Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Controllo dei log Opzioni
mywis
Inviato: Thursday, April 08, 2010 12:02:50 AM
Rank: Member

Iscritto dal : 7/16/2008
Posts: 11
Salve, complimenti per il sito sempre ben gestito.
Visto che siete molto bravi e affidabili volevo sapere se inserisco i log delle varie scansioni, voi potreste controllare se nel pc è più o meno tutto a posto!?

Per controllare se è tutto ok, va bene se faccio le seguenti scansioni e poi vi metto i relativi log!?
-scansione antivirus AVG
-scansione con Spyware terminator/Malwarebytes' Anti-Malware/Ad-aware
-log con Hijack This

Mi consigliate altri programmi tipo Combo?Virit?Altri antivirus gratuiti? Oppure bastano quelli sopra che ho nel pc? Datemi pure dei consigli, grazie.

Sponsor
Inviato: Thursday, April 08, 2010 12:02:50 AM

 
cbbusto
Inviato: Thursday, April 08, 2010 11:55:39 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Per un controllo posta il log di HJT e quello di Malwarebytes, gli altri non servono, devi dire se riscontri problemi
altrimenti il controllo non serve.
mywis
Inviato: Friday, April 09, 2010 4:23:21 PM
Rank: Member

Iscritto dal : 7/16/2008
Posts: 11
Ciao, premetto che non ho particolari problemi nel mio pc, ma volevo solo eseguire un controllo generale; allora ecco i log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org


Versione database: 3930

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

08/04/2010 12.34.12
Malwarebytes mbam-log-2010-04-08 (12-34-12).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 277583
Tempo trascorso: 1 ore, 9 minuti, 9 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 2

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\Program Files\FotoTaxi3\SHLWAPI.DLL (Malware.Packer.Gen) -> No action taken.
C:\Program Files\FotoTaxi3\MSVCP60.dll (Malware.Packer.Gen) -> No action taken.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.12.32, on 09/04/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Conexant\Adsl\DslStat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\StiD1690.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Waiting1690] C:\Windows\stid1690.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S9CBC.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://193.205.23.35/vblu/NWWClientFull.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldit-it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252064537596
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252064599757
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldit-it.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - Unknown owner - C:\VEXPLITE\viritsvc.exe (file missing)

--
End of file - 14840 bytes



Potreste dirmi se riscontrate qualche problema?
Volevo aggiungere che ho fatto una scansione con Spybot e mi ha trovato due file (DriveCleaner2006 e Live-Player) che non è riuscito a cancellare ed una con Spyware Terminator che mi ha segnalato un elemento chiamato Appl/PsExec.e Lo devo cancellare? Gli altri due sono "dannosi"??


Vi rangrazio, saluti.
paolopa
Inviato: Friday, April 09, 2010 5:14:01 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e
chiudi TUTTI i programmi aperti,(Firewall compreso) e


Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix)
tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse)
e attendere pazientemente la fine delle operazioni.

Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
mywis
Inviato: Friday, April 09, 2010 8:40:16 PM
Rank: Member

Iscritto dal : 7/16/2008
Posts: 11
Non mi riesce a disabilitare AVG 9 .. come si fa? Ho disattivato l'opzione Resident Shield ma Combo mi dice che rileva l'antivirus e l'antispyware di AVG sempre attivi..come faccio?
paolopa
Inviato: Friday, April 09, 2010 9:01:28 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
questo è per l 8,ma credo che possa andare bene anche per il nove.
mywis
Inviato: Saturday, April 10, 2010 11:39:35 AM
Rank: Member

Iscritto dal : 7/16/2008
Posts: 11
Allora, AVG non riuscendo a disattivarlo temporaneamente lo disistallato e ora lo rimetterò. Credo di aver eseguito tutto correttamente. Ecco il log fatto da Combo:



ComboFix 10-04-08.06 - User 10/04/2010 11.11.03.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.2047.1084 [GMT 2:00]
Eseguito da: c:\users\User\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-4268696459-680817326-2495270428-500
c:\program files\Common Files\Uninstall
c:\windows\system32\drivers\snetcfg.exe
c:\windows\system32\ndisapi.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NDISRD


((((((((((((((((((((((((( Files Creati Da 2010-03-10 al 2010-04-10 )))))))))))))))))))))))))))))))))))
.

