ciao shapiro....ho eseguito il progr. combofix,ti posto il suo log e anche quello nuovo di hijack.....grazie!! duriam PS....su combofix ho questo avviso,cosa devo fare.....ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
ComboFix 09-09-04.02 - sara_2 05/09/2009 12.54.40.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.511 [GMT 2:00]
Eseguito da: c:\documents and settings\sara_2\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\sara_2\Dati applicazioni\MessengerSkinner
c:\documents and settings\sara_2\Dati applicazioni\MessengerSkinner\Userdata\pack1.cab
c:\documents and settings\sara_2\Impostazioni locali\Dati applicazioni\kmegcsa_nav.dat
c:\documents and settings\sara_2\Impostazioni locali\Dati applicazioni\kuckaci_nav.dat
c:\documents and settings\sara_2\Impostazioni locali\Dati applicazioni\mamqk_nav.dat
c:\documents and settings\sara_2\Impostazioni locali\Dati applicazioni\zmylekwj.dat
c:\documents and settings\sara_2\Impostazioni locali\Dati applicazioni\zmylekwj_nav.dat
c:\documents and settings\sara_2\Impostazioni locali\Dati applicazioni\zmylekwj_navps.dat
c:\windows\explorer.exe.tmp
c:\windows\Installer\14e88.msp
c:\windows\Installer\14e8e.msp
c:\windows\Installer\14e90.msp
c:\windows\Installer\1fc01f.msi
c:\windows\Installer\2fa021f.msi
c:\windows\Installer\WMEncoder.msi
.
((((((((((((((((((((((((( Files Creati Da 2009-08-05 al 2009-09-05 )))))))))))))))))))))))))))))))))))
.
2009-08-30 10:24 . 2009-08-30 10:24 -------- d-----w- c:\documents and settings\sara_2\Dati applicazioni\Malwarebytes
2009-08-30 10:24 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 10:24 . 2009-08-30 10:24 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-30 10:24 . 2009-08-30 10:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-08-30 10:24 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 07:58 . 2009-09-01 19:39 -------- d-----w- c:\programmi\Navilog1
2009-08-26 15:09 . 2009-08-28 12:56 -------- d-----w- c:\programmi\uTorrent
2009-08-24 19:42 . 2009-08-24 19:42 -------- d-----w- c:\documents and settings\sara_2\Dati applicazioni\MysteryStudio
2009-08-24 19:41 . 2009-08-27 11:01 -------- d-----w- c:\documents and settings\sara_2\Dati applicazioni\Ubisoft
2009-08-24 14:49 . 2009-08-24 14:49 -------- d--h--w- c:\programmi\FX Uninstall Information
2009-08-22 15:06 . 2009-08-22 15:06 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-22 15:06 . 2009-08-22 15:06 -------- d-----w- c:\programmi\MSBuild
2009-08-22 15:06 . 2009-08-22 15:06 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-22 15:05 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-22 15:05 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-22 15:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-22 15:05 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-22 15:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-22 15:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-22 15:05 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-22 15:05 . 2009-08-22 15:05 -------- d-----w- C:\74739d83f872cf5f63c2c071aa
2009-08-17 15:16 . 2009-08-17 15:16 -------- d-----w- c:\programmi\iPod
2009-08-17 15:16 . 2009-08-17 15:16 -------- d-----w- c:\programmi\iTunes
2009-08-17 15:16 . 2009-08-17 15:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-17 15:12 . 2009-08-17 15:12 -------- d-----w- c:\programmi\Bonjour
2009-08-16 08:56 . 2009-08-16 08:56 -------- d-----w- c:\programmi\SPAM RULE
2009-08-15 16:12 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 18:56 . 2009-08-08 18:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-08-08 18:56 . 2009-09-05 10:33 -------- d-----w- c:\documents and settings\sara_2\Dati applicazioni\SUPERAntiSpyware.com
2009-08-08 18:56 . 2009-09-05 10:33 -------- d-----w- c:\programmi\SUPERAntiSpyware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 10:29 . 2008-01-12 21:34 -------- d-----w- c:\documents and settings\sara_2\Dati applicazioni\OpenOffice.org2
2009-09-04 17:38 . 2008-05-29 17:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-09-04 11:04 . 2008-12-29 09:07 -------- d-----w- c:\documents and settings\sara_2\Dati applicazioni\uTorrent
2009-08-31 13:09 . 2008-10-23 18:48 -------- d-----w- c:\programmi\Ubisoft
2009-08-30 17:03 . 2009-02-11 21:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-08-30 10:13 . 2008-02-15 18:05 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-29 22:28 . 2009-06-12 15:38 -------- d-----w- c:\documents and settings\sara_2\Dati applicazioni\vlc
2009-08-28 18:54 . 2008-01-13 18:16 -------- d-----w- c:\programmi\Circle Developement
2009-08-27 23:15 . 2007-10-19 14:01 -------- d-----w- c:\programmi\LimeWire
2009-08-27 23:07 . 2007-12-24 11:15 25696 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-22 15:10 . 2004-08-19 12:00 83934 ----a-w- c:\windows\system32\perfc010.dat
2009-08-22 15:10 . 2004-08-19 12:00 489038 ----a-w- c:\windows\system32\perfh010.dat
2009-08-21 09:51 . 2007-06-04 13:47 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-20 10:57 . 2009-02-11 21:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-20 10:57 . 2009-02-11 21:50 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 10:57 . 2009-02-11 21:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 15:10 . 2008-11-08 09:54 -------- d-----w- c:\programmi\QuickTime
