Ciao, grazie per la risposta, ho fatto tutto e lascio i post. volevo informarti che ne lascio uno in più che sarebbe quello di malawarebites è il secondo. perche ceri malaware non è riuscito ad eliminarli! quindi ho dovuto riavviare. ok?
ciao
Malwarebytes' Anti-Malware 1.32
Versione del database: 1643
Windows 5.1.2600 Service Pack 3
11/01/2009 23.28.57
mbam-log-2009-01-11 (23-28-40).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 105202
Tempo trascorso: 25 minute(s), 45 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 1
Chiavi di registro infette: 11
Valori di registro infetti: 1
Elementi dato del registro infetti: 2
Cartelle infette: 1
File infetti: 15
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
C:\WINDOWS\system32\pcqtvd.dll (Trojan.Vundo) -> No action taken.
Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b349bb1e-ee99-4d89-96d0-12cb2172b849} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b349bb1e-ee99-4d89-96d0-12cb2172b849} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{adb85d37-2e81-40ee-bc56-68d583620e40} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{adb85d37-2e81-40ee-bc56-68d583620e40} (Trojan.BHO.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b349bb1e-ee99-4d89-96d0-12cb2172b849} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{adb85d37-2e81-40ee-bc56-68d583620e40} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
Valori di registro infetti:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> No action taken.
Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnkiccr -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Heuristics.Reserved.Word.Exploit) -> Data: c:\docume~1\bandaz\datiap~1\micros~1\spoolsv.exe -> No action taken.
Cartelle infette:
C:\Programmi\RelevantKnowledge (Spyware.Marketscore) -> No action taken.
File infetti:
C:\WINDOWS\system32\pcqtvd.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hfluohpo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ophoulfh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pmnkIcCR.dll (Trojan.BHO.H) -> No action taken.
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.hfluohpo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\plegov.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rfsacyvh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ialhgdqp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xnwgredm.dll (Trojan.Vundo) -> No action taken.
C:\Programmi\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> No action taken.
C:\Programmi\RelevantKnowledge\rlvknlg.exe (Spyware.Marketscore) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\drivers\mstinit.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\comrepl.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Bandaz\Dati applicazioni\Microsoft\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
2" quello in più:
Malwarebytes' Anti-Malware 1.32
Versione del database: 1643
Windows 5.1.2600 Service Pack 3
11/01/2009 23.30.22
mbam-log-2009-01-11 (23-30-22).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 105202
Tempo trascorso: 25 minute(s), 45 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 1
Chiavi di registro infette: 11
Valori di registro infetti: 1
Elementi dato del registro infetti: 2
Cartelle infette: 1
File infetti: 15
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
C:\WINDOWS\system32\pcqtvd.dll (Trojan.Vundo) -> Delete on reboot.
Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b349bb1e-ee99-4d89-96d0-12cb2172b849} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b349bb1e-ee99-4d89-96d0-12cb2172b849} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{adb85d37-2e81-40ee-bc56-68d583620e40} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb85d37-2e81-40ee-bc56-68d583620e40} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b349bb1e-ee99-4d89-96d0-12cb2172b849} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{adb85d37-2e81-40ee-bc56-68d583620e40} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
Valori di registro infetti:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> Quarantined and deleted successfully.
Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnkiccr -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Heuristics.Reserved.Word.Exploit) -> Data: c:\docume~1\bandaz\datiap~1\micros~1\spoolsv.exe -> Quarantined and deleted successfully.
Cartelle infette:
C:\Programmi\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
File infetti:
C:\WINDOWS\system32\pcqtvd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hfluohpo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ophoulfh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnkIcCR.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.hfluohpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\plegov.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rfsacyvh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ialhgdqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xnwgredm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programmi\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Programmi\RelevantKnowledge\rlvknlg.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\mstinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\comrepl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bandaz\Dati applicazioni\Microsoft\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
3" :
Malwarebytes' Anti-Malware 1.32
Versione del database: 1643
Windows 5.1.2600 Service Pack 3
12/01/2009 0.09.09
mbam-log-2009-01-12 (00-09-09).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 104330
Tempo trascorso: 24 minute(s), 49 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
Poi ho pulito tutto con CCleaner che avevo già!
