Ecco tutto:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.15.45, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Acer\Acer Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas
www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 7615 bytes
ComboFix 08-07-10.1 - SESTIERI DANIELA 2008-07-15 18.04.02.1 -
FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.158 [GMT 2:00]
Eseguito da: C:\Documents and Settings\SESTIERI DANIELA\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dati applicazioni\Starware371
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\494_button_1b_def.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\494_button_1b_over.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\498_button_1b_def.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\498_button_1b_over.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\499_button_1b_def.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\499_button_1b_over.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\Button_60.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\Button_70.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\Button_80.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\findithotxp.png
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\finditxp.png
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\logo.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\contexts\error.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\contexts\Related.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\contexts\Travel.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem26.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem2F.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem3C.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem4E.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem55.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem76.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\Tem7D.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\TemA5.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\TemA9.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\TemE4.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\TemE7.tmp
C:\Documents and Settings\All Users\Dati applicazioni\Starware371\TemF9.tmp
C:\Documents and Settings\All Users\Desktop\crazy girls.lnk
C:\Documents and Settings\All Users\Desktop\nocreditcard.lnk
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\macromedia\Flash Player\iforex.com
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\macromedia\Flash Player\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\AntiMalwareGuard.lnk
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Brani\BraniOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Brani\BraniOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Button_6\Button_6Options.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Button_6\Button_6Options.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Button_7\Button_7Options.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Button_7\Button_7Options.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Button_8\Button_8Options.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Button_8\Button_8Options.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Configurator\Configurator.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Configurator\Configurator.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Manager\ManagerOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Ricerca_di_musica\Ricerca_di_musicaOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Ricerca_di_musica\Ricerca_di_musicaOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Scarica\ScaricaOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Scarica\ScaricaOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Tem1A.tmp
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Tem2D.tmp
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Tem4A.tmp
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Tem56.tmp
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Tem73.tmp
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\TemB3.tmp
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Starware371\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\SESTIERI DANIELA\Menu Avvio\Programmi\InternetGameBox
C:\Documents and Settings\SESTIERI DANIELA\Menu Avvio\Programmi\InternetGameBox\Conditions générales.lnk
C:\Documents and Settings\SESTIERI DANIELA\Menu Avvio\Programmi\InternetGameBox\Confidentialité.lnk
C:\Documents and Settings\SESTIERI DANIELA\Menu Avvio\Programmi\InternetGameBox\Privacy Policy.lnk
C:\Documents and Settings\SESTIERI DANIELA\Menu Avvio\Programmi\InternetGameBox\Terms and conditions.lnk
C:\Documents and Settings\SESTIERI DANIELA\Menu Avvio\Programmi\InternetGameBox\Website.lnk
C:\Documents and Settings\SESTIERI DANIELA\ResErrors.log
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Brani\BraniOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Brani\BraniOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Button_6\Button_6Options.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Button_6\Button_6Options.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Button_7\Button_7Options.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Button_7\Button_7Options.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Button_8\Button_8Options.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Button_8\Button_8Options.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Configurator\Configurator.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Configurator\Configurator.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Manager\ManagerOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Ricerca_di_musica\Ricerca_di_musicaOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Ricerca_di_musica\Ricerca_di_musicaOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Scarica\ScaricaOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Scarica\ScaricaOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\TORRENTE FRANCESCO\Dati applicazioni\Starware371\TravelSearch\TravelSearchOptions.xml.backup
C:\Programmi\3
C:\Programmi\3\FastMobileModem\configMMM.ini
C:\Programmi\3\FastMobileModem\DefaultMMM.ini
C:\Programmi\3\FastMobileModem\Driver.ini
C:\Programmi\3\FastMobileModem\eventMMM.log
C:\Programmi\3\FastMobileModem\MMMODEM.CNT
C:\Programmi\3\FastMobileModem\MMModem.exe
C:\Programmi\3\FastMobileModem\MMModem.GID
C:\Programmi\3\FastMobileModem\MMMODEM.HLP
C:\Programmi\3\FastMobileModem\MMModemcnt.0
C:\Programmi\3\FastMobileModem\MMModemcnt.1
C:\Programmi\3\FastMobileModem\MMModemhlp.0
C:\Programmi\3\FastMobileModem\MMModemhlp.1
C:\Programmi\Starware371
C:\WINDOWS\pack.epk
C:\WINDOWS\recover.reg
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\iwsgm.dat
C:\WINDOWS\system32\iwsgm.exe
c:\WINDOWS\system32\iwsgm_nav.dat
C:\WINDOWS\system32\iwsgm_navps.dat
c:\WINDOWS\system32\iwsgm_navup.dat
C:\WINDOWS\system32\oeminfo.ini
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DHLP
((((((((((((((((((((((((( Files Creati Da 2008-06-15 al 2008-07-15 )))))))))))))))))))))))))))))))))))
.