2010-04-10 09:17 . 2010-04-10 09:20 -------- d-----w- c:\users\User\AppData\Local\temp
2010-04-10 09:17 . 2010-04-10 09:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-10 09:17 . 2010-04-10 09:17 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-04-07 22:59 . 2010-04-07 22:59 -------- d-----w- C:\$AVG
2010-04-07 22:58 . 2010-04-10 08:55 -------- d-----w- c:\programdata\avg9
2010-04-07 22:17 . 2010-04-07 22:17 -------- d-----w- c:\users\User\AppData\Roaming\Creative
2010-03-27 16:53 . 2010-03-27 16:53 -------- d-----w- C:\ACCA
2010-03-18 15:47 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 08:46 . 2008-04-17 17:32 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2010-04-10 08:45 . 2008-06-20 12:42 -------- d-----w- c:\users\User\AppData\Roaming\skypePM
2010-04-09 18:20 . 2008-04-17 18:46 -------- d-----w- c:\programdata\Spyware Terminator
2010-04-09 18:20 . 2008-04-17 18:46 -------- d-----w- c:\users\User\AppData\Roaming\Spyware Terminator
2010-04-09 13:42 . 2008-04-17 18:46 -------- d-----w- c:\program files\Spyware Terminator
2010-04-09 12:07 . 2008-04-17 18:46 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-04-09 10:20 . 2010-04-09 10:20 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-04-09 10:20 . 2010-04-09 10:20 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-08 21:36 . 2008-07-15 21:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-08 13:11 . 2008-07-15 21:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-08 13:09 . 2007-09-13 05:25 682184 ----a-w- c:\windows\system32\perfh010.dat
2010-04-08 13:09 . 2007-09-13 05:25 114622 ----a-w- c:\windows\system32\perfc010.dat
2010-04-08 10:45 . 2008-04-19 12:16 -------- d-----w- c:\program files\FotoTaxi3
2010-04-08 09:02 . 2009-09-10 13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-08 09:00 . 2010-04-08 09:00 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-07 22:58 . 2008-07-24 22:31 -------- d-----w- c:\program files\AVG
2010-04-07 22:54 . 2007-09-12 20:30 -------- d-----w- c:\programdata\Symantec
2010-04-07 22:54 . 2007-09-12 20:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-07 22:54 . 2008-05-05 16:18 -------- d-----w- c:\program files\Creative
2010-04-07 22:51 . 2007-09-12 20:30 -------- d-----w- c:\program files\Symantec
2010-04-07 22:18 . 2008-05-05 16:20 -------- d-----w- c:\programdata\Creative
2010-04-07 11:30 . 2007-09-12 20:19 -------- d-----w- c:\programdata\Roxio
2010-04-02 13:45 . 2007-09-12 20:23 -------- d-----w- c:\program files\Java
2010-03-29 22:46 . 2009-09-10 13:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-09-10 13:20 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 16:53 . 2007-09-12 20:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 10:28 . 2010-03-05 16:51 -------- d-----w- c:\programdata\River Past G5
2010-03-11 18:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 07:58 . 2008-04-17 15:23 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 02:28 . 2009-03-08 14:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 16:51 . 2010-03-05 16:51 -------- d-----w- c:\users\User\AppData\Roaming\River Past G5
2010-02-25 09:45 . 2008-04-17 07:16 168952 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-02 17:34 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 07:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 07:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 07:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 07:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:54 . 2010-03-11 07:52 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:51 . 2010-03-11 07:52 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:30 . 2010-03-11 07:52 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-30 10:59 . 2010-01-30 10:59 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb6E7D.tmp.exe
2010-01-25 12:58 . 2010-02-24 09:46 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58 . 2010-02-24 09:46 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58 . 2010-02-24 09:46 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58 . 2010-02-24 09:46 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56 . 2010-02-24 09:46 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36 . 2010-02-24 09:46 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36 . 2010-02-24 09:46 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36 . 2010-02-24 09:46 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-24 09:46 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-23 08:05 . 2010-02-24 09:47 2048 ----a-w- c:\windows\system32\tzres.dll
2007-09-13 05:40 . 2007-09-13 05:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-17 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-10 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-09 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-09 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-09 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DSLSTATEXE"="c:\program files\Conexant\Adsl\dslstat.exe" [2006-12-18 376832]
"DSLAGENTEXE"="c:\program files\Conexant\Adsl\dslagent.exe" [2006-12-18 90112]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-09 2176512]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Waiting1690"="c:\windows\stid1690.exe" [2007-06-05 60416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-10 122368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R2 viritsvclite;Virit eXplorer Lite;c:\vexplite\viritsvc.exe [x]
R3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\Drivers\cam1690.sys [2007-09-20 177664]
R3 DCamUSBNW802;NoteCam Pro USB PC Camera;c:\windows\system32\DRIVERS\pcam.sys [2003-08-07 161468]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-04-09 142592]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]

