Allora ho fatto modalita provvisoria ed ho scansionato con Norman Malware Cleaner però ad un certo punto si blocca e non va avanti
ora ti posto il log fin dove è arrivato
Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/04/29 19:17:00
Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/04/29 19:17:00, Variants: 1600559
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode with network) Service Pack 2
Logged on user: IDA-8E4F11DEE23\Ida
Removed hosts entry: 127.0.0.1 bin.errorprotector.com
Removed hosts entry: 127.0.0.1 br.errorsafe.com
Removed hosts entry: 127.0.0.1 br.winantivirus.com
Removed hosts entry: 127.0.0.1 br.winfixer.com
Removed hosts entry: 127.0.0.1 cdn.drivecleaner.com
Removed hosts entry: 127.0.0.1 cdn.errorsafe.com
Removed hosts entry: 127.0.0.1 cdn.winsoftware.com
Removed hosts entry: 127.0.0.1 de.errorsafe.com
Removed hosts entry: 127.0.0.1 de.winantivirus.com
Removed hosts entry: 127.0.0.1 download.cdn.drivecleaner.com
Removed hosts entry: 127.0.0.1 download.cdn.errorsafe.com
Removed hosts entry: 127.0.0.1 download.cdn.winsoftware.com
Removed hosts entry: 127.0.0.1 download.errorsafe.com
Removed hosts entry: 127.0.0.1 download.systemdoctor.com
Removed hosts entry: 127.0.0.1 download.winantispyware.com
Removed hosts entry: 127.0.0.1 download.windrivecleaner.com
Removed hosts entry: 127.0.0.1 download.winfixer.com
Removed hosts entry: 127.0.0.1 drivecleaner.com
Removed hosts entry: 127.0.0.1 dynamique.drivecleaner.com
Removed hosts entry: 127.0.0.1 errorprotector.com
Removed hosts entry: 127.0.0.1 errorsafe.com
Removed hosts entry: 127.0.0.1 es.winantivirus.com
Removed hosts entry: 127.0.0.1 fr.winantivirus.com
Removed hosts entry: 127.0.0.1 fr.winfixer.com
Removed hosts entry: 127.0.0.1 go.drivecleaner.com
Removed hosts entry: 127.0.0.1 go.errorsafe.com
Removed hosts entry: 127.0.0.1 go.winantispyware.com
Removed hosts entry: 127.0.0.1 go.winantivirus.com
Removed hosts entry: 127.0.0.1 hk.winantivirus.com
Removed hosts entry: 127.0.0.1 instlog.errorsafe.com
Removed hosts entry: 127.0.0.1 instlog.winantivirus.com
Removed hosts entry: 127.0.0.1 instlog.winfixer.com
Removed hosts entry: 127.0.0.1 jsp.drivecleaner.com
Removed hosts entry: 127.0.0.1 kb.errorsafe.com
Removed hosts entry: 127.0.0.1 kb.winantivirus.com
Removed hosts entry: 127.0.0.1 nl.errorsafe.com
Removed hosts entry: 127.0.0.1 se.errorsafe.com
Removed hosts entry: 127.0.0.1 secure.drivecleaner.com
Removed hosts entry: 127.0.0.1 secure.errorsafe.com
Removed hosts entry: 127.0.0.1 secure.winantispam.com
Removed hosts entry: 127.0.0.1 secure.winantispy.com
Removed hosts entry: 127.0.0.1 secure.winantivirus.com
Removed hosts entry: 127.0.0.1 support.winantivirus.com
Removed hosts entry: 127.0.0.1 trial.updates.winsoftware.com
Removed hosts entry: 127.0.0.1 ulog.winantivirus.com
Removed hosts entry: 127.0.0.1 utils.errorsafe.com
Removed hosts entry: 127.0.0.1 utils.winantivirus.com
Removed hosts entry: 127.0.0.1 utils.winfixer.com
Removed hosts entry: 127.0.0.1 winantispyware.com
Removed hosts entry: 127.0.0.1 winantivirus.com
Removed hosts entry: 127.0.0.1 winfixer.com
Removed hosts entry: 127.0.0.1 winfixer2006.com
Removed hosts entry: 127.0.0.1 winsoftware.com
Removed hosts entry: 127.0.0.1
www.drivecleaner.comRemoved hosts entry: 127.0.0.1
www.errorprotector.comRemoved hosts entry: 127.0.0.1
www.errorsafe.comRemoved hosts entry: 127.0.0.1
www.systemdoctor.comRemoved hosts entry: 127.0.0.1
www.utils.winfixer.comRemoved hosts entry: 127.0.0.1
www.win-anti-virus-pro.comRemoved hosts entry: 127.0.0.1
www.win-virus-pro.comRemoved hosts entry: 127.0.0.1
www.winantispam.comRemoved hosts entry: 127.0.0.1
www.winantispy.comRemoved hosts entry: 127.0.0.1
www.winantispyware.comRemoved hosts entry: 127.0.0.1
www.winantivirus.comRemoved hosts entry: 127.0.0.1
www.winantiviruspro.comRemoved hosts entry: 127.0.0.1
www.windrivecleaner.comRemoved hosts entry: 127.0.0.1
www.windrivesafe.comRemoved hosts entry: 127.0.0.1
www.winfixer.comRemoved hosts entry: 127.0.0.1
www.winfixer2006.comRemoved hosts entry: 127.0.0.1
www.winsoftware.comScan started: 04/05/2008 22:33:44
Scanning running processes and process memory...
