Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Microsoft security essential Opzioni
claudiomaria
Inviato: Friday, January 22, 2010 4:53:51 PM

Rank: Member

Iscritto dal : 12/10/2009
Posts: 14
buona sera a tutti,
ho da qualche giorno installato l'antivirus in oggetto perchè la versione AVG free 9. mi dava dei problemi di rallentamento. Anche con MSE però non si scherza e il file msmpeng.exe mi utilizza una quantità industriale del tempo e spazio della CPU.Brick wall
Qualche amico sa darmi delle dritte su come migliorare la situazione? o è proprio inevitabile che mi tenga i tempi biblici degli antivirus?
Grazie a tutti
Sponsor
Inviato: Friday, January 22, 2010 4:53:51 PM

 
r16
Inviato: Friday, January 22, 2010 4:58:52 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Se 2 antivirus su 2 ti danno problemi, forse bisogna fare una ricerca nel pc, per verificare eventuali infezioni:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
Al termine, aggiungi un log di HijackThis
claudiomaria
Inviato: Friday, January 22, 2010 8:14:55 PM

Rank: Member

Iscritto dal : 12/10/2009
Posts: 14
Ciao.
ho scansionato con malawarebytes e Hijackthis di cui posto i log ma il problema è forse solo nei file exe dei due antivirus che ho usato ultimamente perchè per esempio con avg 8.0 non avevo nessun problema di lentezza.
Comunque grazie per l'aiuto che vorrete darmi.

Malwarebytes' Anti-Malware 1.44
Versione del database: 3615
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
22/01/2010 20.04.25
mbam-log-2010-01-22 (20-04-25).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 212327
Tempo trascorso: 1 hour(s), 32 minute(s), 41 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.05.46, on 22/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Microsoft Security Essentials\MsMpEng.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\SSLEmptyCache.exe
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.ask.com?o=15446&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\periferiche\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\periferiche\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [bit4id store register] RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSSE] "c:\Programmi\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\periferiche\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} (Posto di Lavoro del Cittadino - Attestazione) - http://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
O16 - DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} (Posto di Lavoro del Cittadino - Autenticazione utente) - http://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
O16 - DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} (Posto di Lavoro del Cittadino - Interprete dati) - http://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
O16 - DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} (Postazione di Lavoro del Cittadino 3.0) - http://supportsiss.lispa.it/components/pdlc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E4DAAF6-D936-41D8-99AC-9FB56AC0E75D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E4DAAF6-D936-41D8-99AC-9FB56AC0E75D}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 9375 bytes
r16
Inviato: Friday, January 22, 2010 11:41:53 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Hai un sacco di Toolbar, che non ti servono:
Vai in Installazione Applicazioni e disistallale.

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

Trova e cancella i file in rosso:
C:\Programmi\Ask.com\GenericAskToolbar.dll (è una cartella)

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Riavvia il pc.

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO

Vedi se migliora qualcosa.
claudiomaria
Inviato: Saturday, January 23, 2010 4:14:19 PM

Rank: Member

Iscritto dal : 12/10/2009
Posts: 14
r16,
ho fatto quanto consigliato, miglioramento non eclatante, vedremo più avanti se noterò maggiori differenze.
non ho disattinato O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE perchè dovrebbe essere legato allo scanner Canon che ho in uso.
Grazie per l'aiuto.
r16
Inviato: Saturday, January 23, 2010 4:42:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Vediamo se c'è qualcosa di più nascosto:

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
claudiomaria
Inviato: Saturday, January 23, 2010 8:50:20 PM

Rank: Member

Iscritto dal : 12/10/2009
Posts: 14
ciao r16,
ecco il log di combofix (e per non sapere ne leggere ne scrivere come si dice sempre) ti posto anche l' hijackthis.
Grazie e buona Domenica.

ComboFix 10-01-23.02 - claudio 23/01/2010 20.26.50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1278.790 [GMT 1:00]
Eseguito da: c:\documents and settings\claudio\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\struct~.ini
c:\windows\system32\bit4cnsp.dll
c:\windows\system32\SIntf16.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\uninstall.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-12-23 al 2010-01-23 )))))))))))))))))))))))))))))))))))
.

