log combofix e di hiackthis...aspetto un vostro giudizio
ComboFix 11-03-28.05 - pc 29/03/2011 17.53.55.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3070.1640 [GMT 2:00]
Eseguito da: c:\users\pc\Downloads\CROME\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\pc\AppData\Local\oskwgua.dat
c:\users\pc\AppData\Local\oskwgua_nav.dat
c:\users\pc\AppData\Local\oskwgua_navps.dat
c:\users\pc\AppData\Roaming\.#
c:\users\pc\AppData\Roaming\inst.exe
c:\windows\jestertb.dll
c:\windows\system32\office.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-02-28 al 2011-03-29 )))))))))))))))))))))))))))))))))))
.
.
2011-03-29 16:01 . 2011-03-29 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-29 15:40 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E14B2DB-C718-4A4D-BBB3-360F4728549F}\mpengine.dll
2011-03-28 10:01 . 2011-03-28 10:01 -------- d-----w- c:\users\pc\AppData\Local\{A4C0D8C0-DA8A-4F9C-A108-612165D9355B}
2011-03-27 09:03 . 2011-03-27 09:03 -------- d-----w- c:\users\pc\AppData\Local\{203CDCAB-B1CE-4A44-BED0-A3761AF8AD26}
2011-03-26 11:29 . 2011-03-26 11:29 -------- d-----w- c:\users\pc\AppData\Local\{B0825816-5288-4470-B016-0DFA97233141}
2011-03-26 08:03 . 2011-03-26 08:03 -------- d-----w- c:\users\pc\AppData\Local\{D131857A-99E9-46B1-AE93-56A729496646}
2011-03-25 16:29 . 2011-03-25 16:30 -------- d-----w- c:\users\pc\AppData\Local\{C91F16C4-D831-4E00-8027-F9FBDCCFC110}
2011-03-24 06:47 . 2011-03-24 06:47 -------- d-----w- c:\users\pc\AppData\Local\{F998359A-906E-4849-8975-4416B7BE0DBE}
2011-03-23 15:22 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 15:22 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 15:22 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 07:51 . 2011-03-23 07:51 -------- d-----w- c:\users\pc\AppData\Local\{8FE85D72-316F-4486-96AE-EE59ECCBE9E9}
2011-03-22 19:50 . 2011-03-22 19:50 -------- d-----w- c:\users\pc\AppData\Local\{F813726F-57C6-4CEF-917A-39F42320B1EE}
2011-03-22 07:50 . 2011-03-22 07:50 -------- d-----w- c:\users\pc\AppData\Local\{130288E2-0450-496F-BD84-69CEDC661F6B}
2011-03-21 19:49 . 2011-03-21 19:50 -------- d-----w- c:\users\pc\AppData\Local\{E10EBBFC-CBEA-4A44-A1A8-42478F0F7B15}
2011-03-21 16:18 . 2010-09-02 14:17 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2011-03-21 07:49 . 2011-03-21 07:49 -------- d-----w- c:\users\pc\AppData\Local\{3DA36E22-3484-4837-ADC6-84F48671971C}
2011-03-20 15:22 . 2011-03-20 15:23 -------- d-----w- c:\users\pc\AppData\Local\{EF861DE1-953A-43DD-B287-1BC9755AFD4E}
2011-03-19 06:57 . 2011-03-19 06:57 -------- d-----w- c:\users\pc\AppData\Local\{76BEEC3E-D88E-4B58-BD03-7AB300102796}
2011-03-18 13:17 . 2011-03-18 13:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-03-18 10:22 . 2011-03-18 10:22 -------- d-----w- c:\users\pc\AppData\Local\{5EC4F605-0D54-4B3E-8791-CEA381EB43CE}
2011-03-17 15:27 . 2011-03-17 15:27 -------- d-----w- c:\users\pc\AppData\Roaming\ProgSense
2011-03-17 14:54 . 2011-03-17 14:54 -------- d-----w- c:\users\pc\AppData\Local\{3F27B8D8-149F-4315-98B0-D9CBE31D4887}
2011-03-16 06:39 . 2011-03-16 06:39 -------- d-----w- c:\users\pc\AppData\Local\{1D91FF8C-7395-4502-ABB7-929D43A305F7}
2011-03-15 08:56 . 2011-03-15 08:57 -------- d-----w- c:\users\pc\AppData\Local\{AD4E5A96-17ED-4ACA-B0EB-A1F19D54DE8B}
2011-03-14 20:15 . 2011-03-14 20:16 -------- d-----w- c:\users\pc\AppData\Local\{E2C972E7-22C6-4F4B-A3FC-2240EC6755AF}
2011-03-14 08:15 . 2011-03-14 08:15 -------- d-----w- c:\users\pc\AppData\Local\{BB2FC79F-9036-4FB6-A724-44499C2168A7}
2011-03-13 08:34 . 2011-03-13 08:36 -------- d-----w- c:\users\pc\AppData\Local\{28C6274D-5C88-4F39-A606-2E46C2AA416A}
2011-03-12 09:28 . 2011-03-12 09:28 -------- d-----w- c:\users\pc\AppData\Local\{8E2E4E11-7BA6-4E36-AD4E-E0FAD48B209F}
2011-03-11 14:19 . 2011-03-11 14:20 -------- d-----w- c:\users\pc\AppData\Local\{49B58AED-C779-458F-AC6B-67401C53D490}
2011-03-10 16:06 . 2011-03-10 16:06 -------- d-----w- c:\users\pc\AppData\Local\{2609F3D8-6B0F-4A59-BECF-DB6384FDEF27}
2011-03-09 18:40 . 2011-03-09 18:40 -------- d-----w- c:\users\pc\AppData\Roaming\TeraCopy
2011-03-09 18:38 . 2011-03-09 18:39 -------- d-----w- c:\users\pc\AppData\Local\{B9BAEA37-F204-4A49-958D-924916558FF4}
2011-03-09 06:38 . 2011-03-09 06:38 -------- d-----w- c:\users\pc\AppData\Local\{4251D21A-9341-4599-A0BA-C22686EA6538}
