010-03-25 21:58 -------- d-----w- c:\programmi\Spyware Doctor
2010-03-13 22:02 . 2010-03-13 22:05 -------- d-----w- c:\programmi\File comuni\PC Tools
2010-03-13 22:02 . 2010-03-13 22:02 -------- d-----w- c:\documents and settings\User\Dati applicazioni\PC Tools
2010-03-13 22:02 . 2010-03-13 22:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2010-03-13 22:00 . 2010-03-20 19:33 36590872 ----a-w- c:\programmi\sdsetup.exe
2010-03-13 19:45 . 2010-03-13 19:45 79144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-10 01:38 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 13:25 . 2010-03-09 13:10 3777280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-03-09 13:25 . 2010-03-09 13:10 1260800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-03-09 13:11 . 2010-03-15 12:22 -------- d-----w- C:\$AVG
2010-03-09 13:10 . 2010-03-25 22:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-02-26 14:24 . 2010-03-18 05:30 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-25 22:08 . 2008-02-09 15:20 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-25 22:06 . 2009-06-09 01:05 -------- d-----w- c:\programmi\AVG
2010-03-21 11:25 . 2010-03-21 11:24 -------- d-----w- c:\documents and settings\User\Dati applicazioni\FreeAudioPack
2010-03-21 11:25 . 2010-03-21 11:24 -------- d-----w- c:\programmi\Free Audio Pack
2010-03-21 11:24 . 2010-03-21 11:24 -------- d-----w- c:\programmi\Softonic-IT
2010-03-21 11:24 . 2010-03-21 11:24 -------- d-----w- c:\programmi\Conduit
2010-03-21 11:00 . 2008-01-21 06:05 -------- d-----w- c:\programmi\eMule
2010-03-21 08:26 . 2008-01-05 15:13 -------- d-----w- c:\programmi\Lavasoft
2010-03-21 08:24 . 2008-01-24 18:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-03-19 20:06 . 2008-02-15 14:05 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2010-03-19 20:00 . 2008-02-10 20:43 -------- d-----w- c:\programmi\Norton Security Scan
2010-03-18 21:12 . 2008-01-05 19:11 73944 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-18 05:38 . 2010-03-18 05:38 0 ----a-w- c:\windows\system32\drivers\is-CGKI6.tmp
2010-03-17 05:44 . 2008-05-27 16:26 -------- d-----w- c:\documents and settings\User\Dati applicazioni\U3
2010-03-15 12:35 . 2008-02-10 21:15 -------- d-----w- c:\programmi\File comuni\Real
2010-03-15 12:34 . 2010-01-31 09:12 -------- d-----w- c:\programmi\Real
2010-03-15 12:34 . 2008-01-05 14:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-15 12:34 . 2008-01-05 14:12 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-15 07:34 . 2009-06-09 01:06 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-15 07:34 . 2008-01-05 15:21 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 07:33 . 2009-06-09 01:06 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-13 19:49 . 2008-03-20 21:39 -------- d-----w- c:\programmi\Safari
2010-03-13 18:18 . 2009-01-06 19:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-10 20:05 . 2008-01-06 14:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-03-08 05:23 . 2008-03-23 21:57 -------- d-----w- c:\programmi\Windowsavast
2010-02-24 08:16 . 2009-10-02 20:01 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-07 16:56 . 2010-02-07 16:55 3370400 ----a-w- c:\programmi\ccsetup228.exe
2010-02-06 19:16 . 2008-01-24 21:12 -------- d-----w- c:\programmi\iTunes
2010-02-06 19:15 . 2010-02-06 19:15 -------- d-----w- c:\programmi\iPod
2010-02-06 19:15 . 2008-01-24 21:11 -------- d-----w- c:\programmi\File comuni\Apple
2010-02-06 19:12 . 2008-01-24 21:12 -------- d-----w- c:\programmi\QuickTime
2010-02-06 19:08 . 2010-02-06 19:08 72488 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-05 13:19 . 2008-01-06 15:01 -------- d-----w- c:\programmi\Google
2010-01-31 09:09 . 2010-01-31 09:09 486424 ----a-w- c:\programmi\RealPlayerSPGold_it.exe
2010-01-01 11:29 . 2001-08-31 12:00 84242 ----a-w- c:\windows\system32\perfc010.dat
2010-01-01 11:29 . 2001-08-31 12:00 488954 ----a-w- c:\windows\system32\perfh010.dat
2010-01-01 11:26 . 2010-01-01 11:26 152576 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-01 11:26 . 2010-01-01 11:26 79488 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-31 16:50 . 2001-08-31 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 07:29 . 2009-12-28 23:06 9618 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DVDXStudio\CloneDVD4\MainApp.dll