.
Contenuto della cartella 'Scheduled Tasks'

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:20]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:20]

2010-03-31 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-12 14:55]

2010-04-09 c:\windows\Tasks\User_Feed_Synchronization-{88FBAF56-92D0-453F-9C0D-3C28950A72CF}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.corriere.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} - hxxp://193.205.23.35/vblu/NWWClientFull.cab
.
.
------- Associazioni dei file -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 11:20
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(2904)
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-10 11:27:51 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-10 09:27

Pre-Run: 289.888.288.768 byte disponibili
Post-Run: 295.850.979.328 byte disponibili

- - End Of File - - 515E591DD657AAF27611EB55437E6DDC







Notate qualcosa di anomalo?
paolopa
Inviato: Saturday, April 10, 2010 11:54:30 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
si,combofix ti ha eliminato un po di infezioni.posteresti un log aggiornato di hijack?spero bene che tu abbia reinstallato l antivirus prima di connetterti.
r16
Inviato: Saturday, April 10, 2010 2:34:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
C'è qualcosina da togliere.
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

Folder::
c:\programdata\Symantec
c:\program files\Common Files\Symantec Shared
c:\program files\Symantec

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"=-

Driver::
viritsvclite

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
mywis
Inviato: Monday, April 12, 2010 3:32:55 PM
Rank: Member

Iscritto dal : 7/16/2008
Posts: 11
Ciao, allora ho fatto come mi avete detto: ora posterò i log fatti con Combo (sono 2) uno dopo aver sostituito il file che mi avete detto di creare e due, la successiva scansione fatta sempre con Combo. Posto poi quello successivo fatto con HijackThis; ditemi se va tutto ok.