2008-07-15 14:32 . 2008-07-15 14:32 <DIR> d-------- C:\VEXPLITE
2008-07-15 14:32 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-07-14 17:37 . 2008-07-14 17:37 <DIR> d-------- C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\Grisoft
2008-07-14 17:37 . 2008-07-14 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-07-14 17:37 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-14 14:35 . 2008-07-14 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-07-14 14:34 . 2008-07-14 14:34 <DIR> d-------- C:\Programmi\Trend Micro
2008-07-14 14:31 . 2008-07-14 14:31 <DIR> d-------- C:\antivirus
2008-07-07 20:05 . 2008-07-07 20:05 <DIR> d-------- C:\Programmi\Alwil Software
2008-06-26 21:50 . 2008-06-26 21:50 <DIR> d-------- C:\Programmi\Google
2008-06-26 21:49 . 2008-06-26 21:49 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-24 14:49 . 2008-06-24 14:49 <DIR> d-------- C:\Programmi\Else plus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-21 14:43 --------- d-----w C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\InstallShield
2008-05-21 14:28 --------- d-----w C:\Programmi\Hewlett-Packard
2008-05-21 14:24 --------- d-----w C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\EPSON
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-26 15:40 718,616 ----a-w C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\installer_en[1].exe
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:42 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-21 18:21 140 ----a-w C:\Documents and Settings\SESTIERI DANIELA\Dati applicazioni\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 05:00 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 07:01 180736]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-26 21:50 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 20:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 19:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 20:03 114688]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 05:00 455168]
"PCMService"="C:\Programmi\Acer\Acer Arcade\PCMService.exe" [2005-08-11 11:48 143360]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-19 01:28 462848]
"eRecoveryService"="C:\Programmi\Acer\eRecovery\Monitor.exe" [2005-08-18 19:38 352256]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2006-08-23 14:36 339968]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-06-19 19:41 245760]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.MJPG"= pvmjpg21.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\System32\\FXSCLNT.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Programmi\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2007-10-10 12:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39d44780-4931-11db-9778-4d6564696130}]
\Shell\auto\command - F:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - F:\Knight.exe open
\Shell\find\command - F:\Knight.exe open
\Shell\install\command - F:\Knight.exe open
\Shell\open\command - F:\Knight.exe open
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8afc84f4-49f1-11db-977a-4d6564696130}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc1362f2-8b04-11dc-9b3e-00036f1fcd43}]
\Shell\auto\command - G:\
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
\Shell\explore\command - G:\
\Shell\find\command - G:\
\Shell\install\command - G:\
\Shell\open\command - G:\
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-15 16:00:06 C:\WINDOWS\Tasks\AFB467F491881A04.job"
- c:\docume~1\sestie~1\datiap~1\elsepl~1\Thunkdeafgreat.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-OM_Monitor - C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe
HKLM-Run-BMN - C:\Programmi\File comuni\AntiSpywareControl\bm.exe dm=http://antispywarecontrol.com ad=http://antispywarecontrol.com
Notify-NavLogon - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-15 18:08:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAMMI\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\PROGRAMMI\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAMMI\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAMMI\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\PROGRAMMI\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\WINDOWS\SYSTEM32\FXSSVC.EXE
C:\PROGRAMMI\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAMMI\LAUNCH MANAGER\QTZGACER.EXE
.
**************************************************************************
.
Ora fine scansione: 2008-07-15 18:11:09 - machine was rebooted [SESTIERI DANIELA]
ComboFix-quarantined-files.txt 2008-07-15 16:11:00
16 Directory 15,902,900,224 byte disponibili
35 Directory 15,807,856,640 byte disponibili
327 --- E O F --- 2008-07-09 22:01:28
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
15/07/2008 - 14:36:24
[SCANSIONE DEL REGISTRO]
{DF1C8E21-4045-4D67-B528-335F1A4F0DE9} Infetto da Trojan.Win32.InstantAcce.Gen
* * * RIMOSSO * * *
{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} Infetto da FraudTool.AVSystemCare.A
* * * RIMOSSO * * *
{6F87F145-DC2D-4766-AF03-3A3B96FFAD98} Infetto da FraudTool.AVSystemCare.A
* * * RIMOSSO * * *
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Documents and Settings\SESTIERI DANIELA\Impostazioni locali\Temp\temp.frB14F\ian_monitor.exe Infetto da FraudTool.AdvancedCleaner.A
* * * RIMOSSO * * *
C:\ejhyvpfc.exe Infetto da Trojan.Win32.Small.PY
* * * RIMOSSO * * *
[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
[E:]
Chiavi Registro infette: 3.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 53712.
Files Totali: 53712.
Chiavi Registro rimosse: 3.
Virus Rimossi: 2.
15/07/2008 - 15:20:07
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
[E:]
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 53712.
Files Totali: 53712.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
Grazie
