Risultato di Dr.Web




ETRemover_v201.exe;C:\Documents and Settings\Renato;Probabile BACKDOOR.Trojan;;
CERA.wav;C:\Documents and Settings\Renato\Desktop\PROGRAMMI VARI;Joke.Splash;;
VDownloader.exe;C:\Documents and Settings\Renato\Desktop\X FILMATI\VDownloader\vdownloader;Trojan.PWS.Banker.14538;Cancellato.;
CERA.EXE;C:\Documents and Settings\Renato\Documenti\Bluetooth\outbox;Joke.Splash;;
CERA.wav;C:\Documents and Settings\Renato\Documenti\Bluetooth\outbox;Joke.Splash;;
CERA.EXE;C:\Documents and Settings\Renato\Documenti\Immagini;Joke.Splash;;
b64_1[1].jpg;C:\Documents and Settings\Renato\Impostazioni locali\Temporary Internet Files\Content.IE5\1FEVMELB;Trojan.Packed.650;Cancellato.;
b64_6[1].jpg;C:\Documents and Settings\Renato\Impostazioni locali\Temporary Internet Files\Content.IE5\GX14WQSJ;Trojan.Packed.650;Cancellato.;
FindyKill[1].exe\data011;C:\Documents and Settings\Renato\Impostazioni locali\Temporary Internet Files\Content.IE5\YBNJNOKO\FindyKill[1].exe;Tool.Prockill;;
FindyKill[1].exe;C:\Documents and Settings\Renato\Impostazioni locali\Temporary Internet Files\Content.IE5\YBNJNOKO;l'Archivio contiene oggetti infetti;;
MotiveSB.exe1161475102;C:\Programmi\Alice ti aiuta\SmartBridge;Trojan.Inject.3426;Cancellato.;
ATnotes.exe1120176673;C:\Programmi\ATnotes;Trojan.Inject.3426;Cancellato.;
ATnotes.exe1148350290;C:\Programmi\ATnotes;Trojan.Inject.3426;Cancellato.;
ATnotes.exe123518067;C:\Programmi\ATnotes;Trojan.Inject.3426;Cancellato.;
Process.exe;C:\Programmi\FindyKill\Tools;Tool.Prockill;;
jusched.exe727549239;C:\Programmi\Java\jre1.5.0_03\bin;Trojan.Inject.3426;Cancellato.;
JSCRIPT5.CHM\htm/jstextwriteln.htm;C:\Programmi\Microsoft Visual Studio\Common\IDE\IDE98\MSE\1040\JSCRIPT5.CHM;Modifica di VBS.Generic.94;;
JSCRIPT5.CHM;C:\Programmi\Microsoft Visual Studio\Common\IDE\IDE98\MSE\1040;l'Archivio contiene oggetti infetti;;
TTTVRC.exe3392108091;C:\Programmi\TerraTec\Cinergy 400 TV;Trojan.Inject.3426;Cancellato.;
wwDisp.exe1409878100;C:\Programmi\Webroot\Washer;Trojan.Inject.3426;Cancellato.;
wwDisp.exe1784143119;C:\Programmi\Webroot\Washer;Trojan.Inject.3426;Cancellato.;
wwDisp.exe1892756684;C:\Programmi\Webroot\Washer;Trojan.Inject.3426;Cancellato.;
WMPNSCFG.exe1735910835;C:\Programmi\Windows Media Player;Trojan.Inject.3426;Cancellato.;
WMPNSCFG.exe2099161452;C:\Programmi\Windows Media Player;Trojan.Inject.3426;Cancellato.;
WMPNSCFG.exe2385751116;C:\Programmi\Windows Media Player;Trojan.Inject.3426;Cancellato.;
Speed-Downloading_setup.exe;K:\ASTRONOMIA\Microsoft WorldWide Telescope;Probabile Trojan.Packed.258;;
al risveglio.pps;K:\File PPS;Probabile office.exploit.gen;;
trapianti1.pps;K:\File PPS;Probabile office.exploit.16;;
ComboFix.exe\32788R22FWJFW\C.bat;K:\Programmi da installare\Programmi di utilità PULIZIA\ComboFix.exe;Probabile BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\List-C.bat;K:\Programmi da installare\Programmi di utilità PULIZIA\ComboFix.exe;Probabile BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;K:\Programmi da installare\Programmi di utilità PULIZIA\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;K:\Programmi da installare\Programmi di utilità PULIZIA;l'Archivio contiene oggetti infetti;;

---

E questo di FindyKill


###################### [ FindyKill V4.715 ]

# User : Renato - BRSRNT
# Executed from : C:\Programmi\FindyKill
# Update on 29/01/09Nby Chiquitine29
# Start at 14:42:08 the 31/01/2009
# Windows XP - Internet Explorer 7.0.5730.11