2010-01-22 19:44 . 2010-01-22 19:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA Corporation
2010-01-22 19:43 . 2010-01-22 19:45 -------- d-----w- c:\programmi\NVIDIA Corporation
2010-01-22 19:42 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-22 19:42 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-22 17:20 . 2010-01-22 17:20 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-22 15:42 . 2010-01-22 15:42 -------- d-----w- C:\Media
2010-01-20 12:42 . 2010-01-20 12:42 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\LocalCopy\{3B28731F-53F5-F2EF-D2DA-CA1858030A37}-SASSEH.DLL
2010-01-20 12:25 . 2010-01-20 16:53 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\BitTorrent
2010-01-20 12:25 . 2010-01-20 12:25 -------- d-----w- c:\programmi\BitTorrent
2010-01-19 15:46 . 2010-01-19 15:46 -------- d-----w- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\RadioSure
2010-01-19 15:46 . 2010-01-19 15:46 -------- d-----w- c:\programmi\RadioSure
2010-01-17 09:08 . 2010-01-17 09:08 -------- d-----w- c:\programmi\Microsoft Security Essentials
2010-01-17 08:46 . 2010-01-17 08:46 -------- d-----w- C:\42b9b4cae99bf9510ee1ae
2010-01-15 19:22 . 2010-01-17 08:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-01-15 19:22 . 2010-01-15 19:22 -------- d-----w- c:\programmi\AVG
2010-01-15 16:36 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-15 15:51 . 2010-01-15 15:51 -------- d-----w- C:\0a13799fc49463eaf9fed0
2010-01-15 15:39 . 2010-01-15 15:39 -------- d-----w- C:\64a86bb6f395a9c16f27d165fd
2010-01-15 14:17 . 2010-01-15 14:17 -------- d-----w- C:\2da0d79d41e1d15f3caa716c5c34
2010-01-15 14:12 . 2010-01-15 14:12 -------- d-----w- C:\8467a3ee99fd30b4d58b5d99ff
2010-01-14 09:58 . 2010-01-14 09:59 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-11 19:29 . 2010-01-11 19:29 -------- d-----w- c:\programmi\TVLC
2010-01-10 17:54 . 2010-01-17 19:00 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Nero
2010-01-10 17:53 . 2010-01-10 17:53 -------- d-----w- c:\programmi\Nero
2010-01-10 17:53 . 2010-01-10 17:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2010-01-10 17:53 . 2010-01-10 17:54 -------- d-----w- c:\programmi\File comuni\Nero
2009-12-28 19:31 . 2009-12-28 19:31 686080 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2009-12-28 19:31 . 2009-12-28 19:31 568832 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\msvcp90.dll
2009-12-28 19:31 . 2009-12-28 19:31 655872 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\msvcr90.dll
2009-12-28 19:31 . 2009-12-28 19:31 583168 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2009-12-28 19:31 . 2009-12-28 19:31 224768 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\msvcm90.dll
2009-12-28 08:51 . 2009-06-28 13:48 8186 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\caiosempronio\extensions\exif_viewer@mozilla.doslash.org\content\check2.bat
2009-12-28 08:51 . 2009-06-28 13:48 16327 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\caiosempronio\extensions\exif_viewer@mozilla.doslash.org\content\check1.bat
2009-12-28 08:51 . 2009-06-28 11:59 16 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\caiosempronio\extensions\exif_viewer@mozilla.doslash.org\content\check.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 15:17 . 2009-09-14 14:11 1 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-23 14:26 . 2009-10-01 12:40 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-23 10:45 . 2008-04-18 19:21 -------- d-----w- c:\programmi\Google
2010-01-23 10:37 . 2009-10-01 08:31 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\SUPERAntiSpyware.com
2010-01-23 10:37 . 2009-10-01 08:31 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-01-23 10:24 . 2008-04-15 18:43 -------- d-----w- c:\programmi\Startup Inspector for Windows
2010-01-23 10:24 . 2008-04-15 18:53 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\wsInspector
2010-01-22 19:32 . 2009-04-28 13:00 -------- d-----w- c:\programmi\IZArc
2010-01-22 17:23 . 2009-06-01 18:31 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-21 07:55 . 2008-04-15 12:17 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\gtk-2.0
2010-01-20 16:53 . 2009-02-10 19:36 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-20 16:11 . 2009-04-05 16:48 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\dvdcss
2010-01-20 09:16 . 2008-05-21 08:07 57344 ----a-w- c:\windows\system32\SSLEmptyCache.exe
2010-01-18 19:05 . 2009-10-10 14:50 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\PrimoPDF
2010-01-18 16:12 . 2009-02-15 08:57 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Uniblue
2010-01-18 15:49 . 2009-10-01 12:40 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2010-01-18 15:48 . 2009-10-01 12:40 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-01-18 15:48 . 2009-10-01 12:40 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-01-18 15:48 . 2009-10-01 12:40 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-01-18 15:48 . 2009-10-01 12:40 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-01-18 15:48 . 2009-10-01 12:41 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-18 15:48 . 2009-10-01 12:41 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-17 13:50 . 2008-03-27 12:19 64584 ----a-w- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-15 14:08 . 2008-04-02 13:38 -------- d-----w- c:\programmi\Total Uninstall
2010-01-14 20:49 . 2008-03-30 14:32 -------- d-----w- c:\programmi\File comuni\ACD Systems
2010-01-14 20:48 . 2009-02-09 08:38 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\SumatraPDF