2009-12-28 23:03 . 2008-02-19 20:52 81920 ----a-w- c:\documents and settings\User\Dati applicazioni\ezpinst.exe
2009-12-28 23:03 . 2008-02-19 20:52 81920 ----a-w- c:\documents and settings\User\Dati applicazioni\ezpinst.exe
2009-12-28 23:03 . 2008-01-19 07:45 47360 ----a-w- c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2009-12-28 23:03 . 2008-01-19 07:45 47360 ----a-w- c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2009-12-27 11:20 . 2008-03-23 20:24 54128 ---ha-w- c:\windows\system32\mlfcache.dat
2008-02-11 12:57 . 2008-02-12 04:55 2519379 ----a-w- c:\programmi\defs.ref
2009-01-04 17:59 . 2008-01-19 06:19 96 --sh--w- c:\windows\SCAEECCF0.tmp
.
[code]<pre>
c:\programmi\File comuni\Ahead\Lib\NeroCheck .exe
</pre>[/code]
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-11 02:06 . 2007-10-10 18:51 39792 c:\programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
2009-12-18 07:58 . 2009-12-18 07:58 40368 c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
2008-01-03 13:54 . 2008-01-03 13:54 486856 c:\programmi\DAEMON Tools Lite\bak\daemon.exe
2006-12-15 09:52 . 2006-12-15 09:52 221184 c:\programmi\File comuni\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe
2008-01-05 14:18 . 2008-01-05 15:24 579072 c:\programmi\Grisoft\AVG Free\bak\avgcc.exe
2008-01-15 02:22 . 2008-01-15 02:22 267048 c:\programmi\iTunes\bak\iTunesHelper.exe
2010-01-22 18:16 . 2010-01-22 18:16 141608 c:\programmi\iTunes\iTunesHelper.exe
2008-01-05 14:15 . 2006-09-05 15:45 497152 c:\programmi\MSI\Live Update 3\bak\LMonitor.exe
2008-01-10 14:27 . 2008-01-10 14:27 385024 c:\programmi\QuickTime\bak\QTTask.exe
2009-11-10 22:08 . 2009-11-10 22:08 417792 c:\programmi\QuickTime\QTTask.exe
2006-11-15 08:05 . 2006-11-15 08:05 1121016 c:\programmi\Roxio\Drag-to-Disc\bak\DrgToDsc.exe
2006-11-14 00:07 . 2006-11-14 00:07 102400 c:\programmi\Roxio\Media Experience\bak\DMXLauncher.exe
2008-01-23 17:04 . 2008-01-23 17:04 1670080 c:\programmi\SlySoft\AnyDVD\bak\AnyDVDtray.exe
2007-12-17 10:12 . 2007-12-17 10:12 243240 c:\programmi\Windows Live\Family Safety\bak\fssui.exe
2001-08-31 12:00 . 2004-08-19 14:39 15360 c:\windows\system32\bak\ctfmon.exe
2001-08-31 12:00 . 2008-04-14 02:14 15360 c:\windows\system32\ctfmon.exe
2008-01-05 14:12 . 2006-09-07 10:13 208896 c:\windows\system32\bak\sw20.exe
2008-01-05 14:12 . 2006-09-07 10:14 69632 c:\windows\system32\bak\sw24.exe
2008-01-05 14:12 . 2006-10-03 06:37 217088 c:\windows\system32\bak\winsys2.exe
2008-01-10 20:41 . 2005-01-25 04:00 98304 c:\windows\system32\spool\drivers\w32x86\3\bak\E_FATIAAE.EXE
2010-01-07 04:32 . 2005-01-25 04:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2009-12-31 10:53 2349080 ----a-w- c:\programmi\Softonic-IT\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E3393495-8103-46A0-8181-270273EDDD60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2010-01-26 1724728]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-07 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-08-11 86016]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-03-15 202256]
"bit4id store register"="c:\windows\system32\bit4cnsp.dll" [N/A]
"SSLEmptyCache"="c:\windows\system32\SSLEmptyCache.exe" [2008-10-02 32768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-11-9 212992]
NETGEAR WPN111 Smart Wizard.lnk - c:\programmi\NETGEAR\WPN111\wpn111.exe [2009-11-8 884795]
PHOTOfunSTUDIO -viewer-.lnk - c:\programmi\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-7-21 40960]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-6-19 525640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 07:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [13/03/2010 23.02.36 217032]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/06/2009 2.06.30 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/06/2009 2.06.30 242696]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [05/01/2008 15.05.01 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [10/01/2008 22.44.03 8192]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [15/03/2010 8.33.48 916760]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [15/03/2010 8.34.27 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\Spyware Doctor\BDT\BDTUpdateService.exe [20/03/2010 20.36.43 112592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/01/2008 16.12.03 717296]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/02/2010 14.19.36 135664]