# [ FindyKill V4.715 - Deleting ] ###############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////


################## [ C:\ ]

Deleted ! - C:\InfoSat.txt

################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\3075375.EXE-250DA6F4.pf
Deleted ! - C:\WINDOWS\prefetch\3087734.EXE-22A3314A.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-068DEE89.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-2DD8C4FE.pf

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\Documents and Settings\Renato\Dati applicazioni ]

Deleted ! - "C:\Documents and Settings\Renato\Dati applicazioni\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Renato\Dati applicazioni\m\shared"
Deleted ! - "C:\Documents and Settings\Renato\Dati applicazioni\m"
Deleted ! - "C:\Documents and Settings\Renato\Dati applicazioni\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Renato\Dati applicazioni\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\Renato\Dati applicazioni\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Renato\Dati applicazioni\drivers\downld"
Deleted ! - "C:\Documents and Settings\Renato\Dati applicazioni\drivers"

################## [ C:\DOCUME~1\Renato\IMPOST~1\Temp ]


################## [ C:\Documents and Settings\Renato\Local Settings\Temporary Internet Files\Content.IE5 ]


\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\MuleAppData
Deleted ! - HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Local AppWizard-Generated Applications\winupgro

\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

# Safe boot mode restored !

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

EapHost - # Type of startup = 2

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2

WinDefend - # Type of startup = 2


\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

# Informations :

C: - Unit… fissa D: - Unit… fissa K: - Unit… fissa
# deleting files :


\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////


-> Not found !


\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////

Références de comparaison Bagle MD5 :

aef6aa2f C:\Documents and Settings\Renato\Dati applicazioni\drivers\winupgro.exe
415fc83995272b36248ff9df0e8cc95d C:\Documents and Settings\Renato\Dati applicazioni\drivers\winupgro.exe

Suspect ! - 1b1a6af3581681d8b9cb689c532922ca C:\Programmi\AVS4YOU\AVSVideoConverter6\AVSVideoConverter.exe
Suspect ! - 17edef0b1b14d618ccbd9a8f89f02a36 C:\Programmi\AVS4YOU\Registration.exe
Suspect ! - a616f2b1c0e6cc0fcd8add20b05bf780 C:\Programmi\AVSMedia\DVDPlayer\AVSDVDPlayer.exe
Suspect ! - f026d9922a7c292a6a9827123b127885 C:\Programmi\AVSMedia\VideoTools\DVDtoGO\AVSDVDtoGO.exe
Suspect ! - 96011d5a12161242d8c4eeba20e1fe0b C:\Programmi\File comuni\AVSMedia\BurnerService\AVSVideoBurner.exe
Suspect ! - 8790cc62b38eddf6a5ac46257a8db72c C:\Programmi\File comuni\AVSMedia\MobileUploader\AVSMobileUploader.exe

\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////

C:\Documents and Settings\Renato\Desktop\Convertitori file video\Total Video Converter 3-01 & reg-crack
C:\Documents and Settings\Renato\Desktop\Convertitori file video\Total Video Converter 3-01 & reg-crack\regme.reg
C:\Documents and Settings\Renato\Desktop\Convertitori file video\Total Video Converter 3-01 & reg-crack\total-video-converter.exe
C:\Documents and Settings\Renato\Desktop\X SITI WEB\1088-Buttons\crackedburned.gif
C:\Documents and Settings\Renato\Preferiti\Download\CrackDB.com.url
C:\Documents and Settings\Renato\Preferiti\SOFTWARE\SeriAll.Com - Serials, Keys, Keygen, Cracks.url
C:\Programmi\eMule\Incoming\ACD Systems FotoAngelo 2.0.2. Retail. + KeyGen.zip
C:\Programmi\eMule\Incoming\AVS.Video.Converter.v6.2.3.314.Incl.Crack-SND.rar
C:\Programmi\eMule\Incoming\Pinnacle Studio 12 Ultimate Multilenguaje Keygen Dngnmstr.rar
C:\Programmi\eMule\Incoming\Pinnacle Studio Plus V12 [ Full - crack - serial].zip
C:\Programmi\eMule\Incoming\Total Video Converter 3-01 & reg-crack.zip
C:\Programmi\eMule\Incoming\Tutti i codici di attivazione di effect Pinnacle Studio 9 Plus\All Content\keygen.exe
C:\Programmi\eMule\Incoming\Tutti i codici di attivazione di effect Pinnacle Studio 9 Plus\All Content\Pixie Stuff\keygen.rar
C:\Programmi\Macromedia\Dreamweaver MX\Configuration\Content\Reference\HTML\KEYGEN.html
C:\Programmi\Total Video Converter\keygen.exe

