Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Richieta di avvio progamma PhotoGalley e controllo log HijckThis

Richieta di avvio progamma PhotoGalley e controllo log HijckThis Opzioni
Topic Precedente · Topic Sucessivo
patton
Inviato: Sunday, January 30, 2011 10:33:54 AM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Windows Xp Pro,ie ed.8 ,Avast 5.

All'avvio dl PC si apre la finestra di installazione e inizia a caricare il pogramma PhotoGallery.Esegue il caricamento di qualcosa e poi apre una finestra che mi chiede di caricare il programma PhotoGallery da cd.
Non conosco questo programma e quindi non riesco a capire da quale sorgente effettua il caicamento.
Questa finestra riesco ad eliminarla solo attraveso l'end task di Windows Task Manager.
Allego il file log di HijackThis.
Ringrazio chi mi aiuta a risolvere questo problema.
Ciao

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10.14.01, on 30/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Cobian Backup 10\Cobian.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Softland\FBackup 4\fbaSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Vincenzo\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Aiutamici Toolbar - {681322c2-653e-4791-9ba1-c10a20c3c793} - C:\Program Files\Aiutamici\tbAiu0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Aiutamici Toolbar - {681322c2-653e-4791-9ba1-c10a20c3c793} - C:\Program Files\Aiutamici\tbAiu0.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Aiutamici Toolbar - {681322c2-653e-4791-9ba1-c10a20c3c793} - C:\Program Files\Aiutamici\tbAiu0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Cobian Backup 10] "C:\Program Files\Cobian Backup 10\Cobian.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vincenzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [FBackup Scheduler] "C:\Program Files\Softland\FBackup 4\fbaSched.exe"
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Vincenzo\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.redshift.maris.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278216797027
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe

--
End of file - 13224 bytes
Torna in alto
 
Sponsor
Inviato: Sunday, January 30, 2011 10:33:54 AM

 
Torna in alto
 
a.roselli
Inviato: Sunday, January 30, 2011 2:00:59 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,044
Il log mi sembra pulito

controlla se nel menu Esecuzione Automatica di windows c'è qualche strana icona, rimuovi se non conosci il programma

fai una scansione Completa con MalwareBytes
http://software.aiutamici.com/software?ID=80346


alfonso_aiutamici@hotmail.it
Torna in alto
 
patton
Inviato: Tuesday, February 01, 2011 9:26:27 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Ho visto i programmi in esecuzione automatica ma non c'è niente che fa riferimento a Photogallery.
Ho fatto una scansione con il programma MalwareBytes ma non ha trovato niente.
Penso che questo programma sian legato a Windows live messenger o a windows live mail.
Ciao
Torna in alto
 
a.roselli
Inviato: Tuesday, February 01, 2011 9:58:15 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,044
Allora disinstallalo da Installazioni Applicazioni, oppure rimuovi Windows Live e reinstalli solo quello che ti serve.


alfonso_aiutamici@hotmail.it
Torna in alto
 
meme1580
Inviato: Wednesday, February 02, 2011 12:12:00 PM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170
il programma riguarda HP, fixa queste due voci e vedrai che il problema sparisce:

Commenta:
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe



secondo mè poi ci sarebbe da fare un po' di pulizia
Torna in alto
 
patton
Inviato: Wednesday, February 02, 2011 8:15:05 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Ho eseguito il consiglio di a.roselli ma il problema si è presentato di nuovo.
Appena ho ricevuto il consiglio di meme1580 l'ho eseguito con esito positivo.
Chiedo a meme1580,visto che me lo consiglia, che cosa devo fare per un pò di pulizia.
Ringrazio entrambi per le risposte che mi avete date.
Ciao
Torna in alto
 
meme1580
Inviato: Thursday, February 03, 2011 9:12:37 AM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170
Hai alcune toolbar che rallentano il pc, se non le utilizzi disinstallale.

Commenta:
Toolbar: Adobe PDF
Toolbar: Conduit Engine
Toolbar: &Windows Live Toolbar


Prima prova con il metodo classico:
Start>Pannello di controllo>installazione applicazioni.