S2 kggyacap;Server Update;c:\windows\system32\svchost.exe -k netsvcs [31/08/2001 13.00.00 14336]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [10/09/2009 18.08.33 17149]
S3 ForteUSB;PERSTEL Chic USB Driver Service;c:\windows\system32\drivers\ForteUSB.sys [09/05/2008 4.38.45 10658]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/05/2009 7.30.00 57984]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [20/03/2010 20.35.20 366840]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kggyacap
.
Contenuto della cartella 'Scheduled Tasks'
2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
2010-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-05 13:19]
2010-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-05 13:19]
2010-03-20 c:\windows\Tasks\Norton Security Scan.job
- c:\programmi\Norton Security Scan\Nss.exe [2007-09-18 22:42]
2010-03-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
2010-03-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-507921405-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-03-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-507921405-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-03-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2530241
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
LSP: c:\programmi\File comuni\PC Tools\Lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-IT Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&q=
FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\programmi\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 23:18
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'lsass.exe'(948)
c:\programmi\File comuni\PC Tools\Lsp\PCTLsp.dll
.
Ora fine scansione: 2010-03-25 23:21:37
ComboFix-quarantined-files.txt 2010-03-25 22:21
Pre-Run: 73.408.294.912 byte disponibili
Post-Run: 73.462.755.328 byte disponibili
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2E0AD640FB53BC9BC0DB2C34669FA38E
Malwarebytes' Anti-Malware 1.44
Versione del database: 3914
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26/03/2010 7.15.10
mbam-log-2010-03-26 (07-15-10).txt
Tipo di scansione: Scansione completa (A:\|C:\|D:\|)
Elementi scansionati: 238724
Tempo trascorso: 1 hour(s), 54 minute(s), 57 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bit4id store register] RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Files to delete:
c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
c:\programmi\iTunes\iTunesHelper.exe
c:\programmi\QuickTime\QTTask.exe
c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE
Files to move:
c:\programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe | c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
c:\programmi\iTunes\bak\iTunesHelper.exe | c:\programmi\iTunes\iTunesHelper.exe
c:\programmi\QuickTime\bak\QTTask.exe | c:\programmi\QuickTime\QTTask.exe
c:\windows\system32\bak\ctfmon.exe | c:\windows\system32\ctfmon.exe
c:\windows\system32\spool\drivers\w32x86\3\bak\E_FATIAAE.EXE | c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE
Killall::
NetSvcs::
kggyacap
Driver::
kggyacap
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\kggyacap]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Server Update]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Server Update]
Folder::
C:\WINDOWS\temp
C:\WINDOWS\Tasks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.58.44, on 26/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2530241
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Programmi\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199542780575
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199543378106
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-9bf7d499a98e9995.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/User/IMPOST~1/Temp/msohtmlclip1/01/clip_image002.jpg
--
End of file - 13064 bytes
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2530241
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [bit4id store register] RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
ComboFix 10-03-26.02 - User 27/03/2010 18.50.41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.548 [GMT 1:00]
Eseguito da: C:\ComboFix.exe
Opzioni usate :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((( Files Creati Da 2010-02-27 al 2010-03-27 )))))))))))))))))))))))))))))))))))
.