Poi c'è quello di combofix che come veniva richiesto ho chiuso tutto, ma mi ha richiesto una connessione per il salvataggio di ripristino di sistema, che in seguito per ovviare al problema ho spento il modem wireless!
ComboFix 09-01-10.03 - Bandaz 2009-01-12 0.15.13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2047.1489 [GMT 1:00]
Eseguito da: c:\documents and settings\Bandaz\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Bandaz\Dati applicazioni\logman.exe
c:\documents and settings\Bandaz\Impostazioni locali\Dati applicazioni\aitfwa.dat
c:\documents and settings\Bandaz\Impostazioni locali\Dati applicazioni\aitfwa_nav.dat
c:\documents and settings\Bandaz\Impostazioni locali\Dati applicazioni\aitfwa_navps.dat
c:\windows\jestertb.dll
c:\windows\system32\msexcl35.dll
c:\windows\system32\msltus35.dll
c:\windows\system32\mspdox35.dll
c:\windows\system32\mstext35.dll
c:\windows\system32\msxbse35.dll
.
((((((((((((((((((((((((( Files Creati Da 2008-12-11 al 2009-01-11 )))))))))))))))))))))))))))))))))))
.
2009-01-11 22:59 . 2009-01-11 23:28 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-11 22:59 . 2009-01-11 22:59 <DIR> d-------- c:\documents and settings\Bandaz\Dati applicazioni\Malwarebytes
2009-01-11 22:59 . 2009-01-11 22:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-11 22:59 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-11 22:59 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 15:25 . 2009-01-11 23:39 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-10 15:19 . 2009-01-11 08:55 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-10 15:19 . 2009-01-10 15:19 <DIR> d-------- c:\programmi\AVG
2009-01-10 15:19 . 2009-01-10 15:19 <DIR> d-------- c:\documents and settings\Bandaz\Dati applicazioni\AVGTOOLBAR
2009-01-10 15:19 . 2009-01-10 15:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-01-10 15:19 . 2009-01-10 15:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-10 15:19 . 2009-01-10 15:19 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-10 15:19 . 2009-01-10 15:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-10 13:54 . 2006-09-15 18:04 77,824 --a------ c:\windows\system32\hcwTVDlg.ita
2009-01-10 13:54 . 2006-10-13 15:03 69,632 --a------ c:\windows\system32\hcwChMgr.ita
2009-01-10 13:54 . 2006-09-15 18:04 65,536 --a------ c:\windows\system32\hcwDlg.ita
2009-01-10 13:54 . 2006-09-15 18:00 65,536 --a------ c:\windows\system32\hcwChan.ita
2009-01-10 03:00 . 2009-01-10 03:00 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-10 02:02 . 2009-01-10 02:02 <DIR> d-------- c:\programmi\Yahoo!
2009-01-10 02:02 . 2009-01-10 02:02 <DIR> d-------- c:\documents and settings\Bandaz\Dati applicazioni\Yahoo!