ComboFix 10-04-08.06 - User 12/04/2010 13.59.09.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.2047.1174 [GMT 2:00]
Eseguito da: c:\users\User\Desktop\ComboFix.exe
Opzioni usate :: c:\users\User\Desktop\CFScript.txt
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertUi.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcGlobal.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcmhSvar.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcProd.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\10\01\AlertEng.loc
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\fallback.dat
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\lun.ico
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhDSA.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhSched.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhUpgr.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\pifCrawl.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep06.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep07.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollMgr.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\readme.txt
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\SymHTML.dll
c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.grd
c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.sig
c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.spm
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.grd
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.sig
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm
c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.grd
c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.sig
c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.spm
c:\program files\Symantec
c:\program files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\program files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\AUPDATERES.DLL
c:\program files\Symantec\LiveUpdate\Leggimi.txt
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LUALLRES.DLL
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LUCheck.exe
c:\program files\Symantec\LiveUpdate\LuComServer_3_2.EXE
c:\program files\Symantec\LiveUpdate\LuConfig.EXE
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUInit.exe
c:\program files\Symantec\LiveUpdate\LUInit.ini
c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL
c:\program files\Symantec\LiveUpdate\LuInsRes.dll
c:\program files\Symantec\LiveUpdate\LuPreCon.DLL
c:\program files\Symantec\LiveUpdate\LuResult.txt
c:\program files\Symantec\LiveUpdate\LUSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUUPDATE.EXE
c:\program files\Symantec\LiveUpdate\MFC71.DLL
c:\program files\Symantec\LiveUpdate\MSVCP71.DLL
c:\program files\Symantec\LiveUpdate\MSVCR71.DLL
c:\program files\Symantec\LiveUpdate\NetDetectController_3_2.DLL
c:\program files\Symantec\LiveUpdate\NotifyHA.exe
c:\program files\Symantec\LiveUpdate\ProductRegCom_3_2.DLL
c:\program files\Symantec\LiveUpdate\ResLuComServer_3_2.DLL
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1RES.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP2.CPL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\SETUPRES.DLL
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.log
c:\program files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll
c:\program files\Symantec\LiveUpdate\UNRAR.DLL
c:\programdata\Symantec
c:\programdata\Symantec\Definitions\SymcData\nco1.0defs\latest-hub-webauth.sql\LHW.sql.bin
c:\programdata\Symantec\DSA\V_G\DSASL.xml
c:\programdata\Symantec\LiveUpdate\1.Configuration.Log.LiveUpdate
c:\programdata\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate
c:\programdata\Symantec\LiveUpdate\1.Settings.LiveUpdate
c:\programdata\Symantec\LiveUpdate\10.Settings.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2.Settings.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-03-30_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-03-31_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-04-01_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-04-02_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-04-03_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-04-04_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-04-05_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-04-06_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-04-07_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-04-08_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-04-09_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-04-10_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-04-11_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\2010-04-12_Log.ALUSchedulerSvc.LiveUpdate
c:\programdata\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate
c:\programdata\Symantec\LiveUpdate\3.Settings.LiveUpdate
c:\programdata\Symantec\LiveUpdate\4.Settings.LiveUpdate
c:\programdata\Symantec\LiveUpdate\5.Settings.LiveUpdate
c:\programdata\Symantec\LiveUpdate\6.Settings.LiveUpdate
c:\programdata\Symantec\LiveUpdate\7.Settings.LiveUpdate
c:\programdata\Symantec\LiveUpdate\8.Settings.LiveUpdate
c:\programdata\Symantec\LiveUpdate\9.Settings.LiveUpdate
c:\programdata\Symantec\LiveUpdate\Configuration.Log.LiveUpdate
c:\programdata\Symantec\LiveUpdate\Downloads\1217886103jtun_coh32.rar.full.zip
c:\programdata\Symantec\LiveUpdate\Downloads\1217886497jtun_cohdata.rar.full.zip
c:\programdata\Symantec\LiveUpdate\Downloads\1222722077jtun_the_syknapps_engine.zip.full.zip
c:\programdata\Symantec\LiveUpdate\Downloads\1222765840jtun_nav_emea.x00.full.zip
c:\programdata\Symantec\LiveUpdate\Downloads\1222765948jtun_nis_emea.x00.full.zip
c:\programdata\Symantec\LiveUpdate\Downloads\1224780537jtun_systemrestore_emea.x00.full.zip
c:\programdata\Symantec\LiveUpdate\Downloads\1244078727jtun_the_scd.zip.full.zip