2010-03-27 17:50 . 2010-03-27 17:50 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-03-27 17:40 . 2010-03-27 17:40 3903606 ----a-r- C:\ComboFix.exe
2010-03-27 17:17 . 2010-03-27 17:30 724952 ----a-w- c:\programmi\avenger.zip
2010-03-25 22:25 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 22:25 . 2010-03-25 22:25 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-25 22:25 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 21:58 . 2010-03-25 21:58 3902266 ----a-r- c:\programmi\ComboFix.exe
2010-03-24 04:40 . 2010-03-24 04:40 -------- d-----w- c:\programmi\Trend Micro
2010-03-24 04:40 . 2010-03-24 04:40 812344 ----a-w- c:\programmi\HijackThisInstaller.exe
2010-03-21 11:19 . 2010-03-21 11:20 233824 ----a-w- c:\programmi\SoftonicDownloader44879.exe
2010-03-21 11:09 . 2003-03-25 14:08 286720 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-03-21 11:09 . 2002-12-03 02:11 143872 ----a-w- c:\windows\system32\NCTWMAFile.dll
2010-03-21 11:09 . 2008-09-24 19:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2010-03-21 11:09 . 2003-03-26 05:59 573440 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2010-03-21 11:09 . 2002-12-03 02:07 168448 ----a-w- c:\windows\system32\NCTAudioPlayer.dll
2010-03-21 11:09 . 2002-12-03 02:02 491520 ----a-w- c:\windows\system32\NCTAudioFile.dll
2010-03-21 11:08 . 2010-03-21 11:08 6366356 ----a-w- c:\programmi\4UWMAMP3Converter.exe
2010-03-21 08:29 . 2010-03-21 08:29 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-21 08:05 . 2010-03-21 08:08 97132879 ----a-w- c:\programmi\adaware_82.zip
2010-03-20 19:36 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-20 19:36 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-20 19:36 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-20 19:36 . 2010-01-22 08:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-20 19:36 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-20 19:36 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-03-20 09:20 . 2010-03-20 09:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-03-20 09:20 . 2010-03-22 05:48 -------- d-----w- c:\documents and settings\User\Dati applicazioni\SUPERAntiSpyware.com
2010-03-20 09:20 . 2010-03-22 05:48 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-03-20 09:19 . 2010-03-20 09:19 7757856 ----a-w- c:\programmi\SUPERAntiSpyware.exe
2010-03-19 19:50 . 2010-03-19 19:50 702000 ----a-w- c:\programmi\awale-1.3-w32.zip
2010-03-19 13:02 . 2010-03-19 13:02 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-03-18 05:50 . 2010-03-18 05:50 0 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-03-18 05:39 . 2010-03-18 05:39 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Malwarebytes
2010-03-18 05:38 . 2010-03-18 05:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-18 05:37 . 2010-03-25 22:25 5115824 ----a-w- c:\programmi\mbam-setup.exe
2010-03-16 17:38 . 2010-03-16 17:38 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-16 16:55 . 2010-03-16 16:55 73944 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-15 12:52 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-15 12:49 . 2010-03-15 12:52 59916 ----a-w- c:\windows\system32\bit4cnsp-uninst.exe
2010-03-15 12:34 . 2010-03-15 12:34 -------- d-----w- c:\programmi\File comuni\xing shared
2010-03-15 12:19 . 2010-03-15 12:19 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-03-15 12:19 . 2010-03-15 12:19 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-03-15 12:18 . 2010-03-15 12:18 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Threat Expert
2010-03-15 12:18 . 2010-03-15 12:18 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Yahoo!