2009-08-17 15:08 . 2007-11-13 19:23 -------- d-----w- c:\programmi\File comuni\Apple
2009-08-16 16:57 . 2009-08-16 16:57 6656 --sha-w- c:\windows\system32\drivers\Thumbs.db
2009-08-16 08:56 . 2008-01-08 15:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MPEG ELSE ONE VIEW
2009-08-08 18:46 . 2008-05-29 17:37 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-06 12:35 . 2007-10-19 14:03 -------- d-----w- c:\programmi\Java
2009-08-05 08:59 . 2004-08-19 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 10:38 . 2007-12-25 14:17 -------- d-----w- c:\documents and settings\sara_2\Dati applicazioni\LimeWire
2009-08-01 07:45 . 2008-12-14 15:02 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-07-30 17:06 . 2007-06-22 16:42 -------- d-----w- c:\programmi\File comuni\HP
2009-07-30 17:06 . 2007-06-22 16:41 -------- d-----w- c:\programmi\Hewlett-Packard
2009-07-30 17:02 . 2007-06-22 16:32 -------- d-----w- c:\programmi\HP
2009-07-29 09:25 . 2008-01-13 18:16 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-07-25 03:23 . 2009-05-17 22:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-19 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:55 . 2004-08-19 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:55 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:54 . 2004-08-19 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-19 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-19 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:43 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-19 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2007-06-04 12:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-19 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2008-07-13 20:36 . 2007-06-23 14:12 25 ----a-w- c:\programmi\Evviva puzzle!Impostazioni.CFG
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
2002-07-31 17:55 . 2008-07-04 12:53 106 --sh--w- c:\windows\WSYS049.SYS
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-10-09 185632]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SweetIM"="c:\programmi\SweetIM\Messenger\SweetIM.exe" [2009-01-28 111928]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-20 2007832]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-16 68592]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"One view global this"="c:\documents and settings\All Users\Dati applicazioni\MPEG ELSE ONE VIEW\Surf obj.exe" [2009-09-05 708608]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-07-13 292128]
c:\documents and settings\Guest\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.0.lnk - c:\programmi\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
c:\documents and settings\sara_2\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 2.0.lnk - c:\programmi\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 10:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Programmi\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\documents and settings\sara_2\Dati applicazioni\Facebook\facebook.exe"= c:\documents and settings\sara_2\Dati applicazioni\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4662:TCP"= 4662:TCP:emule:TCP in ingresso
"4672:UDP"= 4672:UDP:emule:UDP in ingresso
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/02/2009 23.50.34 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/02/2009 23.50.43 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [20/08/2009 12.57.02 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/02/2009 23.50.08 297752]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [25/06/2008 12.07.35 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [28/07/2008 15.09.06 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [28/07/2008 15.08.59 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [28/07/2008 15.16.56 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [28/07/2008 15.13.04 100008]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - SASENUM
.
Contenuto della cartella 'Scheduled Tasks'
2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-09-05 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-12 18:39]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uInternet Settings,ProxyOverride = *.local
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\sara_2\Dati applicazioni\Mozilla\Firefox\Profiles\qsco7h3f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.hiyo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-05 13:01
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(568)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2009-09-05 13.04.04
ComboFix-quarantined-files.txt 2009-09-05 11:03
Pre-Run: 138.454.339.584 byte disponibili
Post-Run: 138.433.880.064 byte disponibili
221 --- E O F --- 2009-09-02 01:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.19.45, on 05/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\File comuni\InstallShield\UpdateService\agent.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.virgilio.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Dati applicazioni\MPEG ELSE ONE VIEW\Surf obj.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: CabBuilder -
http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://cid-6cec0390726b81d7.spaces.live.com/PhotoUpload/MsnPUpld.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
--
End of file - 9435 bytes