c:\programdata\Symantec\LiveUpdate\Downloads\1256931859jtun_the_scd.zip.full.zip
c:\programdata\Symantec\LiveUpdate\Downloads\1257380895jtun_the_scd.zip.full.zip
c:\programdata\Symantec\LiveUpdate\Downloads\1257995028jtun_the_scd.zip.full.zip
c:\programdata\Symantec\LiveUpdate\Downloads\antivirus_1.2.00_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\appcore_1.1.1_english_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\automatic$20liveupdate_3.2.0.41_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20nav2007_microdefsb.curdefs_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20nav2007_microdefsb.mar_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20nav2007_microdefsb.old_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\ccpd$5fretail$5flicensing$5ftechnology_6.0_english_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\coh$20data$20update_6.1.0_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\coh$20update_6.0.0_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\coh$20update_6.1.0_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\decomposer_1.0.0_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\firewall_2.2.0_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\firewall_2.3.0_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\firewall_2.3.1_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\firewall_2.3.2_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\ids$20$2d$20consumer_7.2.0_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\ids$20defs$202007.2$20microdefs25_microdefsb.apr_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\ids$20defs$202007.2$20microdefs25_microdefsb.curdefs_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\ids$20defs$202007.2$20microdefs25_microdefsb.jun_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\ids$20defs$202007.2$20microdefs25_microdefsb.may_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\ids$20defs$202007.2$20microdefs25_microdefsb.old_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\liveupdate$20notice_1.4.5.83_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\liveupdate$20notice_1.4.5.91_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\minitri.flg
c:\programdata\Symantec\LiveUpdate\Downloads\navnt$202007$20resource_14.2.0.29_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\navnt$202007$20resource_14.5.0_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\norton$20internet$20security$20other_2.0_english_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\norton$20internet$20security$20resource_10.2.0_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\norton$20internet$20security$20resource_10.5.0_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\norton$20internet$20security_10.2.0_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\nortonprotectioncenter_2007.2.00_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\nortonprotectioncenter_2007.4.00_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\opc70x$5fcore_7.5_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\spbbc_3.2.0.21_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\srtsp$20consumer_10.1.4_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\submission$20engine$20data_1.0_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\symantec$20known$20application$20system_1.0.0_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\symantec$20known$20application$20system_1.5.0_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\symantec$20security$20content$20a_microdefsb.curdefs_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\symantec$20trusted$20application$20list_2.0_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\symantec$20trusted$20application$20list_2.1_italian_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\symevent$20installer$20$2d$20consumer_12.3_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\symevent$20installer$20$2d$20consumer_12.5_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\symnet$20consumer_7.2.0_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\web$20authentication$20data_microdefsb.curdefs_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\web$20authentication$20data_microdefsb.mar_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\web$20authentication$20data_microdefsb.old_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\web$20protection$20data_1.0_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Downloads\web$20protection$20data_2006.1.0.60_symalllanguages_livetri.zip
c:\programdata\Symantec\LiveUpdate\Log.LiveUpdate
c:\programdata\Symantec\LiveUpdate\LUInstall.LiveUpdate
c:\programdata\Symantec\LiveUpdate\Product.Inventory.LastGood.LiveUpdate
c:\programdata\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\programdata\Symantec\LiveUpdate\Settings.LiveUpdate
c:\programdata\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PEPCollectors\HBPep2_{BC8D3EAF-F864-4D4B-AB4D-B3D0C32E2840}.dat
c:\programdata\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PEPCollectors\HBPep2_{BC8D3EAF-F864-4D4B-AB4D-B3D0C32E2840}.tmp
c:\programdata\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PEPCollectors\Pep2_{BC8D3EAF-F864-4D4B-AB4D-B3D0C32E2840}.dat
c:\programdata\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PEPCollectors\System_.dat
c:\programdata\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PEPCollectors\System_.tmp
c:\programdata\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\PollManager_Current.dat
c:\programdata\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\PollManager_Job.dat
c:\programdata\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\SVAR\SVAR_{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}.dat
c:\programdata\Symantec\wcid0.log