2010-03-15 12:17 . 2010-03-15 12:18 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-03-15 07:34 . 2010-03-15 07:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 22:18 . 2010-03-13 22:18 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Threat Expert
2010-03-13 22:02 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-13 22:02 . 2010-03-10 10:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-13 22:02 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-13 22:02 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-13 22:02 . 2010-03-25 21:58 -------- d-----w- c:\programmi\Spyware Doctor
2010-03-13 22:02 . 2010-03-13 22:05 -------- d-----w- c:\programmi\File comuni\PC Tools
2010-03-13 22:02 . 2010-03-13 22:02 -------- d-----w- c:\documents and settings\User\Dati applicazioni\PC Tools
2010-03-13 22:02 . 2010-03-13 22:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2010-03-13 22:00 . 2010-03-20 19:33 36590872 ----a-w- c:\programmi\sdsetup.exe
2010-03-10 01:38 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 13:11 . 2010-03-15 12:22 -------- d-----w- C:\$AVG
2010-03-09 13:10 . 2010-03-25 22:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-02-26 14:24 . 2010-03-18 05:30 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 17:57 . 2008-02-09 15:20 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-27 17:31 . 2008-01-24 21:12 -------- d-----w- c:\programmi\iTunes
2010-03-27 17:31 . 2008-01-24 21:12 -------- d-----w- c:\programmi\QuickTime
2010-03-27 17:24 . 2009-01-06 19:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-26 21:17 . 2008-03-23 21:57 -------- d-----w- c:\programmi\Windowsavast
2010-03-26 20:02 . 2008-02-15 14:05 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2010-03-26 20:00 . 2008-02-10 20:43 -------- d-----w- c:\programmi\Norton Security Scan
2010-03-25 22:06 . 2009-06-09 01:05 -------- d-----w- c:\programmi\AVG
2010-03-21 11:25 . 2010-03-21 11:24 -------- d-----w- c:\documents and settings\User\Dati applicazioni\FreeAudioPack
2010-03-21 11:25 . 2010-03-21 11:24 -------- d-----w- c:\programmi\Free Audio Pack
2010-03-21 11:24 . 2010-03-21 11:24 -------- d-----w- c:\programmi\Softonic-IT
2010-03-21 11:24 . 2010-03-21 11:24 -------- d-----w- c:\programmi\Conduit
2010-03-21 11:00 . 2008-01-21 06:05 -------- d-----w- c:\programmi\eMule
2010-03-21 08:26 . 2008-01-05 15:13 -------- d-----w- c:\programmi\Lavasoft
2010-03-21 08:24 . 2008-01-24 18:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-03-18 21:12 . 2008-01-05 19:11 73944 ----a-w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-18 05:38 . 2010-03-18 05:38 0 ----a-w- c:\windows\system32\drivers\is-CGKI6.tmp
2010-03-17 05:44 . 2008-05-27 16:26 -------- d-----w- c:\documents and settings\User\Dati applicazioni\U3
2010-03-15 12:35 . 2010-03-15 12:35 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-15 12:35 . 2010-03-15 12:35 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-15 12:35 . 2010-03-15 12:35 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-15 12:35 . 2010-03-15 12:35 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-15 12:35 . 2010-03-15 12:35 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-15 12:35 . 2010-03-15 12:35 300616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-15 12:35 . 2010-03-15 12:35 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-15 12:35 . 2010-03-15 12:35 329312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-15 12:35 . 2008-02-10 21:15 -------- d-----w- c:\programmi\File comuni\Real
2010-03-15 12:34 . 2010-01-31 09:12 -------- d-----w- c:\programmi\Real
2010-03-15 12:34 . 2008-01-05 14:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-15 12:34 . 2008-01-05 14:12 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-15 07:34 . 2010-03-15 07:34 360584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-03-15 07:34 . 2010-03-15 07:34 28424 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmfx86.sys
2010-03-15 07:34 . 2010-03-15 07:34 333192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgldx86.sys
2010-03-15 07:34 . 2009-06-09 01:06 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-15 07:34 . 2008-01-05 15:21 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 07:33 . 2009-06-09 01:06 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-13 19:49 . 2008-03-20 21:39 -------- d-----w- c:\programmi\Safari
2010-03-13 19:45 . 2010-03-13 19:45 79144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-10 20:05 . 2008-01-06 14:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-03-09 13:10 . 2010-03-09 13:25 3777280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-03-09 13:10 . 2010-03-09 13:25 1260800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-03-09 13:10 . 2010-03-15 07:32 1658136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-03-09 13:10 . 2010-03-15 07:32 1007896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2010-03-09 13:10 . 2010-03-15 07:32 800536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avginet.dll