2010-01-14 20:42 . 2009-01-14 17:06 -------- d-----w- c:\programmi\Participatory Culture Foundation
2010-01-14 20:40 . 2008-09-29 12:29 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Inkscape
2010-01-14 20:14 . 2008-03-30 15:11 -------- d-----w- c:\programmi\ACD Systems
2010-01-14 10:12 . 2009-12-06 16:22 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 04:03 . 2009-04-30 20:02 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2009-04-30 20:02 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2009-04-30 20:02 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03 . 2009-04-30 20:02 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2008-03-27 11:39 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2008-03-27 11:38 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2008-03-27 11:38 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2008-03-27 11:38 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2008-03-27 11:38 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2008-03-27 11:38 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2008-03-27 11:38 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-07 15:07 . 2009-06-01 18:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-01 18:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 17:26 . 2008-04-19 12:30 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Azureus
2009-12-27 14:09 . 2004-09-03 10:37 84854 ----a-w- c:\windows\system32\perfc010.dat
2009-12-27 14:09 . 2004-09-03 10:37 490618 ----a-w- c:\windows\system32\perfh010.dat
2009-12-24 15:21 . 2009-02-02 17:51 249856 ------w- c:\windows\Setup1.exe
2009-12-24 15:21 . 2009-02-02 17:51 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-21 19:06 . 2004-09-03 10:36 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 16:18 . 2009-09-18 12:20 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Canon
2009-12-17 10:00 . 2009-11-08 14:35 -------- d-----w- c:\programmi\Any Video Converter
2009-12-17 10:00 . 2009-12-17 10:00 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\AnvSoft
2009-12-16 07:41 . 2009-12-02 14:38 -------- d-----w- c:\programmi\CDBurnerXP
2009-12-15 22:05 . 2009-12-15 22:05 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Canneverbe Limited
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-10 19:04 . 2009-09-14 14:00 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-12-06 16:20 . 2009-12-06 16:20 -------- d-----w- c:\programmi\Windows Defender
2009-12-04 09:26 . 2008-03-27 11:48 -------- d-----w- c:\programmi\Java
2009-12-04 09:11 . 2009-02-12 17:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-04 09:10 . 2009-11-04 14:49 152576 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-04 09:09 . 2009-12-04 09:09 79488 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-25 08:49 . 2009-11-25 08:49 -------- d-----w- c:\programmi\MSXML 4.0
2009-11-21 15:54 . 2004-09-03 10:36 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 20:42 . 2008-03-27 11:39 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-17 10:55 . 2009-10-01 12:41 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-12 16:57 . 2008-12-01 10:54 10686001 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Azureus\plugins\azump\mplayer.exe
2008-09-30 17:09 . 2008-09-30 17:09 217 ----a-w- c:\programmi\setup.ini
2005-10-29 16:19 . 2008-03-27 16:04 458752 ----a-w- c:\programmi\sgphoto.exe
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\programmi\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\programmi\instmsia.exe
2002-01-19 09:11 . 2002-01-19 09:11 44 ----a-w- c:\programmi\stdout.txt
2002-01-19 09:11 . 2002-01-19 09:11 0 ----a-w- c:\programmi\stderr.txt
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SSLEmptyCache"="c:\windows\system32\SSLEmptyCache.exe" [2010-01-20 57344]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-18 3168216]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"MSSE"="c:\programmi\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-23 08:40 133104 ----atw- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShotGenius]
2005-10-29 16:19 458752 ----a-w- c:\programmi\sgphoto.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-04 09:11 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Eldy Lombardia\\jre1.6.0\\launch4j-tmp\\eldyApplication.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\Eurekr.com\\YouTube Batch Downloader\\bin\\utdman.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\Azureus\\Azureus.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [01/10/2009 13.41.16 233136]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\programmi\vcd\VCdRom.sys [19/12/2001 11.45.00 8576]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [01/10/2009 13.41.21 88040]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [01/10/2009 13.40.34 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [01/10/2009 13.40.34 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [01/10/2009 13.40.32 115216]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/04/2008 21.35.42 716272]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usbxp.sys [22/10/2008 9.13.58 24832]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [01/10/2009 13.40.34 32680]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [11/12/2008 21.03.45 44000]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-23 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2008-11-20 16:02]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952799511-3203439391-2660778636-1006Core.job
- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-02-23 08:40]