Se dopo averle disinstallate compaiono ancora nel log hijackthis fixa queste voci:

Commenta:
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

Questo sito è stato inserito nella trusted zone (siti sicuri)

Commenta:
http://www.redshift.maris.com


Se non lo conosci scarica il file Deldomains.inf
http://www.mvps.org/winhelp2002/DelDomains.inf
Salvalo sul desktop selezionalo con il tasto destro premendo dal menu "Installa".

Dai una pulita con ccleaner (registro compreso).
http://www.piriform.com/ccleaner/download/standard

NELLA SCHERMATA INIZIALE DI CCLEANER

Clicca su Opzioni e poi Avanzate e togli il segno di spunta a:
Cancella i file in Windows Temp solo se più vecchi di 24 ore e poi esegui la pulizia(registro compreso)
Scarica atf cleaner
http://www.atribune.org/ccount/click.php?id=1
Lancialo metti la supunta su select all e poi premi su empty selected.
Avvia nuovamente Hijackthis
clicca su Config
quindi su Misc Tools
infine su ADS Spy.
Togli la spunta da "Quick Scan" e clicca su Scan per lanciare l'analisi.
Quando ha finito seleziona tutte le voci che ha trovato (se fossero tante clicca sulaa prima voce con il tasto destro del mouse, scegli select all) e premi su remove selected.
posta un nuvo log hijackthis
Torna in alto
 
patton
Inviato: Thursday, February 03, 2011 12:58:50 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Per meme1580.
Ho eseguito le tue indicazioni.
Ti allego il nuovo log di hijackthis.
Comunicami se tutto va bene.
Ciao


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12.44.42, on 03/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Cobian Backup 10\Cobian.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Softland\FBackup 4\fbaSched.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Vincenzo\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Aiutamici Toolbar - {681322c2-653e-4791-9ba1-c10a20c3c793} - C:\Program Files\Aiutamici\tbAiu0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Aiutamici Toolbar - {681322c2-653e-4791-9ba1-c10a20c3c793} - C:\Program Files\Aiutamici\tbAiu0.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Aiutamici Toolbar - {681322c2-653e-4791-9ba1-c10a20c3c793} - C:\Program Files\Aiutamici\tbAiu0.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Cobian Backup 10] "C:\Program Files\Cobian Backup 10\Cobian.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vincenzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [FBackup Scheduler] "C:\Program Files\Softland\FBackup 4\fbaSched.exe"
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Vincenzo\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.redshift.maris.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278216797027
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe

--
End of file - 12002 bytes
Torna in alto
 
meme1580
Inviato: Thursday, February 03, 2011 1:06:25 PM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170
fixa questa voce:

Commenta:
O15 - Trusted Zone: http://www.redshift.maris.com


SEGUI ALLA LETTERA QUANTO SEGUE
scarica combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

IMPORTANTE
Prima di lanciarlo disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo averlo scaricato chiudi la connessione.

Doppio click su combofix.exe
E' probabile che ti siano inviati messaggi dall'antivirus o dallo stesso Combofix ma tu ignorali.

Se ti viene chiesto di Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante la scansione è importante non usare il PC (NE MAUSE NE TASTIERA) e attendere la fine del controllo.
Al termine, verrà creato un file log sul Desktop (C:\ComboFix.txt), postalo
Torna in alto
 
patton
Inviato: Thursday, February 03, 2011 7:45:19 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Ti invio il log.txt di ComboFix.
Ciao

ComboFix 11-01-31.02 - Vincenzo 03/02/2011 19.22.43.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1524 [GMT 1:00]
Running from: c:\documents and settings\Vincenzo\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\windows\AUTOLNCH.REG
c:\windows\system32\setup.ini
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2011-01-03 to 2011-02-03 )))))))))))))))))))))))))))))))
.