2009-01-10 02:02 . 2009-01-10 02:04 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-01-10 01:57 . 2009-01-10 02:57 <DIR> d-------- c:\programmi\SpywareBlaster
2009-01-10 01:32 . 2009-01-10 02:56 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2009-01-10 01:32 . 2009-01-10 12:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-10 01:13 . 2009-01-10 01:13 <DIR> d-------- c:\programmi\ClamWin
2009-01-10 01:13 . 2009-01-10 01:13 <DIR> d-------- c:\documents and settings\Bandaz\Dati applicazioni\.clamwin
2009-01-10 01:13 . 2009-01-10 01:13 <DIR> d-------- c:\documents and settings\All Users\.clamwin
2009-01-10 01:09 . 2009-01-10 01:09 <DIR> d-------- c:\programmi\Trend Micro
2009-01-10 00:39 . 2009-01-10 00:39 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-10 00:32 . 2009-01-05 20:12 81,920 --a------ c:\windows\esentutl.exe
2009-01-08 11:57 . 2009-01-05 20:12 81,920 --a------ c:\windows\clipsrv.exe
2009-01-08 11:40 . 2009-01-08 11:40 <DIR> dr------- c:\documents and settings\LocalService\Preferiti
2009-01-07 15:48 . 2009-01-05 20:12 81,920 --a------ c:\documents and settings\Bandaz\Dati applicazioni\sessmgr.exe
2009-01-05 20:16 . 2009-01-05 20:16 <DIR> d-------- c:\documents and settings\Bandaz\Dati applicazioni\Babylon
2009-01-05 20:16 . 2009-01-05 20:16 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-01-05 20:02 . 2009-01-05 20:02 <DIR> d-------- c:\programmi\File comuni\Adobe Systems Shared
2009-01-05 20:02 . 2009-01-05 20:02 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Macrovision
2008-12-29 14:29 . 2008-12-29 14:29 <DIR> d-------- c:\documents and settings\Bandaz\Dati applicazioni\vlc
2008-12-29 14:29 . 2008-12-29 14:29 <DIR> d-------- c:\documents and settings\Bandaz\Dati applicazioni\dvdcss
2008-12-29 14:27 . 2008-12-29 14:27 <DIR> d-------- c:\programmi\VideoLAN
2008-12-29 13:41 . 2008-12-29 13:42 56,730 --a------ c:\windows\LAUGH.WAV
2008-12-29 13:40 . 2008-12-29 13:40 3,072 --ahs---- c:\windows\Thumbs.db
2008-12-29 13:38 . 2008-12-29 13:38 45,408 --a------ c:\windows\NOOO.WAV
2008-12-29 13:30 . 2008-12-29 14:59 <DIR> d-------- c:\documents and settings\Bandaz\Dati applicazioni\Vso
2008-12-29 13:30 . 2008-12-29 13:30 87,608 --a------ c:\documents and settings\Bandaz\Dati applicazioni\ezpinst.exe
2008-12-29 13:30 . 2008-12-29 13:30 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-12-29 13:30 . 2008-12-29 13:30 47,360 --a------ c:\documents and settings\Bandaz\Dati applicazioni\pcouffin.sys
2008-12-26 01:51 . 2008-12-26 01:51 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\wmp
2008-12-26 00:59 . 2009-01-09 22:21 69 --a------ c:\windows\NeroDigital.ini
2008-12-19 15:01 . 2008-12-19 15:01 <DIR> d-------- c:\programmi\PowerQuest
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 21:52 --------- d-----w c:\programmi\Mozilla Thunderbird
2009-01-10 11:08 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-10 01:02 --------- d-----w c:\programmi\CCleaner
2009-01-09 16:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-01-05 19:02 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-30 13:23 --------- d-----w c:\programmi\Google
2008-12-26 01:13 --------- d-----w c:\documents and settings\Bandaz\Dati applicazioni\uTorrent
2008-12-23 14:00 --------- d-----w c:\documents and settings\Bandaz\Dati applicazioni\AdobeUM
2008-12-19 14:01 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-17 17:48 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-17 17:48 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-16 03:09 --------- d-----w c:\documents and settings\Bandaz\Dati applicazioni\Media Player Classic
2008-12-11 20:14 --------- d-----w c:\programmi\Microsoft ActiveSync
2008-12-07 15:29 --------- d-----w c:\programmi\Sierra On-Line
2008-12-06 13:48 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-06 13:10 --------- d-----w c:\documents and settings\Bandaz\Dati applicazioni\Leadertech
2008-12-06 02:55 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Codemasters
2008-12-05 21:26 --------- d-----w c:\programmi\HP
2008-12-05 20:31 --------- d-----w c:\programmi\Java
2008-12-05 08:50 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-02 10:15 --------- d--h--r c:\documents and settings\Bandaz\Dati applicazioni\SecuROM
2008-12-01 15:10 --------- d-----w c:\programmi\uTorrent
2008-11-13 12:18 --------- d-----w c:\programmi\Motive
2008-11-13 12:17 --------- d-----w c:\documents and settings\Bandaz\Dati applicazioni\Motive
2008-11-13 12:11 155,995 ----a-w c:\windows\java\Packages\TBZH3L39.ZIP
2008-11-13 12:11 --------- d-----w c:\programmi\Common Files
2008-11-13 12:10 --------- d-----w c:\programmi\Telecom Italia