2010-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952799511-3203439391-2660778636-1006UA.job
- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-02-23 08:40]

2010-01-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 16:36]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {2E4DAAF6-D936-41D8-99AC-9FB56AC0E75D} = 208.67.222.222,208.67.220.220
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} - hxxp://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} - hxxp://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} - hxxp://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - hxxp://supportsiss.lispa.it/components/pdlc.cab
FF - ProfilePath - c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\caiosempronio\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?hl=it&client=firefox-a&channel=s&rls=org.mozilla:it:official&hs=SYk&btnG=Cerca
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin9.dll
FF - plugin: c:\programmi\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKLM-Run-bit4id store register - c:\windows\system32\bit4cnsp.dll
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-ffdshow - c:\windows\system32\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 20:32
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00\00
[%\00«Ô’|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00+\03pè\13\00pè\13\00\18î"

.
Ora fine scansione: 2010-01-23 20:35:17
ComboFix-quarantined-files.txt 2010-01-23 19:35

Pre-Run: 108.836.511.744 byte disponibili
Post-Run: 108.801.736.704 byte disponibili

- - End Of File - - 32E5F13C2E245B22C5773CA1AE274FDC
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.50.20, on 23/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Microsoft Security Essentials\msseces.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\periferiche\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\periferiche\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSSE] "c:\Programmi\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\periferiche\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} (Posto di Lavoro del Cittadino - Attestazione) - http://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
O16 - DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} (Posto di Lavoro del Cittadino - Autenticazione utente) - http://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
O16 - DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} (Posto di Lavoro del Cittadino - Interprete dati) - http://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
O16 - DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} (Postazione di Lavoro del Cittadino 3.0) - http://supportsiss.lispa.it/components/pdlc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E4DAAF6-D936-41D8-99AC-9FB56AC0E75D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E4DAAF6-D936-41D8-99AC-9FB56AC0E75D}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 7540 bytes
r16
Inviato: Saturday, January 23, 2010 9:22:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Dovresti Disattivare Windows Defender.
Poi non vorrei che ci fosse incompatibilità con questo Software: TVLC
Ci sono rimasugli di Superantispyware.
Poi ci sono rimasugli di AVG:
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe\ Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
c:\windows\system32\drivers\avgntflt.sys

Folder::
c:\programmi\SUPERAntiSpyware
c:\documents and settings\All Users\Dati applicazioni\avg9
c:\programmi\AVG


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
panchoz
Inviato: Saturday, January 23, 2010 10:17:24 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 2,452
Poi non vorrei che ci fosse incompatibilità con questo Software: TVLC

Lo può benissimo eliminare, tanto non funziona...o quasi.
claudiomaria
Inviato: Sunday, January 24, 2010 10:30:42 AM

Rank: Member

Iscritto dal : 12/10/2009
Posts: 14
r16,
inserisco il log di combofix come da istruzioni. Ho eliminato TVLC come consigliato da panchoz (tanto non funzionava quasi nessun canale).
Ciao e grazie ancora.
Claudio

ComboFix 10-01-23.05 - claudio 24/01/2010 10.02.26.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1278.791 [GMT 1:00]
Eseguito da: c:\documents and settings\claudio\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\claudio\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

FILE ::
"c:\windows\system32\drivers\avgntflt.sys"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\avg9
c:\documents and settings\All Users\Dati applicazioni\avg9\Log\history.xml
c:\programmi\AVG
c:\programmi\SUPERAntiSpyware
c:\programmi\SUPERAntiSpyware\Language\ARABIC.LNG
c:\programmi\SUPERAntiSpyware\Language\BULGARIAN (BG).LNG
c:\windows\system32\drivers\avgntflt.sys

.
((((((((((((((((((((((((( Files Creati Da 2009-12-24 al 2010-01-24 )))))))))))))))))))))))))))))))))))
.