2011-03-08 18:33 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-08 18:33 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-08 18:33 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-08 18:33 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 18:33 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 18:33 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 13:53 . 2011-03-08 13:53 -------- d-----w- c:\program files\T55
2011-03-08 13:52 . 2011-03-08 13:52 -------- d-----w- c:\users\pc\AppData\Roaming\T55
2011-03-08 13:13 . 2011-03-08 13:14 -------- d-----w- c:\users\pc\AppData\Local\{D234D679-E815-4BAC-9B5C-CE3E2C1BB967}
2011-03-07 20:56 . 2011-03-07 20:57 -------- d-----w- c:\users\pc\AppData\Local\{D5621ECB-6CC4-4034-BD74-689DED61FD39}
2011-03-06 08:07 . 2011-03-06 08:08 -------- d-----w- c:\users\pc\AppData\Local\{EDFDAC77-4417-4D66-98E9-B5DAFF117355}
2011-03-05 18:26 . 2011-03-05 18:26 -------- d-----w- c:\users\pc\AppData\Local\{39DAE49F-C9FD-41DC-AE5E-4814D8A501C3}
2011-03-05 12:38 . 2011-03-05 12:38 -------- d-----w- c:\users\pc\AppData\Local\{0C26C201-4414-4073-88CD-FAA5D409EB60}
2011-03-04 20:20 . 2011-03-04 20:21 -------- d-----w- c:\users\pc\AppData\Local\{C6A96C76-3F95-418F-B7A5-A8AD36EBDD1C}
2011-03-01 16:49 . 2011-03-09 16:57 -------- d-----w- c:\program files\LastPass
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-23 15:13 . 2010-12-13 06:22 558514 ----a-w- c:\windows\WINDOWSUPDATE.LOG.TMP
2011-03-23 15:13 . 2010-12-13 06:22 715248 ----a-w- c:\windows\system32\drivers\SPTD.SYS.TMP
2011-03-23 15:13 . 2010-12-13 06:22 3216 ----a-w- c:\windows\system32\7B296FB0-376B-497E-B012-9C450E1B7327-2P-1.C7483456-A289-439D-8115-601632D005A0.TMP
2011-03-23 15:13 . 2010-12-13 06:22 3216 ----a-w- c:\windows\system32\7B296FB0-376B-497E-B012-9C450E1B7327-2P-0.C7483456-A289-439D-8115-601632D005A0.TMP
2011-03-19 07:27 . 2010-11-30 09:00 79992 ----a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2011-03-12 09:28 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-23 15:04 . 2010-06-30 18:06 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2009-06-04 16:17 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-02-27 08:44 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2009-06-04 16:17 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2009-06-04 16:17 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2009-06-04 16:17 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2009-06-04 16:17 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2009-06-04 16:17 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-02 20:40 . 2010-08-02 08:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2009-10-04 07:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 13:11 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 13:11 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 13:11 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 13:11 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 13:11 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 13:11 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-09 13:10 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 13:10 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 13:11 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 13:11 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 13:10 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 13:11 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 13:10 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 13:11 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 13:11 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 13:11 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 13:11 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 13:11 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 13:11 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 13:11 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 13:11 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 13:11 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 13:11 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 13:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 13:11 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-12 21:33 . 2010-06-01 17:00 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-12 21:33 . 2010-06-01 17:00 80064 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-12 21:33 . 2010-06-01 17:00 34744 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-12 21:33 . 2010-06-01 17:00 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-12 21:33 . 2010-06-04 09:55 236600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-10 14:06 . 2011-01-10 14:06 22 --sha-w- c:\users\pc\AppData\Roaming\Sys6925.Config Collection.sys