Number of processes/threads found: 671
Number of processes/threads scanned: 670
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 16s
Scanning file system...
Scanning: C:\*.*
C:\Documents and Settings\Ida\Dati applicazioni\blueweb\sdxgsdqy.exe (Infected with W32/Lop.GFR)
Deleted file
C:\Documents and Settings\Ida\Documenti\Incoming\Klaus Doldinger - 1984. The Neverending Story (Soundtrack).rar/RR (Error whilst scanning file: I/O Error)
poi ho fatto in modalità normale Combofix ecco il log
ComboFix 08-05-01.3 - Ida 2008-05-04 23.31.08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.175 [GMT 2:00]
Eseguito da: F:\File ricevuti\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Ida\Dati applicazioni\macromedia\Flash Player\#SharedObjects\JZ7GATZM\iforex.com
C:\Documents and Settings\Ida\Dati applicazioni\macromedia\Flash Player\#SharedObjects\JZ7GATZM\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Ida\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Ida\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
.
((((((((((((((((((((((((( Files Creati Da 2008-04-04 al 2008-05-04 )))))))))))))))))))))))))))))))))))
.
2008-05-04 23:36 . 2008-05-04 23:36 53,248 --a------ C:\Temp\catchme.dll
2008-05-04 23:25 . 2008-05-04 23:25 16,384 --a----t- C:\Temp\Perflib_Perfdata_454.dat
2008-05-04 14:46 . 2008-03-13 23:18 888 --a------ C:\WINDOWS\win.tmp
2008-05-04 14:46 . 2008-05-04 23:36 255 --a------ C:\WINDOWS\system.tmp
2008-05-04 14:43 . 2008-05-04 19:01 <DIR> d-------- C:\Programmi\Spyware Doctor
2008-05-04 14:43 . 2008-05-04 14:43 <DIR> d-------- C:\Documents and Settings\Ida\Dati applicazioni\PC Tools
2008-05-04 14:43 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-05-04 14:43 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-05-04 12:37 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-05-04 12:32 . 2008-05-04 12:32 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2008-04-28 21:22 . 2008-04-28 21:23 <DIR> d-------- C:\Programmi\Avanquest update
2008-04-28 21:20 . 2008-04-28 21:31 <DIR> d-------- C:\Programmi\Motorola Phone Tools
2008-04-17 22:11 . 2008-04-17 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-04-15 15:55 . 2001-12-27 06:27 638,976 --a------ C:\WINDOWS\system32\cdwriterxp.ocx
2008-04-15 15:55 . 2004-07-29 22:53 593,920 --a------ C:\WINDOWS\system32\CommandBars.ocx
2008-04-15 15:55 . 2004-05-09 23:07 364,544 --a------ C:\WINDOWS\system32\AudioGeniePro.ocx
2008-04-15 15:55 . 2004-07-29 22:55 290,816 --a------ C:\WINDOWS\system32\SuiteCtrls.ocx
2008-04-15 15:55 . 2001-10-29 10:00 241,664 --a------ C:\WINDOWS\system32\ctlist.ocx
2008-04-15 15:55 . 1998-09-18 16:17 76,288 --a------ C:\WINDOWS\system32\CIHTTP.OCX
2008-04-15 15:55 . 2001-08-23 12:00 5,532 --a------ C:\WINDOWS\system32\Stdole.tlb
2008-04-15 13:51 . 2008-04-26 13:59 <DIR> d-------- C:\Programmi\AudioStreamer
2008-04-15 12:36 . 2008-04-15 13:42 <DIR> d-------- C:\Documents and Settings\Ida\Dati applicazioni\concept design
2008-04-15 12:36 . 2006-05-21 16:15 634,880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll
2008-04-15 12:36 . 2006-05-21 16:15 522,752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll
2008-04-15 12:36 . 2006-05-21 16:15 467,968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll
2008-04-15 12:36 . 2006-05-21 16:15 467,456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-04-12 11:52 . 2008-05-01 00:46 50 --a------ C:\plug_in.ini
2008-04-11 21:16 . 2008-05-01 00:35 <DIR> d-------- C:\Programmi\VirtualDJ
2008-04-10 08:39 . 2008-04-10 08:39 <DIR> d-------- C:\e6d168609584efca7c8b3f32e1503e