2010-01-23 20:13 . 2010-01-23 20:13 388096 ----a-r- c:\documents and settings\claudio\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-23 20:13 . 2010-01-23 20:13 -------- d-----w- c:\programmi\TrendMicro
2010-01-23 20:12 . 2010-01-23 20:12 503808 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2fd6b3d3-n\msvcp71.dll
2010-01-23 20:12 . 2010-01-23 20:12 499712 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2fd6b3d3-n\jmc.dll
2010-01-23 20:12 . 2010-01-23 20:12 348160 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2fd6b3d3-n\msvcr71.dll
2010-01-23 20:12 . 2010-01-23 20:12 -------- d-----w- c:\programmi\File comuni\Java
2010-01-23 20:12 . 2010-01-23 20:12 61440 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ae9de07-n\decora-sse.dll
2010-01-23 20:12 . 2010-01-23 20:12 12800 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ae9de07-n\decora-d3d.dll
2010-01-22 19:44 . 2010-01-22 19:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA Corporation
2010-01-22 19:43 . 2010-01-22 19:45 -------- d-----w- c:\programmi\NVIDIA Corporation
2010-01-22 19:42 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-22 19:42 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-22 17:20 . 2010-01-22 17:20 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-22 15:42 . 2010-01-22 15:42 -------- d-----w- C:\Media
2010-01-20 12:42 . 2010-01-20 12:42 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\LocalCopy\{3B28731F-53F5-F2EF-D2DA-CA1858030A37}-SASSEH.DLL
2010-01-20 12:25 . 2010-01-20 16:53 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\BitTorrent
2010-01-20 12:25 . 2010-01-20 12:25 -------- d-----w- c:\programmi\BitTorrent
2010-01-19 15:46 . 2010-01-19 15:46 -------- d-----w- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\RadioSure
2010-01-19 15:46 . 2010-01-19 15:46 -------- d-----w- c:\programmi\RadioSure
2010-01-17 09:08 . 2010-01-17 09:08 -------- d-----w- c:\programmi\Microsoft Security Essentials
2010-01-17 08:46 . 2010-01-17 08:46 -------- d-----w- C:\42b9b4cae99bf9510ee1ae
2010-01-15 15:51 . 2010-01-15 15:51 -------- d-----w- C:\0a13799fc49463eaf9fed0
2010-01-15 15:39 . 2010-01-15 15:39 -------- d-----w- C:\64a86bb6f395a9c16f27d165fd
2010-01-15 14:17 . 2010-01-15 14:17 -------- d-----w- C:\2da0d79d41e1d15f3caa716c5c34
2010-01-15 14:12 . 2010-01-15 14:12 -------- d-----w- C:\8467a3ee99fd30b4d58b5d99ff
2010-01-14 09:58 . 2010-01-14 09:59 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-10 17:54 . 2010-01-17 19:00 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Nero
2010-01-10 17:53 . 2010-01-10 17:53 -------- d-----w- c:\programmi\Nero
2010-01-10 17:53 . 2010-01-10 17:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2010-01-10 17:53 . 2010-01-10 17:54 -------- d-----w- c:\programmi\File comuni\Nero
2009-12-28 19:31 . 2009-12-28 19:31 686080 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2009-12-28 19:31 . 2009-12-28 19:31 568832 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\msvcp90.dll
2009-12-28 19:31 . 2009-12-28 19:31 655872 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\msvcr90.dll
2009-12-28 19:31 . 2009-12-28 19:31 583168 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2009-12-28 19:31 . 2009-12-28 19:31 224768 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\msvcm90.dll
2009-12-28 08:51 . 2009-06-28 13:48 8186 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\caiosempronio\extensions\exif_viewer@mozilla.doslash.org\content\check2.bat
2009-12-28 08:51 . 2009-06-28 13:48 16327 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\caiosempronio\extensions\exif_viewer@mozilla.doslash.org\content\check1.bat
2009-12-28 08:51 . 2009-06-28 11:59 16 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\caiosempronio\extensions\exif_viewer@mozilla.doslash.org\content\check.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 08:31 . 2009-09-14 14:11 1 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-24 08:22 . 2009-10-01 12:40 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-23 20:11 . 2009-02-12 17:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-23 10:45 . 2008-04-18 19:21 -------- d-----w- c:\programmi\Google
2010-01-23 10:37 . 2009-10-01 08:31 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\SUPERAntiSpyware.com
2010-01-23 10:24 . 2008-04-15 18:43 -------- d-----w- c:\programmi\Startup Inspector for Windows
2010-01-23 10:24 . 2008-04-15 18:53 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\wsInspector
2010-01-22 19:32 . 2009-04-28 13:00 -------- d-----w- c:\programmi\IZArc
2010-01-22 17:23 . 2009-06-01 18:31 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-21 07:55 . 2008-04-15 12:17 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\gtk-2.0
2010-01-20 16:53 . 2009-02-10 19:36 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-20 16:11 . 2009-04-05 16:48 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\dvdcss
2010-01-20 09:16 . 2008-05-21 08:07 57344 ----a-w- c:\windows\system32\SSLEmptyCache.exe
2010-01-18 19:05 . 2009-10-10 14:50 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\PrimoPDF
2010-01-18 16:12 . 2009-02-15 08:57 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Uniblue
2010-01-18 15:49 . 2009-10-01 12:40 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2010-01-18 15:48 . 2009-10-01 12:40 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-01-18 15:48 . 2009-10-01 12:40 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-01-18 15:48 . 2009-10-01 12:40 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-01-18 15:48 . 2009-10-01 12:40 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-01-18 15:48 . 2009-10-01 12:41 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-18 15:48 . 2009-10-01 12:41 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-17 13:50 . 2008-03-27 12:19 64584 ----a-w- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-15 14:08 . 2008-04-02 13:38 -------- d-----w- c:\programmi\Total Uninstall
2010-01-14 20:49 . 2008-03-30 14:32 -------- d-----w- c:\programmi\File comuni\ACD Systems
2010-01-14 20:48 . 2009-02-09 08:38 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\SumatraPDF
2010-01-14 20:42 . 2009-01-14 17:06 -------- d-----w- c:\programmi\Participatory Culture Foundation
2010-01-14 20:40 . 2008-09-29 12:29 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Inkscape
2010-01-14 20:14 . 2008-03-30 15:11 -------- d-----w- c:\programmi\ACD Systems
2010-01-14 10:12 . 2009-12-06 16:22 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 04:03 . 2009-04-30 20:02 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2009-04-30 20:02 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2009-04-30 20:02 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03 . 2009-04-30 20:02 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2008-03-27 11:39 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2008-03-27 11:38 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2008-03-27 11:38 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2008-03-27 11:38 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2008-03-27 11:38 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2008-03-27 11:38 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2008-03-27 11:38 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-07 15:07 . 2009-06-01 18:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-01 18:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 17:26 . 2008-04-19 12:30 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Azureus
2009-12-27 14:09 . 2004-09-03 10:37 84854 ----a-w- c:\windows\system32\perfc010.dat
2009-12-27 14:09 . 2004-09-03 10:37 490618 ----a-w- c:\windows\system32\perfh010.dat
2009-12-24 15:21 . 2009-02-02 17:51 249856 ------w- c:\windows\Setup1.exe
2009-12-24 15:21 . 2009-02-02 17:51 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-21 19:06 . 2004-09-03 10:36 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 16:18 . 2009-09-18 12:20 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Canon
2009-12-17 10:00 . 2009-11-08 14:35 -------- d-----w- c:\programmi\Any Video Converter
2009-12-17 10:00 . 2009-12-17 10:00 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\AnvSoft
2009-12-16 07:41 . 2009-12-02 14:38 -------- d-----w- c:\programmi\CDBurnerXP
2009-12-15 22:05 . 2009-12-15 22:05 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Canneverbe Limited
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-10 19:04 . 2009-09-14 14:00 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-12-06 16:20 . 2009-12-06 16:20 -------- d-----w- c:\programmi\Windows Defender
2009-12-04 09:26 . 2008-03-27 11:48 -------- d-----w- c:\programmi\Java
2009-12-04 09:10 . 2009-11-04 14:49 152576 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-04 09:09 . 2009-12-04 09:09 79488 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:54 . 2004-09-03 10:36 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 20:42 . 2008-03-27 11:39 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-17 10:55 . 2009-10-01 12:41 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-12 16:57 . 2008-12-01 10:54 10686001 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Azureus\plugins\azump\mplayer.exe
2008-09-30 17:09 . 2008-09-30 17:09 217 ----a-w- c:\programmi\setup.ini
2005-10-29 16:19 . 2008-03-27 16:04 458752 ----a-w- c:\programmi\sgphoto.exe
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\programmi\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\programmi\instmsia.exe
2002-01-19 09:11 . 2002-01-19 09:11 44 ----a-w- c:\programmi\stdout.txt
2002-01-19 09:11 . 2002-01-19 09:11 0 ----a-w- c:\programmi\stderr.txt
.