2011-02-02 07:01 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{0B35DAB8-BF9E-4C57-886A-18E18316522E}\mpengine.dll
2011-02-01 20:37 . 2011-02-01 20:37 -------- d-----w- c:\program files\Common Files\Skype
2011-01-31 20:40 . 2011-01-31 20:40 -------- d-----w- c:\program files\MSECache
2011-01-30 07:30 . 2011-02-03 18:11 -------- d-----w- c:\documents and settings\Vincenzo\Application Data\Dropbox
2011-01-29 06:44 . 2011-01-29 06:45 -------- d-----w- c:\program files\CrystalDiskInfo
2011-01-29 06:30 . 2011-01-29 06:30 -------- d-----w- c:\program files\iPod
2011-01-29 06:30 . 2011-01-29 06:31 -------- d-----w- c:\program files\iTunes
2011-01-26 22:30 . 2011-01-26 22:30 -------- d-----w- c:\windows\{14ED93BE-C89A-4BA2-810F-32F1A9334636}
2011-01-21 20:30 . 2011-01-21 20:30 -------- d-----w- c:\documents and settings\Vincenzo\Local Settings\Application Data\Safe mirror
2011-01-21 20:30 . 2011-01-21 20:30 -------- d-----w- c:\program files\Cobian Backup 10
2011-01-20 21:45 . 2011-01-20 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2011-01-20 21:30 . 2011-01-20 21:30 -------- d-----w- c:\documents and settings\Vincenzo\Application Data\Stellarium
2011-01-20 20:38 . 2005-06-10 22:33 232960 ----a-w- c:\windows\system32\SciLexer.dll
2011-01-20 20:38 . 2005-06-10 22:33 161792 ----a-w- c:\windows\system32\Scintilla.dll
2011-01-20 20:36 . 2011-01-20 20:36 -------- d-----w- c:\program files\Maris Technologies
2011-01-20 20:36 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-01-20 20:36 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-01-20 20:36 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-01-20 20:36 . 2002-12-02 12:33 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-01-20 20:36 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-01-20 20:36 . 2011-01-20 20:36 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-01-20 20:36 . 2011-01-20 20:36 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-01-20 20:36 . 2002-12-05 13:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-01-19 16:23 . 2011-01-19 16:23 -------- d-----w- c:\program files\Macrium
2011-01-17 19:03 . 2011-01-17 19:03 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2011-01-17 19:02 . 2011-01-17 19:02 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys
2011-01-17 19:02 . 2011-01-17 19:02 45208 ----a-w- c:\windows\system32\drivers\psmounter.sys
2011-01-16 11:41 . 2011-01-16 11:46 -------- d-----w- c:\documents and settings\Vincenzo\Application Data\DICOMedReview
2011-01-15 14:01 . 2011-01-15 14:01 -------- d-----w- c:\documents and settings\Vincenzo\Application Data\FastStone
2011-01-15 13:59 . 2011-01-15 14:00 -------- d-----w- c:\program files\FastStone Image Viewer
2011-01-14 19:08 . 2011-01-14 19:08 -------- d-----w- c:\documents and settings\Vincenzo\Application Data\GlarySoft
2011-01-07 20:26 . 2011-01-07 20:26 -------- d-----w- c:\documents and settings\Vincenzo\Local Settings\Application Data\Help
2011-01-07 20:19 . 2011-01-31 20:04 -------- d-----w- c:\documents and settings\Vincenzo\Local Settings\Application Data\RadioSure

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 09:41 . 2010-11-30 12:08 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-01-13 08:47 . 2010-07-04 12:34 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-07-04 12:34 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-07-04 12:34 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-07-04 12:34 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-07-04 12:34 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-07-04 12:34 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-07-04 12:34 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-07-04 12:34 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-31 20:06 . 2010-07-04 12:34 38848 ----a-w- c:\windows\avastSS.scr
2010-12-20 17:09 . 2010-11-03 22:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-11-03 22:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-25 09:53 . 2010-12-10 20:20 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-25 09:42 . 2010-12-10 20:19 124992 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-11-24 08:18 . 2010-12-10 20:19 89192 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-11-18 18:12 . 2010-07-03 01:14 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 15:21 . 2010-11-17 15:21 1409 ----a-w- c:\windows\system32\tmp9F3B8.FOT
2010-11-17 15:21 . 2010-11-17 15:21 1409 ----a-w- c:\windows\system32\tmp454B8.FOT
2010-11-17 09:19 . 2010-12-10 20:20 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-12 17:53 . 2010-10-15 12:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-10-15 12:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2006-04-08 17:16 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2006-04-08 17:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2006-04-08 17:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2006-04-08 17:15 1469440 ------w- c:\windows\system32\inetcpl.cpl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{681322c2-653e-4791-9ba1-c10a20c3c793}"= "c:\program files\Aiutamici\tbAiu0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{681322c2-653e-4791-9ba1-c10a20c3c793}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{681322c2-653e-4791-9ba1-c10a20c3c793}]
2010-10-18 16:26 3908192 ----a-w- c:\program files\Aiutamici\tbAiu0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{681322c2-653e-4791-9ba1-c10a20c3c793}"= "c:\program files\Aiutamici\tbAiu0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{681322c2-653e-4791-9ba1-c10a20c3c793}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{681322C2-653E-4791-9BA1-C10A20C3C793}"= "c:\program files\Aiutamici\tbAiu0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{681322c2-653e-4791-9ba1-c10a20c3c793}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Vincenzo\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Vincenzo\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Vincenzo\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Vincenzo\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Google Update"="c:\documents and settings\Vincenzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-20 136176]
"FBackup Scheduler"="c:\program files\Softland\FBackup 4\fbaSched.exe" [2011-01-21 2126672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-01-31 155648]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2005-07-23 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Cobian Backup 10"="c:\program files\Cobian Backup 10\Cobian.exe" [2010-09-23 421376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