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 15:34 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2006-06-23 06:48 32,768 -c--a-r c:\windows\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1211176]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-13 68856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-16 13533184]
"nwiz"="c:\windows\system32\nwiz.exe" [2008-06-16 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-16 86016]
"LWBKEYBOARD"="c:\programmi\MultiMedia Keyboard\1.2\KbdAp32A.exe" [2004-04-02 381440]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-10-09 185896]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2008-11-09 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-10 1261336]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 c:\windows\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"="c:\windows\esentutl.exe" [2009-01-05 81920]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-05 113664]
ASUS WiFi-AP Solo.lnk - c:\programmi\ASUS WiFi-AP Solo\RtWLan.exe [2008-10-07 987136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=yvmfzu.dll,pcqtvd.dll,avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Bandaz^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\Bandaz\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--------- 2006-07-13 06:12 729088 c:\programmi\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-10-13 01:55 68856 c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programmi\\eMule\\eMule.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"60297:UDP"= 60297:UDP:per utorrent
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-10 97928]
R3 HCW99BDA;Hauppauge Nova-DT Dual DVB-T Tuner;c:\windows\system32\drivers\hcw99bda.sys [2008-10-07 134601]
R3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\drivers\hcw99rc.sys [2008-10-07 26736]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-10-07 176128]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-10-07 13532]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-10 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-10 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-10 76040]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-06 283904]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2004-10-04 43392]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE --> c:\progra~1\WinTV\HCWTVS~1.EXE [?]
S4 ousbehci;%OWC_USBEHCD.DeviceDesc%;c:\windows\system32\drivers\ousbehci.sys [2008-10-07 29568]
S4 Sjyiskern;Sjyiskern;c:\windows\system32\compact.exe [2006-03-02 18432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Explorer_Run-MqtgSVC - c:\docume~1\Bandaz\IMPOST~1\Temp\mqtgsvc.exe
Notify-hgGyayxu - hgGyayxu.dll
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-12 00:16:09
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-515967899-1957994488-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-515967899-1957994488-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ce,1e,ca,4c,c7,63,4a,d3,ad,89,77,54,86,f9,c2,e9,3b,d2,c8,82,16,
ac,a0,fc,5a,2e,39,4c,32,ad,dc,fe,6a,0f,69,08,97,b4,5f,ce,9d,ef,a7,05,ba,14,\
"rkeysecu"=hex:46,cd,86,9e,fe,96,93,84,69,3e,20,83,b3,cd,6d,f3
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(500)
c:\windows\system32\yvmfzu.dll
c:\windows\system32\avgrsstx.dll
- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\avgrsstx.dll
.
Ora fine scansione: 2009-01-12 0.17.05
ComboFix-quarantined-files.txt 2009-01-11 23:17:03
Pre-Run: 12.467.720.192 byte disponibili
Post-Run: 12,651,302,912 byte disponibili
235 --- E O F --- 2009-01-10 12:00:42
e pr ultimo:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.34.47, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\MultiMedia Keyboard\1.2\KbdAp32A.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\esentutl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\ASUS WiFi-AP Solo\RtWLan.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Programmi\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LWBKEYBOARD] "C:\Programmi\MultiMedia Keyboard\1.2\KbdAp32A.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\WINDOWS\System32\drivers\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\esentutl.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [rsvp] C:\WINDOWS\System32\drivers\rsvp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [rsvp] C:\WINDOWS\System32\drivers\rsvp.exe /waitservice (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: AutoStart IR.lnk = C:\Programmi\WinTV\Ir.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: yvmfzu.dll,pcqtvd.dll,avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Unknown owner - C:\PROGRA~1\WinTV\HCWTVS~1.EXE (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 10136 bytes