((((((((((((((((((((((((((((( SnapShot@2010-01-23_19.32.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-23 20:11 . 2010-01-23 20:11 153376 c:\windows\system32\javaws.exe
- 2009-12-04 09:11 . 2009-12-04 09:11 145184 c:\windows\system32\javaw.exe
+ 2010-01-23 20:11 . 2010-01-23 20:11 145184 c:\windows\system32\javaw.exe
+ 2010-01-23 20:11 . 2010-01-23 20:11 145184 c:\windows\system32\java.exe
- 2009-12-04 09:11 . 2009-12-04 09:11 145184 c:\windows\system32\java.exe
+ 2010-01-23 20:12 . 2010-01-23 20:12 178176 c:\windows\Installer\2a55ec.msi
+ 2010-01-23 20:11 . 2010-01-23 20:11 577536 c:\windows\Installer\2a55e6.msi
+ 2010-01-23 20:13 . 2010-01-23 20:13 1093632 c:\windows\Installer\2a55f0.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SSLEmptyCache"="c:\windows\system32\SSLEmptyCache.exe" [2010-01-20 57344]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-18 3168216]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"MSSE"="c:\programmi\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-23 08:40 133104 ----atw- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShotGenius]
2005-10-29 16:19 458752 ----a-w- c:\programmi\sgphoto.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Eldy Lombardia\\jre1.6.0\\launch4j-tmp\\eldyApplication.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\Eurekr.com\\YouTube Batch Downloader\\bin\\utdman.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\Azureus\\Azureus.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [01/10/2009 13.41.16 233136]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\programmi\vcd\VCdRom.sys [19/12/2001 11.45.00 8576]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [01/10/2009 13.41.21 88040]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [01/10/2009 13.40.34 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [01/10/2009 13.40.34 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [01/10/2009 13.40.32 115216]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/04/2008 21.35.42 716272]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usbxp.sys [22/10/2008 9.13.58 24832]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [01/10/2009 13.40.34 32680]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [11/12/2008 21.03.45 44000]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-24 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2008-11-20 16:02]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952799511-3203439391-2660778636-1006Core.job
- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-02-23 08:40]