c:\documents and settings\Vincenzo\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Vincenzo\Application Data\Dropbox\bin\Dropbox.exe [2011-1-27 23361424]
qlock.lnk - c:\program files\Qlock\qlock.exe [2009-2-14 4142080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-7-4 25214]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Vincenzo\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Vincenzo\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [17/01/2011 20.02.36 16024]
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [08/11/2010 10.10.14 41928]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [08/11/2010 10.10.14 11776]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/07/2010 13.34.51 294608]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [10/12/2010 21.20.50 249616]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [08/11/2010 10.10.12 2853904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/07/2010 13.34.52 17744]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [21/01/2011 21.30.24 67584]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [10/12/2010 21.20.52 160448]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [17/01/2011 20.02.06 220824]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [10/12/2010 21.19.14 89192]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [10/12/2010 21.19.14 57536]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/07/2010 14.58.17 136176]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [08/11/2010 10.10.13 72808]
S3 cpuz134;cpuz134; [x]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [10/12/2010 21.19.14 57536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [10/12/2010 21.19.12 124992]
S3 speccy;speccy;\??\c:\docume~1\Vincenzo\LOCALS~1\Temp\3487b6bf-c099-437f-bb06-5ff02b3e9cb2 --> c:\docume~1\Vincenzo\LOCALS~1\Temp\3487b6bf-c099-437f-bb06-5ff02b3e9cb2 [?]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [23/12/2010 20.36.47 229376]
.
Contents of the 'Scheduled Tasks' folder

2011-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2011-02-03 c:\windows\Tasks\fba_Copia desktop.job
- c:\program files\Softland\FBackup 4\fbaSchedStarter.exe [2010-11-04 17:04]

2011-02-03 c:\windows\Tasks\fba_Documenti Gennaro Dell.job
- c:\program files\Softland\FBackup 4\fbaSchedStarter.exe [2010-11-04 17:04]

2011-02-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-04 13:13]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 13:58]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 13:58]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1202660629-1343024091-1004Core.job
- c:\documents and settings\Vincenzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-05 18:04]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1202660629-1343024091-1004UA.job
- c:\documents and settings\Vincenzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-05 18:04]

2011-02-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2011-01-09 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-11-17 17:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: maris.com\www.redshift
FF - ProfilePath - c:\documents and settings\Vincenzo\Application Data\Mozilla\Firefox\Profiles\s40c7c8k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2637690&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: JMundo: jmundo@jmarquis.it - %profile%\extensions\jmundo@jmarquis.it
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: Aiutamici Community Toolbar: {681322c2-653e-4791-9ba1-c10a20c3c793} - %profile%\extensions\{681322c2-653e-4791-9ba1-c10a20c3c793}
FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-03 19:32
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\speccy]
"ImagePath"="\??\c:\docume~1\Vincenzo\LOCALS~1\Temp\3487b6bf-c099-437f-bb06-5ff02b3e9cb2"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1212)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-02-03 19:40:07
ComboFix-quarantined-files.txt 2011-02-03 18:39

Pre-Run: 54.314.827.776 bytes free
Post-Run: 54.263.189.504 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

- - End Of File - - F50FBD98B7BFB652EBEA3085F640C96B
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Richieta di avvio progamma PhotoGalley e controllo log HijckThis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.