2011-01-08 08:47 . 2011-02-09 13:10 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 13:10 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-04 12:02 . 2006-07-11 16:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-02 19:22 . 2011-01-02 19:22 167424 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-12-31 13:57 . 2011-02-09 13:11 2039808 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{DFABC5B5-039B-4865-979A-DE31CDF3E351}"= "c:\program files\T0rrentBitch\tbT0rr.dll" [2010-06-01 2735712]
"{90d46c30-9f25-4104-aea9-35c3f84477ff}"= "c:\program files\mipony-plugin\tbmipo.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
.
[HKEY_CLASSES_ROOT\clsid\{90d46c30-9f25-4104-aea9-35c3f84477ff}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90d46c30-9f25-4104-aea9-35c3f84477ff}]
2010-02-22 11:05 2353176 ----a-w- c:\program files\mipony-plugin\tbmipo.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
2010-06-01 13:54 2735712 ----a-w- c:\program files\T0rrentBitch\tbt0rr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\T0rrentBitch\tbT0rr.dll" [2010-06-01 2735712]
"{90d46c30-9f25-4104-aea9-35c3f84477ff}"= "c:\program files\mipony-plugin\tbmipo.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
.
[HKEY_CLASSES_ROOT\clsid\{90d46c30-9f25-4104-aea9-35c3f84477ff}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DFABC5B5-039B-4865-979A-DE31CDF3E351}"= "c:\program files\T0rrentBitch\tbT0rr.dll" [2010-06-01 2735712]
"{90D46C30-9F25-4104-AEA9-35C3F84477FF}"= "c:\program files\mipony-plugin\tbmipo.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
.
[HKEY_CLASSES_ROOT\clsid\{90d46c30-9f25-4104-aea9-35c3f84477ff}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-05 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-10-31 3037696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 196128]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"HPUsageTracking"="c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe" [2007-11-02 36864]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-22 2548552]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-10-30 2183680]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2011-03-19 294912]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"WMateTray"="c:\program files\T55\WinMate\WinMate.exe" [2011-02-23 138240]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
.
c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-7-19 118784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Search Protection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
"Packard Bell Software Suite"="c:\program files\Packard Bell\Software Suite\PBSoftSuite.exe" /run
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"AutoShutdown"=c:\program files\Smart PC Solutions\Smart Auto Shutdown\SmartAutoShutdown.exe
"Microsoft Office Outlook"=c:\progra~1\MICROS~2\OFFICE11\OUTLOOK.EXE /recycle
"Google Update"="c:\users\pc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe"
"PrnStatusMX"=c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.15.4\BabylonToolbarsrv.exe" /md I
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 gupdate1c9e61555cacb32;Servizio di Google Update (gupdate1c9e61555cacb32);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 133104]
R2 TVService;TVService;c:\program files\Team MediaPortal\MediaPortal TV Server\TVService.exe [2009-05-08 192512]
R2 WMService;WMService;c:\program files\T55\WinMate\WMService.exe [2011-02-13 417280]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-11 715248]
S0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [2011-03-19 79992]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-12 236600]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-12 34744]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-10-30 142592]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
S2 PowerSave;PowerSave Service;c:\program files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [2009-04-06 1002016]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-08 185640]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
S3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-02-11 114952]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1170464]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-03-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-03-17 10:28]
.