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_viritsvclite
-------\Service_LiveUpdate Notice Service
-------\Service_Utilità di pianificazione di LiveUpdate automatico


((((((((((((((((((((((((( Files Creati Da 2010-03-12 al 2010-04-12 )))))))))))))))))))))))))))))))))))
.

2010-04-12 12:05 . 2010-04-12 12:08 -------- d-----w- c:\users\User\AppData\Local\temp
2010-04-12 12:05 . 2010-04-12 12:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-12 12:05 . 2010-04-12 12:05 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-04-12 12:05 . 2010-04-12 12:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-12 08:05 . 2009-08-24 12:47 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-04-10 09:08 . 2009-06-15 15:28 272384 ----a-w- c:\windows\system32\schannel.dll
2010-04-10 09:08 . 2009-06-15 15:23 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-04-07 22:59 . 2010-04-07 22:59 -------- d-----w- C:\$AVG
2010-04-07 22:58 . 2010-04-12 11:41 -------- d-----w- c:\programdata\avg9
2010-04-07 22:17 . 2010-04-07 22:17 -------- d-----w- c:\users\User\AppData\Roaming\Creative
2010-03-27 16:53 . 2010-03-27 16:53 -------- d-----w- C:\ACCA
2010-03-18 15:47 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 11:41 . 2010-04-07 22:58 -------- d-----w- c:\programdata\avg9
2010-04-12 08:40 . 2008-04-17 18:46 -------- d-----w- c:\users\User\AppData\Roaming\Spyware Terminator
2010-04-12 08:39 . 2008-04-17 17:32 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2010-04-12 08:29 . 2008-06-20 12:42 -------- d-----w- c:\users\User\AppData\Roaming\skypePM
2010-04-12 08:29 . 2008-04-17 18:46 -------- d-----w- c:\programdata\Spyware Terminator
2010-04-10 09:59 . 2010-04-10 09:59 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-10 09:59 . 2010-04-10 09:59 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-04-10 09:59 . 2010-04-10 09:59 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-04-10 09:59 . 2010-04-10 09:59 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-04-10 09:59 . 2010-04-10 09:59 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-04-10 09:59 . 2010-04-10 09:59 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
2010-04-10 09:59 . 2010-04-10 09:59 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
2010-04-10 09:59 . 2010-04-10 09:59 4250976 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-04-10 09:59 . 2010-04-10 09:59 341272 ----a-w- c:\programdata\avg9\update\backup\avgxch32.dll
2010-04-10 09:59 . 2010-04-10 09:59 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
2010-04-10 09:58 . 2010-04-10 09:58 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
2010-04-10 09:58 . 2010-04-10 09:58 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2010-04-10 09:58 . 2010-04-10 09:58 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-04-10 09:57 . 2010-04-10 09:57 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-04-10 09:57 . 2010-04-10 09:57 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-10 09:38 . 2007-09-13 05:25 682184 ----a-w- c:\windows\system32\perfh010.dat
2010-04-10 09:38 . 2007-09-13 05:25 114622 ----a-w- c:\windows\system32\perfc010.dat
2010-04-09 13:42 . 2008-04-17 18:46 -------- d-----w- c:\program files\Spyware Terminator
2010-04-09 12:07 . 2008-04-17 18:46 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-04-08 21:36 . 2008-07-15 21:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-08 13:11 . 2008-07-15 21:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-08 10:45 . 2008-04-19 12:16 -------- d-----w- c:\program files\FotoTaxi3
2010-04-08 09:02 . 2009-09-10 13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-08 09:00 . 2010-04-08 09:00 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-07 22:58 . 2008-07-24 22:31 -------- d-----w- c:\program files\AVG
2010-04-07 22:54 . 2008-05-05 16:18 -------- d-----w- c:\program files\Creative
2010-04-07 22:18 . 2008-05-05 16:20 -------- d-----w- c:\programdata\Creative
2010-04-07 22:17 . 2010-04-07 22:17 -------- d-----w- c:\users\User\AppData\Roaming\Creative
2010-04-07 11:30 . 2007-09-12 20:19 -------- d-----w- c:\programdata\Roxio
2010-04-02 13:45 . 2007-09-12 20:23 -------- d-----w- c:\program files\Java
2010-03-29 22:46 . 2009-09-10 13:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-09-10 13:20 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 16:53 . 2007-09-12 20:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 10:28 . 2010-03-05 16:51 -------- d-----w- c:\programdata\River Past G5
2010-03-11 18:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 07:58 . 2008-04-17 15:23 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 02:28 . 2009-03-08 14:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 16:51 . 2010-03-05 16:51 -------- d-----w- c:\users\User\AppData\Roaming\River Past G5
2010-02-25 09:45 . 2008-04-17 07:16 168952 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-02 17:34 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 07:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 07:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 07:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 07:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:54 . 2010-03-11 07:52 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:51 . 2010-03-11 07:52 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:30 . 2010-03-11 07:52 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:49 . 2010-03-18 15:47 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-30 10:59 . 2010-01-30 10:59 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb6E7D.tmp.exe
2010-01-25 12:58 . 2010-02-24 09:46 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58 . 2010-02-24 09:46 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58 . 2010-02-24 09:46 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58 . 2010-02-24 09:46 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56 . 2010-02-24 09:46 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36 . 2010-02-24 09:46 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36 . 2010-02-24 09:46 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36 . 2010-02-24 09:46 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-24 09:46 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-23 08:05 . 2010-02-24 09:47 2048 ----a-w- c:\windows\system32\tzres.dll
2007-09-13 05:40 . 2007-09-13 05:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-17 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-10 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-09 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-09 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-09 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DSLSTATEXE"="c:\program files\Conexant\Adsl\dslstat.exe" [2006-12-18 376832]
"DSLAGENTEXE"="c:\program files\Conexant\Adsl\dslagent.exe" [2006-12-18 90112]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-09 2176512]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Waiting1690"="c:\windows\stid1690.exe" [2007-06-05 60416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-10 122368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\Drivers\cam1690.sys [2007-09-20 177664]
R3 DCamUSBNW802;NoteCam Pro USB PC Camera;c:\windows\system32\DRIVERS\pcam.sys [2003-08-07 161468]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-04-09 142592]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]

.
Contenuto della cartella 'Scheduled Tasks'

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:20]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:20]

2010-03-31 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-12 14:55]

2010-04-11 c:\windows\Tasks\User_Feed_Synchronization-{88FBAF56-92D0-453F-9C0D-3C28950A72CF}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.corriere.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} - hxxp://193.205.23.35/vblu/NWWClientFull.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 14:08
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3752)
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-12 14:16:03 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-12 12:16
ComboFix2.txt 2010-04-10 09:27

Pre-Run: 293.998.862.336 byte disponibili
Post-Run: 293.544.452.096 byte disponibili

- - End Of File - - A933D99E7AF4227CE9B8E1F0FC791DE9



ComboFix 10-04-08.06 - User 12/04/2010 14.24.34.4.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.2047.1258 [GMT 2:00]
Eseguito da: c:\users\User\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2010-03-12 al 2010-04-12 )))))))))))))))))))))))))))))))))))
.

2010-04-12 12:29 . 2010-04-12 12:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-12 12:29 . 2010-04-12 12:29 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-04-12 12:29 . 2010-04-12 12:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-12 12:16 . 2010-04-12 12:29 -------- d-----w- c:\users\User\AppData\Local\temp
2010-04-12 08:05 . 2009-08-24 12:47 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-04-10 09:59 . 2010-04-10 09:59 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-10 09:59 . 2010-04-10 09:59 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-04-10 09:59 . 2010-04-10 09:59 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-04-10 09:59 . 2010-04-10 09:59 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-04-10 09:59 . 2010-04-10 09:59 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-04-10 09:59 . 2010-04-10 09:59 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
2010-04-10 09:59 . 2010-04-10 09:59 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
2010-04-10 09:59 . 2010-04-10 09:59 4250976 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-04-10 09:59 . 2010-04-10 09:59 341272 ----a-w- c:\programdata\avg9\update\backup\avgxch32.dll
2010-04-10 09:59 . 2010-04-10 09:59 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
2010-04-10 09:58 . 2010-04-10 09:58 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
2010-04-10 09:58 . 2010-04-10 09:58 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2010-04-10 09:58 . 2010-04-10 09:58 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-04-10 09:57 . 2010-04-10 09:57 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-04-10 09:57 . 2010-04-10 09:57 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-10 09:08 . 2009-06-15 15:28 272384 ----a-w- c:\windows\system32\schannel.dll
2010-04-10 09:08 . 2009-06-15 15:23 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-04-08 09:00 . 2010-04-08 09:00 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-07 22:59 . 2010-04-07 22:59 -------- d-----w- C:\$AVG
2010-04-07 22:58 . 2010-04-12 11:41 -------- d-----w- c:\programdata\avg9
2010-04-07 22:17 . 2010-04-07 22:17 -------- d-----w- c:\users\User\AppData\Roaming\Creative
2010-03-27 16:53 . 2010-03-27 16:53 -------- d-----w- C:\ACCA
2010-03-18 15:47 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 08:40 . 2008-04-17 18:46 -------- d-----w- c:\users\User\AppData\Roaming\Spyware Terminator
2010-04-12 08:39 . 2008-04-17 17:32 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2010-04-12 08:29 . 2008-06-20 12:42 -------- d-----w- c:\users\User\AppData\Roaming\skypePM
2010-04-12 08:29 . 2008-04-17 18:46 -------- d-----w- c:\programdata\Spyware Terminator
2010-04-10 09:38 . 2007-09-13 05:25 682184 ----a-w- c:\windows\system32\perfh010.dat
2010-04-10 09:38 . 2007-09-13 05:25 114622 ----a-w- c:\windows\system32\perfc010.dat
2010-04-09 13:42 . 2008-04-17 18:46 -------- d-----w- c:\program files\Spyware Terminator
2010-04-09 12:07 . 2008-04-17 18:46 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-04-08 21:36 . 2008-07-15 21:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-08 13:11 . 2008-07-15 21:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-08 10:45 . 2008-04-19 12:16 -------- d-----w- c:\program files\FotoTaxi3
2010-04-08 09:02 . 2009-09-10 13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 22:58 . 2008-07-24 22:31 -------- d-----w- c:\program files\AVG
2010-04-07 22:54 . 2008-05-05 16:18 -------- d-----w- c:\program files\Creative
2010-04-07 22:18 . 2008-05-05 16:20 -------- d-----w- c:\programdata\Creative
2010-04-07 11:30 . 2007-09-12 20:19 -------- d-----w- c:\programdata\Roxio
2010-04-02 13:45 . 2007-09-12 20:23 -------- d-----w- c:\program files\Java
2010-03-29 22:46 . 2009-09-10 13:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-09-10 13:20 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 16:53 . 2007-09-12 20:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 10:28 . 2010-03-05 16:51 -------- d-----w- c:\programdata\River Past G5
2010-03-11 18:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 07:58 . 2008-04-17 15:23 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 02:28 . 2009-03-08 14:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 16:51 . 2010-03-05 16:51 -------- d-----w- c:\users\User\AppData\Roaming\River Past G5
2010-02-25 09:45 . 2008-04-17 07:16 168952 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-02 17:34 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 07:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 07:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 07:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 07:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:54 . 2010-03-11 07:52 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:51 . 2010-03-11 07:52 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:30 . 2010-03-11 07:52 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-30 10:59 . 2010-01-30 10:59 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb6E7D.tmp.exe
2010-01-25 12:58 . 2010-02-24 09:46 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58 . 2010-02-24 09:46 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58 . 2010-02-24 09:46 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58 . 2010-02-24 09:46 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56 . 2010-02-24 09:46 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36 . 2010-02-24 09:46 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36 . 2010-02-24 09:46 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36 . 2010-02-24 09:46 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-24 09:46 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-23 08:05 . 2010-02-24 09:47 2048 ----a-w- c:\windows\system32\tzres.dll
2007-09-13 05:40 . 2007-09-13 05:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-17 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-10 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-09 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-09 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-09 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DSLSTATEXE"="c:\program files\Conexant\Adsl\dslstat.exe" [2006-12-18 376832]
"DSLAGENTEXE"="c:\program files\Conexant\Adsl\dslagent.exe" [2006-12-18 90112]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-09 2176512]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Waiting1690"="c:\windows\stid1690.exe" [2007-06-05 60416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-10 122368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\Drivers\cam1690.sys [2007-09-20 177664]
R3 DCamUSBNW802;NoteCam Pro USB PC Camera;c:\windows\system32\DRIVERS\pcam.sys [2003-08-07 161468]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-04-09 142592]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]