2008-04-08 21:24 . 2008-04-17 22:08 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2008-04-06 20:37 . 2008-04-06 20:37 <DIR> d-------- C:\Programmi\File comuni\xing shared
2008-04-06 20:36 . 2008-04-06 20:36 <DIR> d-------- C:\Programmi\Real
2008-04-06 20:36 . 2008-04-06 20:37 <DIR> d-------- C:\Programmi\File comuni\Real
2008-04-06 19:00 . 2008-04-06 19:00 <DIR> d-------- C:\Programmi\File comuni\Stardock
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 20:34 --------- d-----w C:\Documents and Settings\Ida\Dati applicazioni\blueweb
2008-05-04 20:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-04 10:41 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-04 09:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-04-28 19:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2008-04-28 19:22 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-28 19:20 92,064 ----a-w C:\Documents and Settings\Ida\mqdmmdm.sys
2008-04-28 19:20 9,232 ----a-w C:\Documents and Settings\Ida\mqdmmdfl.sys
2008-04-28 19:20 79,328 ----a-w C:\Documents and Settings\Ida\mqdmserd.sys
2008-04-28 19:20 66,656 ----a-w C:\Documents and Settings\Ida\mqdmbus.sys
2008-04-28 19:20 6,208 ----a-w C:\Documents and Settings\Ida\mqdmcmnt.sys
2008-04-28 19:20 5,936 ----a-w C:\Documents and Settings\Ida\mqdmwhnt.sys
2008-04-28 19:20 4,048 ----a-w C:\Documents and Settings\Ida\mqdmcr.sys
2008-04-28 19:20 25,600 ----a-w C:\WINDOWS\system32\drivers\usbsermptxp.sys
2008-04-28 19:20 25,600 ----a-w C:\Documents and Settings\Ida\usbsermptxp.sys
2008-04-28 19:20 22,768 ----a-w C:\Documents and Settings\Ida\usbsermpt.sys
2008-04-26 13:59 --------- d-----w C:\Programmi\Stardock
2008-04-18 17:10 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-17 20:49 --------- d-----w C:\Programmi\IEDP2
2008-04-13 08:29 --------- d-----w C:\Programmi\Winamp
2008-04-13 08:29 --------- d-----w C:\Documents and Settings\Ida\Dati applicazioni\Winamp
2008-04-07 21:53 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-04-07 18:40 --------- d-----w C:\Documents and Settings\Ida\Dati applicazioni\BearShare
2008-04-06 18:36 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-06 18:36 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-27 22:10 --------- d-----w C:\Programmi\MixSense
2008-03-27 22:07 --------- d-----w C:\Programmi\Steinberg
2008-03-25 20:31 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-03-25 19:42 --------- d-----w C:\Programmi\Advanced Sound Recorder
2008-03-22 11:22 --------- d-----w C:\Programmi\MSN Messenger
2008-03-22 11:22 --------- d-----w C:\Programmi\MessengerDiscovery
2008-03-20 21:24 --------- d-----w C:\Documents and Settings\Ida\Dati applicazioni\Axialis
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-10 20:13 --------- d-----w C:\Programmi\Java
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:01 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-13 15:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2003-04-21 20:49 679,424 ----a-w C:\Programmi\File comuni\msxml4sys32.msm
2003-04-21 20:49 669,184 ----a-w C:\Programmi\File comuni\msxml4sxs32.msm
2003-04-21 20:49 3,433,472 ----a-w C:\Programmi\File comuni\xmlsdkdoc.msm
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFD5A555-2E1A-4AAA-897A-14229131F102}]
2007-10-07 19:22 27538 --a------ C:\WINDOWS\system32\mfc42u32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1C7D7C4D-945C-4BB7-B1B9-B25F0A967710}"= "C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll" [2004-02-06 11:54 188416]
[HKEY_CLASSES_ROOT\clsid\{1c7d7c4d-945c-4bb7-b1b9-b25f0a967710}]
