Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Controllo log Opzioni
padogu
Inviato: Thursday, November 22, 2012 9:33:46 PM

Rank: AiutAmico

Iscritto dal : 8/30/2007
Posts: 93
Qualcuno può dirmi se è tutto ok?

Grazie in anticipo! Drool

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.27.03, on 22/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programmi\Gigabyte\EnergySaver2\des2svr.exe
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PSIService.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Programmi\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\WTClient.exe
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Microsoft Security Client\msseces.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Programmi\Samsung\Kies\Kies.exe
C:\Programmi\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSC] "C:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [] C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesAirMessage] C:\Programmi\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [KiesPreload] C:\Programmi\Samsung\Kies\Kies.exe /preload
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292186466156
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C4AC896-742F-4F00-B559-45AADEFECBB8}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{67C116CB-2838-4462-9C39-930FA8318284}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C4AC896-742F-4F00-B559-45AADEFECBB8}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Programmi\Gigabyte\EnergySaver2\des2svr.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\xxx\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Programmi\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Documents and Settings\xxx\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 13948 bytes
Sponsor
Inviato: Thursday, November 22, 2012 9:33:46 PM

 
shapiro
Inviato: Thursday, November 22, 2012 10:02:52 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


hai le solite infezioni da toolbar fai queste scansioni

scarica adwcleaner usa solo l'opzione delete e posta il log


Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

padogu
Inviato: Saturday, November 24, 2012 12:38:10 PM

Rank: AiutAmico

Iscritto dal : 8/30/2007
Posts: 93
Ok grazie!

Questo è il log di adwcleaner:ù

# AdwCleaner v2.008 - Logfile creato il 24/11/2012 alle 12:07:45
# Aggiornamento 17/11/2012 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : xxx - HALL2010
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\xxx\Documenti\Download\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Documents and Settings\xxx\Dati applicazioni\OpenCandy
Cartella Eliminato : C:\Documents and Settings\xxx\Dati applicazioni\pdfforge

***** [Registro] *****

Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Chiave Eliminata : HKLM\SOFTWARE\Software
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] =

hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com -->

hxxp://www.google.com
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] =

hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com -->

hxxp://www.google.com
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] =

hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com -->

hxxp://www.google.com
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] =

hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com -->

hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [3460 octets] - [24/11/2012 12:07:19]
AdwCleaner[S1].txt - [3271 octets] - [24/11/2012 12:07:45]

########## EOF - C:\AdwCleaner[S1].txt - [3331 octets] ##########




e questo quello di combofix:

ComboFix 12-11-23.02 - xxx 24/11/2012 12.31.07.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2043.1127 [GMT 1:00]
Eseguito da: c:\documents and settings\xxx\Documenti\Download\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\pswi_preloaded.exe
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\unins000.exe
c:\documents and settings\xxx\WINDOWS
c:\windows\IsUn0410.exe
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-24 al 2012-11-24 )))))))))))))))))))))))))))))))))))
.
.
2012-11-24 11:10 . 2012-11-24 11:10 29904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{6B975DC4-C943-4AED-A5A9-8BBA11B5C1EE}\MpKslfa09dfd6.sys
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin7.dll
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin6.dll
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin5.dll
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin4.dll
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin3.dll
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin2.dll
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin.dll
2012-11-24 10:31 . 2012-11-24 10:31 -------- d-----w- c:\programmi\QuickTime
2012-11-23 19:09 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{6B975DC4-C943-4AED-A5A9-8BBA11B5C1EE}\mpengine.dll
2012-11-22 20:26 . 2012-11-22 20:26 388096 ----a-r- c:\documents and settings\xxx\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-22 20:26 . 2012-11-22 20:26 -------- d-----w- c:\programmi\Trend Micro
2012-11-22 13:04 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-09 21:21 . 2012-11-09 21:21 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\Adobe_Systems_Incorporate
2012-11-09 20:56 . 2012-11-09 20:56 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\Kobo
2012-11-09 20:55 . 2012-11-09 20:56 -------- d-----w- c:\windows\tmp
2012-11-09 20:55 . 2012-11-09 20:56 -------- d-----w- c:\programmi\Kobo
2012-11-07 15:56 . 2012-11-07 15:56 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PowerOffer
2012-11-07 15:56 . 2012-11-08 12:50 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater
2012-11-07 15:56 . 2012-11-07 15:57 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PosService
2012-11-07 15:55 . 2012-11-07 15:55 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2012-11-06 18:51 . 2012-11-06 18:51 -------- d-----w- c:\documents and settings\xxx\backup
2012-11-06 18:45 . 2012-11-07 15:56 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\SoftwareUpdater
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-24 11:09 . 2010-12-12 13:50 17488 ----a-w- c:\windows\gdrv.sys
2012-11-07 23:38 . 2011-10-07 17:48 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2011-10-07 17:48 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2011-10-07 17:48 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2011-10-07 17:48 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2011-10-07 17:47 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2011-10-07 17:47 301264 ----a-w- c:\windows\system32\guard32.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 19:56 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 18:37 . 2012-04-26 11:36 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:37 . 2011-06-02 19:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2006-03-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 17:54 . 2010-12-12 15:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 13:32 . 2012-09-01 14:33 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2011-01-11 11:29 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 11:51 . 2012-09-01 14:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-20 04:35 . 2012-10-13 13:48 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-09-20 04:35 . 2012-10-13 13:48 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-08-30 20:03 . 2010-03-25 20:30 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:05 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-27 14:00 . 2012-10-27 13:59 261600 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"KiesPDLR"="c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-11-14 843208]
"KiesAirMessage"="c:\programmi\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
"KiesPreload"="c:\programmi\Samsung\Kies\Kies.exe" [2012-10-11 966072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\programmi\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-01-19 1976944]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-29 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-29 13923432]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"WTClient"="WTClient.exe" [2009-08-19 32768]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-09-17 254896]
"PosService"="c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio di AutoCAD.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Tasto di scelta rapida per l'avvio di AutoCAD.lnk
backup=c:\windows\pss\Tasto di scelta rapida per l'avvio di AutoCAD.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^xxx^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\xxx\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Borra Disinstallazione di Patrician III - Impero dei Mari]
command [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 10:48 58656 ----a-w- c:\programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\programmi\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\programmi\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-24 13:19 3478336 ----a-w- c:\programmi\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]
2007-07-26 14:05 20480 ----a-w- c:\programmi\Gigabyte\ET6\ETcall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2012-10-09 00:17 580096 ----a-w- c:\programmi\Samsung\Kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-11-14 21:42 843208 ----a-w- c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-10-11 00:33 966072 ----a-w- c:\programmi\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-10-11 00:33 309688 ----a-w- c:\programmi\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 11:02 79400 ----a-w- c:\programmi\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2010-07-30 14:11 2158592 ----a-w- c:\programmi\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector]
2002-09-11 10:36 40960 ------w- c:\programmi\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [12/12/2010 14.20.28 19496]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [07/10/2011 18.48.02 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [07/10/2011 18.48.02 32640]
R1 MpKslfa09dfd6;MpKslfa09dfd6;c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{6B975DC4-C943-4AED-A5A9-8BBA11B5C1EE}\MpKslfa09dfd6.sys [24/11/2012 12.10.39 29904]
R2 BCUService;Browser Configuration Utility Service;c:\programmi\DeviceVM\Browser Configuration Utility\BCUService.exe [15/10/2009 14.06.46 223464]
R2 DES2 Service;DES2 Service for Energy Saving.;c:\programmi\Gigabyte\EnergySaver2\des2svr.exe [12/12/2010 14.22.31 68136]
R2 Smart TimeLock;Smart TimeLock Service;c:\programmi\Gigabyte\smart6\timelock\TimeMgmtDaemon.exe [12/12/2010 14.22.18 114688]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [02/02/2012 17.16.17 242240]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [26/10/2009 16.19.00 58240]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [26/10/2009 16.19.02 136704]
R3 PAC207;CamMaestro 3.01 DU PC Camera;c:\windows\system32\drivers\PFC027.sys [27/05/2005 14.57.16 162304]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [22/06/2009 8.58.06 23208]
S2 PowerOffer Service;Pos Service;c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [07/11/2012 16.56.00 169472]
S2 ServUpdater;Serv Updater;c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [07/11/2012 16.56.01 156160]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [02/10/2012 12.13.44 3064000]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [13/07/2012 12.28.36 160944]
S2 SoftwareUpd;Software Upd;c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe [06/11/2012 19.45.39 161280]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/12/2010 14.18.35 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [13/10/2012 14.48.17 83168]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [29/08/2012 14.18.55 20032]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [27/11/2011 18.14.16 13192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [12/12/2010 20.33.31 17488]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [27/11/2011 18.14.16 8456]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [12/12/2010 14.32.23 24944]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [22/06/2009 8.58.22 14504]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [13/10/2012 14.48.18 181344]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MPKSLFA09DFD6
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 18:37]
.
2012-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-09-03 17:25]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-09-03 17:25]
.
2012-11-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\programmi\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.findeer.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2C4AC896-742F-4F00-B559-45AADEFECBB8}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{67C116CB-2838-4462-9C39-930FA8318284}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\vbmyablv.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=
FF - ExtSQL: 2012-10-17 20:51; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-NokiaOviSuite2 - c:\programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-PC Suite Tray - c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
MSConfigStartUp-PcSync - c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
AddRemove-Faraon - c:\windows\IsUn0410.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\unins000.exe
AddRemove-01_Simmental - c:\programmi\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programmi\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programmi\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programmi\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programmi\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programmi\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\programmi\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programmi\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\programmi\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programmi\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programmi\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programmi\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programmi\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programmi\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programmi\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programmi\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programmi\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\programmi\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\programmi\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-24 12:34
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\guard32.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(920)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(828)
c:\windows\system32\cmdcsr.dll
.
Ora fine scansione: 2012-11-24 12:35:36
ComboFix-quarantined-files.txt 2012-11-24 11:35
.
Pre-Run: 35.544.379.392 byte disponibili
Post-Run: 35.881.594.880 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0F30EC71CEDCF02404A1012667C5BCA0
padogu
Inviato: Saturday, November 24, 2012 12:48:23 PM

Rank: AiutAmico

Iscritto dal : 8/30/2007
Posts: 93
Ho appena riavviato il PC e m i sono apparse due cartelle, una dice così:

c:\documents and settings\xxx\impostazioni locali\temp\zlrkqt non trovato



e l'altra:

Application has generated an exception that could not be handled.

Process id=0xc30 (3120) thread id=0xc34 (3124)

click ok to terminate the application
click cancel to debug the application

ho messo ok ad entrambi ma di che si tratta?
shapiro
Inviato: Saturday, November 24, 2012 1:12:10 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
dovrebbero essere cartelle perse per ora segui i passaggi indicati


apri una pagina del blocco note e copia incolla quanto segue;



Code:
file::
c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe

folder::
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PowerOffer
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PosService
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\SoftwareUpdater


registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-

driver::
PowerOffer Service
ServUpdater
SoftwareUpd

DDS::
uStart Page = hxxp://search.findeer.com
TCP: Interfaces\{2C4AC896-742F-4F00-B559-45AADEFECBB8}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{67C116CB-2838-4462-9C39-930FA8318284}: NameServer = 176.31.229.24,176.31.229.25




salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log ..


Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,
padogu
Inviato: Saturday, November 24, 2012 1:44:35 PM

Rank: AiutAmico

Iscritto dal : 8/30/2007
Posts: 93
Questo è il log di combofix come da istruzioni...

ComboFix 12-11-23.02 - xxx 24/11/2012 13.27.29.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2043.1178 [GMT 1:00]
Eseguito da: c:\documents and settings\xxx\Documenti\Download\ComboFix.exe
Opzioni usate :: c:\documents and settings\xxx\Documenti\Download\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe"
"c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PosService\Pos.exe"
"c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe"
"c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PosService
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PosService\7z.dll
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PosService\AppLib.Zip.dll
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PosService\Pos.InstallLog
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PosService\Pos.InstallState
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PosService\settings.ini
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PosService\settings\settings.ini
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PowerOffer
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PowerOffer\InstallHelper.exe
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PowerOffer\System.Data.SQLite.dll
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\PowerOffer\Wait.exe
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater\7z.dll
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater\AppLib.Zip.dll
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallLog
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallState
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater\settings.ini
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\ServUpdater\settings\settings.ini
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\SoftwareUpdater
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\SoftwareUpdater\settings.ini
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\SoftwareUpdater\settings\settings.ini
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.InstallLog
c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.InstallState
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_POWEROFFER_SERVICE
-------\Legacy_SERVUPDATER
-------\Legacy_SOFTWAREUPD
-------\Service_PowerOffer Service
-------\Service_ServUpdater
-------\Service_SoftwareUpd
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-24 al 2012-11-24 )))))))))))))))))))))))))))))))))))
.
.
2012-11-24 11:36 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{67FA442C-D61A-464F-9AFB-5D87203D38BF}\mpengine.dll
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin7.dll
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin6.dll
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin5.dll
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin4.dll
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin3.dll
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin2.dll
2012-11-24 10:31 . 2012-11-24 10:31 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin.dll
2012-11-24 10:31 . 2012-11-24 10:31 -------- d-----w- c:\programmi\QuickTime
2012-11-22 20:26 . 2012-11-22 20:26 388096 ----a-r- c:\documents and settings\xxx\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-22 20:26 . 2012-11-22 20:26 -------- d-----w- c:\programmi\Trend Micro
2012-11-22 13:04 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-09 21:21 . 2012-11-09 21:21 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\Adobe_Systems_Incorporate
2012-11-09 20:56 . 2012-11-09 20:56 -------- d-----w- c:\documents and settings\xxx\Impostazioni locali\Dati applicazioni\Kobo
2012-11-09 20:55 . 2012-11-09 20:56 -------- d-----w- c:\windows\tmp
2012-11-09 20:55 . 2012-11-09 20:56 -------- d-----w- c:\programmi\Kobo
2012-11-07 15:55 . 2012-11-07 15:55 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2012-11-06 18:51 . 2012-11-06 18:51 -------- d-----w- c:\documents and settings\xxx\backup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-24 12:32 . 2010-12-12 13:50 17488 ----a-w- c:\windows\gdrv.sys
2012-11-07 23:38 . 2011-10-07 17:48 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2011-10-07 17:48 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2011-10-07 17:48 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2011-10-07 17:48 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2011-10-07 17:47 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2011-10-07 17:47 301264 ----a-w- c:\windows\system32\guard32.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 19:56 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 18:37 . 2012-04-26 11:36 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:37 . 2011-06-02 19:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2006-03-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 17:54 . 2010-12-12 15:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 13:32 . 2012-09-01 14:33 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2011-01-11 11:29 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 11:51 . 2012-09-01 14:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-20 04:35 . 2012-10-13 13:48 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-09-20 04:35 . 2012-10-13 13:48 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-08-30 20:03 . 2010-03-25 20:30 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:05 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-27 14:00 . 2012-10-27 13:59 261600 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"KiesPDLR"="c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-11-14 843208]
"KiesAirMessage"="c:\programmi\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
"KiesPreload"="c:\programmi\Samsung\Kies\Kies.exe" [2012-10-11 966072]
"<NO NAME>"="c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-11-14 843208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\programmi\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-01-19 1976944]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-29 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-29 13923432]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"WTClient"="WTClient.exe" [2009-08-19 32768]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-09-17 254896]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio di AutoCAD.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Tasto di scelta rapida per l'avvio di AutoCAD.lnk
backup=c:\windows\pss\Tasto di scelta rapida per l'avvio di AutoCAD.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^xxx^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\xxx\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Borra Disinstallazione di Patrician III - Impero dei Mari]
command [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 10:48 58656 ----a-w- c:\programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\programmi\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\programmi\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-24 13:19 3478336 ----a-w- c:\programmi\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]
2007-07-26 14:05 20480 ----a-w- c:\programmi\Gigabyte\ET6\ETcall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2012-10-09 00:17 580096 ----a-w- c:\programmi\Samsung\Kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-11-14 21:42 843208 ----a-w- c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-10-11 00:33 966072 ----a-w- c:\programmi\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-10-11 00:33 309688 ----a-w- c:\programmi\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 11:02 79400 ----a-w- c:\programmi\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2010-07-30 14:11 2158592 ----a-w- c:\programmi\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector]
2002-09-11 10:36 40960 ------w- c:\programmi\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [12/12/2010 14.20.28 19496]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [07/10/2011 18.48.02 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [07/10/2011 18.48.02 32640]
R2 BCUService;Browser Configuration Utility Service;c:\programmi\DeviceVM\Browser Configuration Utility\BCUService.exe [15/10/2009 14.06.46 223464]
R2 DES2 Service;DES2 Service for Energy Saving.;c:\programmi\Gigabyte\EnergySaver2\des2svr.exe [12/12/2010 14.22.31 68136]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [02/10/2012 12.13.44 3064000]
R2 Smart TimeLock;Smart TimeLock Service;c:\programmi\Gigabyte\smart6\timelock\TimeMgmtDaemon.exe [12/12/2010 14.22.18 114688]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [02/02/2012 17.16.17 242240]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [26/10/2009 16.19.00 58240]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [26/10/2009 16.19.02 136704]
R3 PAC207;CamMaestro 3.01 DU PC Camera;c:\windows\system32\drivers\PFC027.sys [27/05/2005 14.57.16 162304]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [22/06/2009 8.58.06 23208]
S1 MpKsl11cb54eb;MpKsl11cb54eb;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{67FA442C-D61A-464F-9AFB-5D87203D38BF}\MpKsl11cb54eb.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{67FA442C-D61A-464F-9AFB-5D87203D38BF}\MpKsl11cb54eb.sys [?]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [13/07/2012 12.28.36 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/12/2010 14.18.35 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [13/10/2012 14.48.17 83168]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [29/08/2012 14.18.55 20032]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [27/11/2011 18.14.16 13192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [12/12/2010 20.33.31 17488]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [27/11/2011 18.14.16 8456]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [12/12/2010 14.32.23 24944]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [22/06/2009 8.58.22 14504]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [13/10/2012 14.48.18 181344]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 18:37]
.
2012-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-09-03 17:25]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-09-03 17:25]
.
2012-11-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\programmi\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2C4AC896-742F-4F00-B559-45AADEFECBB8}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{67C116CB-2838-4462-9C39-930FA8318284}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\documents and settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\vbmyablv.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=
FF - ExtSQL: 2012-10-17 20:51; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-24 13:33
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2636)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\ArcSoft\WebCam Companion\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(832)
c:\windows\system32\cmdcsr.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\Microsoft Security Client\MsMpEng.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\programmi\Canon\IJPLM\IJPLMSVC.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PSIService.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\programmi\Canon\CAL\CALMAIN.exe
c:\windows\system32\WTClient.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WISPTIS.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\programmi\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Ora fine scansione: 2012-11-24 13:36:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-11-24 12:36
ComboFix2.txt 2012-11-24 11:35
.
Pre-Run: 35.879.755.776 byte disponibili
Post-Run: 35.714.596.864 byte disponibili
.
- - End Of File - - B062962CE6A8C2B2E50BF183017C8CCF






Questo è Extras.txt...

http://wikisend.com/download/398118/Extras.Txt


e questo è OTL.txt...

http://wikisend.com/download/447056/OTL.Txt
shapiro
Inviato: Saturday, November 24, 2012 7:03:25 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

non posso aiutarti oltre hai sostituito l'user con delle x

C:\Documents and Settings\xxx\Dati applicazioni\Mozilla\Firefox\Profiles\vbmyablv.default\extensions\client@anonymox.net.xpi

mi rimane difficile prepararti uno script con le rimozioni, mi dispiace, anche perche' otl richiede parecchio tempo per le ricerche

posta un log di hijackthis e concludiamo
padogu
Inviato: Saturday, November 24, 2012 10:46:46 PM

Rank: AiutAmico

Iscritto dal : 8/30/2007
Posts: 93
xxx è il nome del computer non l'ho sostituito io l'ho dato quando ho installato windows, non so se mi riesco a spiegare... ecco l'user è xxx :o)

Le due scritte sono sparite questa c:\documents and settings\xxx\impostazioni locali\temp\zlrkqt era della samsung e ho disinstallato il prg kies mi apre che si chiamasse (se mi servirà la reinstallo, l'altra è sparita da sola :oD.

ho passato anche ccleaner e ripulito la cartella temp e prefetch...

Comunque grazie per l'aiuto che mi hai dato, ecco il log di hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.01.36, on 24/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programmi\Gigabyte\EnergySaver2\des2svr.exe
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PSIService.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Programmi\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Programmi\Microsoft Security Client\msseces.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSC] "C:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292186466156
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C4AC896-742F-4F00-B559-45AADEFECBB8}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{67C116CB-2838-4462-9C39-930FA8318284}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C4AC896-742F-4F00-B559-45AADEFECBB8}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Programmi\Gigabyte\EnergySaver2\des2svr.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Programmi\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 11597 bytes
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.