Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » makhkdll

2 pages: [1] 2
makhkdll Opzioni
Topic Precedente · Topic Sucessivo
nonnafer
Inviato: Saturday, April 17, 2010 8:10:58 AM
Rank: Member

Iscritto dal : 1/7/2008
Posts: 27
buon giorno a tutti.all' avvio del pc mi appare una finestra con scritto:
c\.windows\makhkdll - non è immagine valida di windows. verificare con il dischetto di installazione.
è un virus?
ecco il risultato di hijckthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.05.58, on 17/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\MAKTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\vVX1000.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\Programmi\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Emule Installer\EmuleInstaller.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Programmi\Mininova-Vuze\tbMin1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Programmi\Mininova-Vuze\tbMin1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [MAKTray] MAKTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programmi\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Emule Installer] "C:\Programmi\Emule Installer\EmuleInstaller.exe" hmw
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S75.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SIMBAR={E3616FBB-C184-4DB3-B404-D7E2B6B3C073}; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.habbo.it/shockwave_client"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.inforiviera.it/new_webcam/AxisCamControl.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 12717 bytes


e spero di aver inserito la mia richiesta nel posto giusto. grazie
Torna in alto
 
Sponsor
Inviato: Saturday, April 17, 2010 8:10:58 AM

 
Torna in alto
 
bazzurlone
Inviato: Saturday, April 17, 2010 9:07:28 AM

Rank: AiutAmico

Iscritto dal : 1/20/2005
Posts: 1,537
http://www.aiutamici.com/software?ID=80346
Usa questo, installalo,aggiornalo,effettua una scansione completa e posta il log
Torna in alto
 
meme1580
Inviato: Saturday, April 17, 2010 9:59:32 AM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170
Hai anche una marea di software in avvio automatico e di toolbar che personalmente toglierei, ma prima fai la scansione come consigliato da bazzurlone
Torna in alto
 
nonnafer
Inviato: Saturday, April 17, 2010 11:07:53 AM
Rank: Member

Iscritto dal : 1/7/2008
Posts: 27
ecco il log

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versione database: 4000

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/04/2010 11.05.01
mbam-log-2010-04-17 (11-05-01).txt

Tipo di scansione: Scansione completa (C:\|E:\|)
Elementi esaminati: 190820
Tempo trascorso: 1 ore, 21 minuti, 8 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 2
Voci infette nei dati di registro: 3
Cartelle infette: 0
File infetti: 1

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\firevall administrating (Trojan.Backdoor) -> No action taken.

Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> No action taken.


grazie
Torna in alto
 
nonnafer
Inviato: Saturday, April 17, 2010 11:22:02 AM
Rank: Member

Iscritto dal : 1/7/2008
Posts: 27
ho riavviato il pc per l' eliminazione dei file infetti e la finestrella è riapparsa.
per meme1580: quali sono e come toglierli?
sempre grazie
Torna in alto
 
meme1580
Inviato: Saturday, April 17, 2010 11:42:37 AM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170
Spero di sbagliarmi ma ho paura che tu habbia il beagle.

scarica combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

IMPORTANTE
Prima di lanciarlo disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo averlo scaricato chiudi la connessione.

Doppio click su combofix.exe
E' probabile che ti siano inviati messaggi dall'antivirus o dallo stesso Combofix ma tu ignorali.

Se ti viene chiesto di Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante la scansione è importante non usare il PC (NE MAUSE NE TASTIERA) e attendere la fine del controllo.
Al termine, verrà creato un file log sul Desktop (C:\ComboFix.txt), postalo.
Torna in alto
 
nonnafer
Inviato: Saturday, April 17, 2010 2:00:40 PM
Rank: Member

Iscritto dal : 1/7/2008
Posts: 27
ComboFix 10-04-15.05 - fernanda mazzieri 17/04/2010 13.51.36.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.357 [GMT 2:00]
Eseguito da: c:\documents and settings\fernanda mazzieri\Documenti\Download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Creati Da 2010-03-17 al 2010-04-17 )))))))))))))))))))))))))))))))))))
.