2010-03-09 13:10 . 2010-03-15 07:32 613656 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2010-02-24 08:16 . 2009-10-02 20:01 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-09 16:26 . 2010-03-21 11:23 52224 ----a-w- c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
2010-02-09 16:26 . 2010-03-21 11:23 101376 ----a-w- c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
2010-02-07 16:56 . 2010-02-07 16:55 3370400 ----a-w- c:\programmi\ccsetup228.exe
2010-02-06 19:15 . 2010-02-06 19:15 -------- d-----w- c:\programmi\iPod
2010-02-06 19:15 . 2008-01-24 21:11 -------- d-----w- c:\programmi\File comuni\Apple
2010-02-06 19:08 . 2010-02-06 19:08 72488 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-05 13:19 . 2008-01-06 15:01 -------- d-----w- c:\programmi\Google
2010-01-31 09:09 . 2010-01-31 09:09 486424 ----a-w- c:\programmi\RealPlayerSPGold_it.exe
2010-01-01 11:29 . 2001-08-31 12:00 84242 ----a-w- c:\windows\system32\perfc010.dat
2010-01-01 11:29 . 2001-08-31 12:00 488954 ----a-w- c:\windows\system32\perfh010.dat
2010-01-01 11:26 . 2010-01-01 11:26 152576 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-01 11:26 . 2010-01-01 11:26 79488 ----a-w- c:\documents and settings\User\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-31 16:50 . 2001-08-31 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 07:29 . 2009-12-28 23:06 9618 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DVDXStudio\CloneDVD4\MainApp.dll
2009-12-28 23:03 . 2008-02-19 20:52 81920 ----a-w- c:\documents and settings\User\Dati applicazioni\ezpinst.exe
2009-12-28 23:03 . 2008-02-19 20:52 81920 ----a-w- c:\documents and settings\User\Dati applicazioni\ezpinst.exe
2009-12-28 23:03 . 2008-01-19 07:45 47360 ----a-w- c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2009-12-28 23:03 . 2008-01-19 07:45 47360 ----a-w- c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2008-02-11 12:57 . 2008-02-12 04:55 2519379 ----a-w- c:\programmi\defs.ref
2009-01-04 17:59 . 2008-01-19 06:19 96 --sh--w- c:\windows\SCAEECCF0.tmp
.
[code]<pre>
c:\programmi\File comuni\Ahead\Lib\NeroCheck .exe
</pre>[/code]
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2009-12-31 10:53 2349080 ----a-w- c:\programmi\Softonic-IT\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E3393495-8103-46A0-8181-270273EDDD60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-11-9 212992]
NETGEAR WPN111 Smart Wizard.lnk - c:\programmi\NETGEAR\WPN111\wpn111.exe [2009-11-8 884795]
PHOTOfunSTUDIO -viewer-.lnk - c:\programmi\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-7-21 40960]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-6-19 525640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 07:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [13/03/2010 23.02.36 217032]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/01/2008 16.12.03 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/06/2009 2.06.30 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/06/2009 2.06.30 242696]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [05/01/2008 15.05.01 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [10/01/2008 22.44.03 8192]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [15/03/2010 8.33.48 916760]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [15/03/2010 8.34.27 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\Spyware Doctor\BDT\BDTUpdateService.exe [20/03/2010 20.36.43 112592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/02/2010 14.19.36 135664]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [10/09/2009 18.08.33 17149]
S3 ForteUSB;PERSTEL Chic USB Driver Service;c:\windows\system32\drivers\ForteUSB.sys [09/05/2008 4.38.45 10658]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/05/2009 7.30.00 57984]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [20/03/2010 20.35.20 366840]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'
2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-05 13:19]
2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-05 13:19]
2010-03-27 c:\windows\Tasks\Norton Security Scan.job
- c:\programmi\Norton Security Scan\Nss.exe [2007-09-18 22:42]
2010-03-27 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
2010-03-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-507921405-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-03-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-507921405-839522115-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-03-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2530241