2010-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952799511-3203439391-2660778636-1006UA.job
- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-02-23 08:40]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {2E4DAAF6-D936-41D8-99AC-9FB56AC0E75D} = 208.67.222.222,208.67.220.220
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} - hxxp://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} - hxxp://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} - hxxp://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - hxxp://supportsiss.lispa.it/components/pdlc.cab
FF - ProfilePath - c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\caiosempronio\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?hl=it&client=firefox-a&channel=s&rls=org.mozilla:it:official&hs=SYk&btnG=Cerca
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin9.dll
FF - plugin: c:\programmi\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\programmi\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 10:08
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00\00
[%\00«Ô’|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00+\03pè\13\00pè\13\00\18î"

.
Ora fine scansione: 2010-01-24 10:11:59
ComboFix-quarantined-files.txt 2010-01-24 09:11

Pre-Run: 108.638.801.920 byte disponibili
Post-Run: 108.593.041.408 byte disponibili

- - End Of File - - 870904E65C9E0A071B1B79AF39EB7F5F
claudiomaria
Inviato: Sunday, January 24, 2010 10:34:55 AM

Rank: Member

Iscritto dal : 12/10/2009
Posts: 14
dimenticavo, ho avuto qualche problemino con PC tools firewall che al momento ho disattivato perchè alla riaccensione dopo l'analisi di combofix al mio diniego alla richiesta di combofix di accesso al compiuter tramite internet mi ha bloccato tutto l'accesso con FF come da allegato:

PC Tools Firewall
Information

Your request to visit website www.google.it has been blocked. The website has been denied because the Firewall application rules are set to block this application: Cf5594�cfxxe.

If you would still like to visit this website please update your PC Tools Firewall Plus ‘application rules’:

* Click the ‘Applications’ button on the main screen.
* Find the application in the application list and allow it to connect to the Internet.
* For expert users, the application ‘Advanced Rules’ can allow you to further customize the rules to allow connection to this website.

panchoz
Inviato: Sunday, January 24, 2010 10:53:59 AM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 2,452
Purtroppo TVLC non funzia, sarebb stato troppo bello!


Shhh Non rimanere senza Firewall, chiudi il collegamento per il tempo che non sei coperto. Ovviamente dovrai collegarti solo per le operazioni strettamente necessarie


Se ti da ancora problemi perndi in considerazione di cambiare ilFW
http://software.aiutamici.com/software?ID=80361


Ma, aspetta R16.
claudiomaria
Inviato: Sunday, January 24, 2010 3:18:35 PM

Rank: Member

Iscritto dal : 12/10/2009
Posts: 14
panchoz,
in attesa di verificare operato di PC tools firewall che ho fermato sto utilizzando il residente di windows (meglio che niente).
ciao e grazie
r16
Inviato: Sunday, January 24, 2010 3:27:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Traduzione di quello che ti dice PC Tools Firewall :
PC Tools Firewall
Informazioni

La tua richiesta di visitare il sito www.google.it è stato bloccato. Il sito web è stato negato perché le regole di applicazione firewall sono impostate per bloccare questa applicazione: Cf5594cfxxe.

Se desideri ancora a visitare questo sito si prega di aggiornare le norme sulla domanda di PC Tools Firewall Plus ':

* Fare clic sul pulsante 'Applicazioni' nella schermata principale.
* Trova la domanda nell'elenco delle applicazioni e di consentire la connessione a Internet.
* Per gli utenti esperti, la domanda di 'Advanced Rules' può permettere di personalizzare ulteriormente le norme per consentire la connessione a questo sito.

Non devi fare altro, che acconsentire al Firewall, di entrare in Google. (sblocca attraverso il Firewall questa applicazione: Cf5594cfxxe.)

Riavvia il pc.

Io volevo sapere se hai ancora problemi.

claudiomaria
Inviato: Sunday, January 24, 2010 7:55:33 PM

Rank: Member

Iscritto dal : 12/10/2009
Posts: 14
r16,
al momento sembra essere tutto a posto speriamo in bene.
Per quanto riguarda PC tools alla riaccensione dopo un periodo di sospensione ha richiesto in automatioco l'attivazione che ho effettuato senza modificare niente e tutto è ritornato a funzionare....una cosa assai strana!!! staremo a vedere.
Grazie per l'ottima assistenza.
ciao.
r16
Inviato: Sunday, January 24, 2010 9:18:20 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per eliminare i vari Tooll scaricati:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Posta un log di HJT.
claudiomaria
Inviato: Monday, January 25, 2010 1:41:37 PM

Rank: Member

Iscritto dal : 12/10/2009
Posts: 14
ECCOLO
OTC.exe si è disattivato da solo, immagino sia corretto.
Il PC è più veloce solo FF ha tempi non proprio da record come pubblicizzato (v. 3.6).
comunque bene così rispetto a prima, grazie.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13.38.39, on 25/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\SSLEmptyCache.exe
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Microsoft Security Essentials\msseces.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\periferiche\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\periferiche\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSSE] "c:\Programmi\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\periferiche\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} (Posto di Lavoro del Cittadino - Attestazione) - http://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
O16 - DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} (Posto di Lavoro del Cittadino - Autenticazione utente) - http://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
O16 - DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} (Posto di Lavoro del Cittadino - Interprete dati) - http://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
O16 - DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} (Postazione di Lavoro del Cittadino 3.0) - http://supportsiss.lispa.it/components/pdlc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E4DAAF6-D936-41D8-99AC-9FB56AC0E75D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E4DAAF6-D936-41D8-99AC-9FB56AC0E75D}: NameServer = 208.67.222.222,208.67.220.220
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 7512 bytes
r16
Inviato: Monday, January 25, 2010 2:55:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Il log è a posto.
Se riscontrerai problemi, torna qui.
Ciao!
claudiomaria
Inviato: Monday, January 25, 2010 4:49:13 PM

Rank: Member

Iscritto dal : 12/10/2009
Posts: 14
Grazie per avermi dedicato così tanto tempo.
Ciao !!!!!
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.