2011-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-05 19:38]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 19:39]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 19:39]
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144131909-897630465-247542475-1000Core.job
- c:\users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-28 16:29]
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144131909-897630465-247542475-1000UA.job
- c:\users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-28 16:29]
.
2011-03-29 c:\windows\Tasks\User_Feed_Synchronization-{C44FCBDA-DF0E-49CE-9825-1CA710CC3B3D}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
2011-03-29 c:\windows\Tasks\User_Feed_Synchronization-{DF802B3B-2086-4E0B-A78F-74F3C0C7B641}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
2010-04-09 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-06-09 20:41]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://it.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Compila Moduli - file://c:\program files\LastPass\context.html?cmd=fillforms
IE: Scarica con Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}
TCP: {7072040A-66A5-4898-9902-3C31635F730E} = 156.154.70.22,156.154.71.22
TCP: {F614B787-48E0-4E4B-B37D-0BA9BB37975F} = 87.118.111.215,81.174.67.134
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.it/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\wyqod9qk.pippo\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 3.6 Beta 4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.6 Beta 4\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: avast! WebRep:
wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: KeyScrambler:
keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
FF - Ext: SimilarWeb:
FirefoxAddon@similarWeb.com - %profile%\extensions\FirefoxAddon@similarWeb.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: LastPass:
support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Extension List Dumper:
extensionlistdumper@sogame.cat - %profile%\extensions\extensionlistdumper@sogame.cat
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-03-29 18:01
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
.
C:\## aswSnx private storage
.
Scansione completata con successo
Files nascosti: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.netWindows 6.0.6002 Disk: WDC_WD64 rev.01.0 -> Harddisk0\DR0 -> \Device\00000069
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,71,75,77,27,e9,25,41,a6,b6,10,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,71,75,77,27,e9,25,41,a6,b6,10,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\VritualRoot\MiPony.exe\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\VritualRoot\MiPony.exe\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\VritualRoot\msnmsgr.exe\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\VritualRoot\msnmsgr.exe\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\VritualRoot\orbitdm.exe\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\VritualRoot\SoftonicDownloader_per_ccenhancer.exe\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2011-03-29 18:04:38
ComboFix-quarantined-files.txt 2011-03-29 16:04
.
Pre-Run: 144.110.288.896 byte disponibili
Post-Run: 141.054.554.112 byte disponibili
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - F06426F67E7BCAE6A9C98805D8C28FFC
log hiackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18.34.51, on 29/03/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\VEXPLite\MONLITE.EXE
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.1.0.0_1\plugin\ClickClean.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\Downloads\CROME\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.myheritage.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://it.search.yahoo.com/search?fr=mcafee&p=%sR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: T0rrentBitch Toolbar - {DFABC5B5-039B-4865-979A-DE31CDF3E351} - C:\Program Files\T0rrentBitch\tbT0rr.dll
R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.4\bh\BabylonToolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\sdhelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: T0rrentBitch Toolbar - {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Program Files\T0rrentBitch\tbT0rr.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: T0rrentBitch Toolbar - {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Program Files\T0rrentBitch\tbT0rr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.4\BabylonToolbarTlbr.dll
O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe" "C:\Program Files\Hewlett-Packard\HP UT"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O4 - HKLM\..\Run: [WMateTray] "C:\Program Files\T55\WinMate\WinMate.exe" /start
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Global Startup: ASETRES.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Compila Moduli - file://C:\Program Files\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Scarica con Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - (no file)
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - (no file)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - (no file)
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - (no file)
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - (no file)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\sdhelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\sdhelper.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} -
http://www.myheritage.it/Genoogle/Components/ActiveX/SearchEngineQuery.dllO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} -
http://cainternetsecurity.net/scanner/cascanner.cabO16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} -
http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldit-it.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{7072040A-66A5-4898-9902-3C31635F730E}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{F614B787-48E0-4E4B-B37D-0BA9BB37975F}: NameServer = 87.118.111.215,81.174.67.134
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Servizio di Google Update (gupdate1c9e61555cacb32) (gupdate1c9e61555cacb32) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Program Files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: TVService - Team MediaPortal - C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas
www.tgsoft.it - C:\VEXPLite\viritsvc.exe
O23 - Service: WMService - Unknown owner - C:\Program Files\T55\WinMate\WMService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 18336 bytes