.
Contenuto della cartella 'Scheduled Tasks'

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:20]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:20]

2010-03-31 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-12 14:55]

2010-04-11 c:\windows\Tasks\User_Feed_Synchronization-{88FBAF56-92D0-453F-9C0D-3C28950A72CF}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.corriere.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} - hxxp://193.205.23.35/vblu/NWWClientFull.cab
.
.
------- Associazioni dei file -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 14:29
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2010-04-12 14:31:12
ComboFix-quarantined-files.txt 2010-04-12 12:31
ComboFix2.txt 2010-04-12 12:16
ComboFix3.txt 2010-04-10 09:27

Pre-Run: 293.491.580.928 byte disponibili
Post-Run: 293.446.860.800 byte disponibili

- - End Of File - - F499BB2A3CF8C5B35C86ED979BF197B2



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.25.45, on 12/04/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Conexant\Adsl\DslStat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\StiD1690.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Waiting1690] C:\Windows\stid1690.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://193.205.23.35/vblu/NWWClientFull.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldit-it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252064537596
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252064599757
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldit-it.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13019 bytes
r16
Inviato: Monday, April 12, 2010 6:52:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per eliminare i vari Tooll scaricati:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Disattiva il ripristino configurazione di sistema

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0. cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site .cab?1252064537596
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_si te.cab?1252064599757
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0. cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldit-it.cab
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Da Installazione Applicazioni, disinstalla la versione installata di Abobe Reader.
Dopo la disinstallazione, installa le versioni aggiornate di:
Adobe Reader:
http://www.adobe.com/it/products/acrobat/readstep2.html
Una volta installato Adobe Reader lancialo e:
nella barra degli strumenti clicca sul ?
clicca su Ricerca aggiornamenti ed esegui gli aggioramenti che veranno proposti.

Riattiva il ripristino configurazione di sistema, e crea un punto di ripristino.

mywis
Inviato: Wednesday, April 14, 2010 2:11:25 PM
Rank: Member

Iscritto dal : 7/16/2008
Posts: 11
Ciao, volevo sapere:
- per disattivare il ripristino faccio dal pannello di controllo giusto? (ho vista: clicco sistema, poi protezione di sistema e disattivo il disco C) E' corretto?
- per usare Hijack This devo mettere però in modalità provvisoria (come scritto nella vostra scheda del programma) e mantengo sempre il ripristino disattivato? O non c'è bisogno di usare la modalità provvisoria? Si fa con F8 dopo l'avvio del bios?
- riattivare il ripristino si fa allo stesso modo, riselezionando cioè il disco C? E come creo poi un punto di ripristino?

Grazie
r16
Inviato: Wednesday, April 14, 2010 2:31:13 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
1)Per usare HijackThis, puoi anche farlo in Modalità normale. (se non si elimina la voce 023, prova in Modalità provvisoria)

2)Avviare in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

3)Disattivare il ripristino configurazione di sistema:
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

3)Creare un nuovo punto di ripristino:

Start

Programmi

Accessori

Utilità di sistema

Ripristino configurazione di sistema

Crea un punto di ripristino

Clicca Avanti

Inserisci una descrizione

Clicca Crea e attendi pazientemente la fine delle operazioni.


mywis
Inviato: Sunday, April 18, 2010 12:10:10 PM
Rank: Member

Iscritto dal : 7/16/2008
Posts: 11
Ciao..
allora ho fatto tutto quanto! Mi restano solo 2 domande:
-se faccio una scansione con Spyware Terminator mi trova un file critico chiamato "APPL/PsExec.E (Unclassified Threat)" ... che faccio clicco su Rimuovi? E' un file pericoloso?

-gli aggiornamenti di Windows Update mi consigliate di scaricarli? Attualmente per esempio me ne segnala 2 importanti (strumento di rimozione di malware di Windows aprile 2010 e Notifiche di Office Genuine Advantage) e 3 facoltativi. Che faccio li scarico?

Grazie
paolopa
Inviato: Sunday, April 18, 2010 12:28:24 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
mettilo tranquillamente in quarantena,se fosse un falso positivo potrai sempre ripristinarlo.
riguardo agli aggiornamenti scarica sicuramente il primo(in linea di massima quelli a priorita' alta sono da scaricare ed installare),il secondo è la verifica se il tuo sistema operativo è originale,e questo lo sai solo tu.i facoltativi guarda cosa sono e valuta.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.