################## [ ! End of report # ! ]

Il PC va meglio. Questo è il Log di Elibagle.
Dei programmi funzionano, ma altri fanno uscire ancora la tabella solita ....non è un'applicazione di Win32 valida




Sat Jan 31 17:30:53 2009
EliBagle v12.16 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 30 de Enero del 2009)

---

Lista de Acciones (por Acción Directa):

Sat Jan 31 17:30:56 2009
EliBagle v12.16 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 30 de Enero del 2009)

---

Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 9509
Nº Total de Ficheros: 113396
Nº de Ficheros Analizados: 15419
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

allora.....

devi disinstallare il tuo antivirus e fare una nuova installazione

poi....

per i servizi che il bagle ti ha disabilitato, devi seguire questa procedura:

Apri la lista dei Servizi
Start > Esegui >digita SERVICES.MSC >Ok ed abilita, dove è necessario, questi servizi disabilitati: Avvisi, Centro sicurezza PC, Aggiornamenti automatici, Connessioni di rete, Zero Configuration reti senza fili e Windows Firewall/ Condivisione connessione Internet (ICS). (Per avviare un servizio, clic con il tasto destro su Proprietà >Automatico > Ok > Avvia > Ok


quando hai finito, fammi una scansione con kaspersky(per sicurezza)





http://www.kaspersky.com/virusscanner


1. Clicca su Kaspersky Online Scanner
2. Clicca su Accept
3. Partirà un Update
4. Vai nella colonna di sinistra dov'è scritto Scan e scegli my computer
5. Al termine della scansione in fondo a destra trovi la voce View Scan Report. Cliccaci sopra e poi clicca su Save "Save Report As" e salvalo sul desktop.

La scansione richiede il java della sun e l'accettazione del controllo activex
Per effettuare la scansione, portati sulla pagina di kaspersky, devi avere solo quella pagina aperta, disattiva il tuo antivirus, lancia la scansione, dopo che avrà caricato tutti i files del database e comincerà a scansionare puoi anche disconnettere il pc da internet e lasciarlo lavorare.



devi eliminare anche questi qui

aef6aa2f C:\Documents and Settings\Renato\Dati applicazioni\drivers\winupgro.exe

415fc83995272b36248ff9df0e8cc95d C:\Documents and Settings\Renato\Dati applicazioni\drivers\winupgro.exe

il tasto "add reply" forse non lo vedi perche hai zoomato troppo la pagina.

Schiaccia ctrl nella tastiera e contemporaneamente tira (se ce la hai)la rotellina del mouse verso di te.
se non hai la rotellina schiaccia ctrl e contemporaneamente il tasto -

Errore.. vale lostesso per tutti. Mi scuso.
Grazie Simo95.
Buona giornata.

(ricorda che devi riattivare i servizi disabilitati e reinstallare il tuo antivirus) <----- FATTO

Ora se ho capito bene devo visionare quì il Log e i due Report ?
Se è così, mi trovo in difficoltà in quanto le righe di scrittura vengono tagliate per la sua lunghezza.
Senza alcun problema, modifico e ti visiono tutto.

con le scuse ... che pc hai ?

vai su start .... risorse computer .... c ....dx proprietà -----> cosa leggi ?

peraltro in questa ultima schermata ..... in gestione quote ... ci sono delle spunte ? ...se si eliminale e dai applica ed ok ... spegni e riaccendi

---

per maggior sicurezza eliminale tutte e due

(per maggior sicurezza eliminale tutte e due) <------- OK elimino tutto

Penso di avere fatto tutto come mi hai chiesto.
Mi sembra che il computer vada molto bene.
Spero che risulti tutto a posto anche nel log.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.55.13, on 01/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Lexmark X6100 Series\lxbfbmgr.exe
C:\Programmi\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\Dit.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Rainlendar\Rainlendar.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
K:\Programmi da installare\Programmi di utilità PULIZIA\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Programmi\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Programmi\Rainlendar\Rainlendar.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nipoteenonno.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoalbum1.aruba.it/admin/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nipoteenonno.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://fotoadmin.aruba.it/ThirdParty/ImageUploader/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4977776B-EB8C-40B9-B3DE-01151076C821}: NameServer = 85.37.17.14 85.38.28.78
O17 - HKLM\System\CS1\Services\Tcpip\..\{4977776B-EB8C-40B9-B3DE-01151076C821}: NameServer = 85.37.17.14 85.38.28.78
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Programmi\File comuni\Seagate\Schedule2\schedul2.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O24 - Desktop Component 1: Anfy LAKE - C:\Programmi\AnfyTeam\Applet\lake\preview.html

--
End of file - 9460 bytes