[HKEY_CLASSES_ROOT\PopThis.BARPopThis.1]
[HKEY_CLASSES_ROOT\TypeLib\{1A860BE9-9664-400F-AADA-ACFD1C61346A}]
[HKEY_CLASSES_ROOT\PopThis.BARPopThis]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"del temp"="C:\deltemp.bat" [2006-08-07 03:09 48]
"DAEMON Tools"="F:\Programmi\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"magslog"="C:\DOCUME~1\Ida\DATIAP~1\blueweb\roadgrid.exe" [ ]
"Spyware Doctor"="C:\Programmi\Spyware Doctor\swdoctor.exe" [2006-09-06 15:41 2128016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 22:34 262401]
"AtiPTA"="atiptaxx.exe" [2002-07-26 04:04 290816 C:\WINDOWS\system32\atiptaxx.exe]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2001-12-17 21:22 617984]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Omnipage"="C:\Programmi\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 20:01 49152]
"FREE VIEW GRIM SOAP"="C:\Documents and Settings\All Users\Dati applicazioni\Meal Memo Free View\face bolt.exe" [ ]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-06 20:36 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]
"Spyware Doctor"="C:\Programmi\Spyware Doctor\swdoctor.exe" [2006-09-06 15:41 2128016]
C:\Documents and Settings\Ida\Menu Avvio\Programmi\Esecuzione automatica\
Last.fm Helper.lnk - F:\Programmi\Last.fm\LastFMHelper.exe [2007-10-28 22:04:28 106496]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"F:\\Programmi\\BearShare\\BearShare.exe"=
"F:\\Programmi\\Emule\\eMule_AdnzA.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"F:\\Programmi\\Last.fm\\LastFM.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22754:TCP"= 22754:TCP:BitComet 22754 TCP
"22754:UDP"= 22754:UDP:BitComet 22754 UDP
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:39]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 10:27]
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys []
S3 ZSMC302;PC CAM 300A;C:\WINDOWS\system32\Drivers\usbvm302.sys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-26 09:17:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-04 20:00:00 C:\WINDOWS\Tasks\B18F42249248EFA4.job"
- c:\docume~1\ida\datiap~1\blueweb\firstacethis.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-04 23:36:03
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\Temp\mc21.tmp"
.
Ora fine scansione: 2008-05-04 23.40.15
ComboFix-quarantined-files.txt 2008-05-04 21:39:09
12 Directory 18,334,240,768 byte disponibili
16 Directory 18,371,801,088 byte disponibili
180 --- E O F --- 2008-05-04 09:07:34
Infine il log di hijack
Logfile of HijackThis v1.99.1
Scan saved at 23.46.57, on 04/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
F:\Programmi\Last.fm\LastFMHelper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ida\Documenti\My Albums\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {CFD5A555-2E1A-4AAA-897A-14229131F102} - C:\WINDOWS\system32\mfc42u32.dll
O3 - Toolbar: PopThis! Pop-Up Blocker - {1C7D7C4D-945C-4BB7-B1B9-B25F0A967710} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [FREE VIEW GRIM SOAP] C:\Documents and Settings\All Users\Dati applicazioni\Meal Memo Free View\face bolt.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [del temp] C:\deltemp.bat
O4 - HKCU\..\Run: [DAEMON Tools] "F:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [magslog] C:\DOCUME~1\Ida\DATIAP~1\blueweb\roadgrid.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Last.fm Helper.lnk = F:\Programmi\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) -
http://c6.community.alice.it/download/DownloaderActiveX.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe