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
LSP: c:\programmi\File comuni\PC Tools\Lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-IT Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&q=
FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\y18a6ig5.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 18:58
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x86DA81F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7226cb8
\Driver\atapi -> atapi.sys @ 0xf71bbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'lsass.exe'(968)
c:\programmi\File comuni\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(476)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\SCardSvr.exe
c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\System32\nvsvc32.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Ora fine scansione: 2010-03-27 19:08:06 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-27 18:08
ComboFix2.txt 2010-03-25 22:21
Pre-Run: 72.753.983.488 byte disponibili
Post-Run: 73.410.248.704 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 87E79A72ECA3343C24DE615921AD1A18
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, March 28, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, March 28, 2010 12:17:40
Records in database: 3888465
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area Critical areas
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
C:\Documents and Settings\User\Menu Avvio\Programmi\Esecuzione automatica
C:\Program Files
C:\Programmi
C:\WINDOWS
Scan statistics
Objects scanned 60990
Threats found 3
Infected objects found 7
Suspicious objects found 0
Scan duration 02:31:03
File name Threat Threats count
C:\Programmi\eMule\Incoming\ Neffa - Lontano Dal Tuo Sole.mp3 Infected: Trojan-Downloader.WMA.GetCodec.ak 1
C:\Programmi\eMule\Incoming\Beyonce - Sweet Dreams.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aj 1
C:\Programmi\eMule\Incoming\Elisa - Ti vorrei sollevare (Con Giuliano Sangiorgi).mp3 Infected: Trojan-Downloader.WMA.GetCodec.ak 1
C:\Programmi\eMule\Incoming\Elisa ft. Sangiorgi - Ti vorrei sollevare.mp3 Infected: Trojan-Downloader.WMA.GetCodec.ak 1
C:\Programmi\eMule\Incoming\Shakira - She Wolf(2).mp3 Infected: Trojan-Downloader.WMA.GetCodec.aj 1
C:\Programmi\eMule\Incoming\shakira - she wolf.mp3 Infected: Trojan-Downloader.WMA.GetCodec.ak 1
C:\Programmi\eMule\Incoming\Total Too Much Love Will Kill You .avi Infected: Trojan-Downloader.WMA.GetCodec.ai 1
Selected area has been scanned.
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, March 30, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, March 30, 2010 08:51:59
Records in database: 3899682
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
A:\
C:\
D:\
Scan statistics
Objects scanned 103359
Threats found 2
Infected objects found 2
Suspicious objects found 0
Scan duration 05:19:15
File name Threat Threats count
C:\Programmi\eMule\Incoming\Beyonce - Sweet Dreams.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aj 1
C:\Programmi\eMule\Incoming\Elisa - Ti vorrei sollevare (Con Giuliano Sangiorgi).mp3 Infected: Trojan-Downloader.WMA.GetCodec.ak 1
Selected area has been scanned.
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, March 31, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, March 30, 2010 08:51:59
Records in database: 3899682
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
A:\
C:\
D:\
Scan statistics
Objects scanned 103201
Threats found 2
Infected objects found 2
Suspicious objects found 0
Scan duration 03:02:29
File name Threat Threats count
C:\RECYCLER\S-1-5-21-1454471165-507921405-839522115-1003\Dc53.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aj 1
C:\RECYCLER\S-1-5-21-1454471165-507921405-839522115-1003\Dc54.mp3 Infected: Trojan-Downloader.WMA.GetCodec.ak 1
Selected area has been scanned.
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, March 31, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, March 30, 2010 08:51:59
Records in database: 3899682
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
G:\
Scan statistics
Objects scanned 103587
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 03:34:51
No threats found. Scanned area is clean.
Selected area has been scanned.
-> EleKtrA <- ha scritto:Step 1
Con tutte le applicazioni chiuse e disconnesso da internet
Avvia Hijackthis e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"
- Codice: Seleziona tutto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bit4id store register] RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Come eliminare questo fastidioso vrus Search.... Autore: paolodik |
Forum: Sicurezza e Privacy Risposte: 1 |
Norton Safe Search as default for Chrome- irrimovibile Autore: Wilstar |
Forum: Sicurezza e Privacy Risposte: 17 |
Visitano il forum: Nessuno e 21 ospiti