2010-04-17 07:31 . 2010-04-17 07:31 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Malwarebytes
2010-04-17 07:30 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 07:30 . 2010-04-17 07:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-17 07:30 . 2010-04-17 07:30 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-17 07:30 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 12:00 . 2010-04-15 12:01 125952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic\UUS2\Temp\Update.exe
2010-04-15 11:58 . 2010-04-15 17:03 24352 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-15 11:58 . 2010-04-15 17:03 1804576 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-15 09:44 . 2010-04-15 13:31 -------- d-----w- c:\programmi\File comuni\ParetoLogic
2010-04-15 09:44 . 2010-04-15 13:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic
2010-04-15 09:43 . 2010-04-15 09:43 -------- d-----w- c:\documents and settings\fernanda mazzieri\Impostazioni locali\Dati applicazioni\Downloaded Installations
2010-04-13 13:07 . 2010-04-13 13:11 117760 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-13 13:07 . 2010-04-13 13:07 52224 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-13 13:07 . 2010-04-13 13:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-04-13 13:06 . 2010-04-13 13:06 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-04-13 07:49 . 2010-04-13 07:49 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-11 05:50 . 2010-04-13 13:06 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-04-11 05:50 . 2010-04-11 05:50 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\SUPERAntiSpyware.com
2010-04-06 12:54 . 2010-04-06 12:54 -------- d-----w- c:\programmi\File comuni\PCSuite
2010-04-06 12:54 . 2010-04-06 12:54 -------- d-----w- c:\programmi\File comuni\Nokia
2010-04-06 12:53 . 2010-04-06 12:53 -------- d-----w- c:\programmi\DIFX
2010-04-06 12:53 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-06 12:53 . 2010-04-06 12:53 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-04-06 12:53 . 2009-02-09 05:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-04-06 12:53 . 2010-04-06 12:54 -------- d-----w- c:\programmi\Nokia
2010-04-06 12:52 . 2009-01-01 10:00 52048144 --s-a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\PC-Suite.exe
2010-04-06 12:52 . 2010-04-06 12:52 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-06 12:52 . 2010-04-06 12:52 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-06 12:52 . 2010-04-06 12:52 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-06 12:50 . 2010-04-06 12:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2010-04-06 09:12 . 2001-08-30 21:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-06 09:12 . 2008-04-14 01:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-06 08:12 . 2010-04-06 08:12 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\FUJIFILM
2010-04-06 08:07 . 2000-03-29 15:11 8096 ------w- c:\windows\system32\drivers\MASPINT.SYS
2010-04-06 08:07 . 1997-02-28 01:00 2486 ------w- c:\windows\system\AS16POST.BIN
2010-04-06 08:07 . 2010-04-06 08:07 -------- d-----w- C:\MWASPI
2010-04-06 08:03 . 2010-04-06 08:03 -------- d-----w- c:\programmi\PIXELA
2010-04-06 08:03 . 2004-02-04 23:29 380928 ----a-w- c:\windows\system32\FE05F3D7.dll
2010-04-06 08:03 . 2003-12-09 17:45 401408 ----a-w- c:\windows\system32\FE05F3D6.dll
2010-04-06 08:03 . 2003-08-26 08:54 401408 ----a-w- c:\windows\system32\FE05EFED.dll
2010-04-06 08:03 . 2003-06-25 15:24 299008 ----a-w- c:\windows\system32\FE05F051.dll
2010-04-06 08:03 . 2003-06-09 22:37 299008 ----a-w- c:\windows\system32\FE05F3D5.dll
2010-04-06 08:03 . 2003-06-02 20:50 299008 ----a-w- c:\windows\system32\FE05DA0D.dll
2010-04-06 08:03 . 2002-04-07 02:26 106496 ----a-w- c:\windows\system32\FPXS2Pro.dll
2010-04-06 08:02 . 2003-09-06 05:57 159744 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2010-04-06 08:02 . 2003-09-03 05:45 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
2010-04-06 08:01 . 2001-11-25 11:11 81924 ------w- c:\windows\system32\drivers\VC4CB104.SYS
2010-04-06 08:01 . 2010-04-06 08:01 -------- d-----w- c:\programmi\REGSHAVE
2010-04-06 08:01 . 2002-06-25 08:06 45056 ------w- c:\windows\system32\FINFCOPY.dll
2010-04-06 08:01 . 2002-02-27 11:27 65536 ------w- c:\windows\system32\FINFCHECK.dll
2010-04-06 08:01 . 2002-02-13 10:00 45056 ------w- c:\windows\system32\FCLKBTN.DLL
2010-04-06 08:01 . 2002-02-05 16:33 69632 ------w- c:\windows\system32\FREGSHEX.DLL
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\25615\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\25615\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\25615\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\25615\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 11:56 . 2009-02-18 17:05 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Skype
2010-04-17 09:16 . 2009-02-18 17:07 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\skypePM
2010-04-16 11:59 . 2009-02-13 13:37 -------- d-----w- c:\programmi\eMule
2010-04-15 17:03 . 2010-04-15 11:58 3356 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-15 17:03 . 2010-04-15 11:58 25244 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-15 06:20 . 2004-08-29 15:16 88758 ----a-w- c:\windows\system32\perfc010.dat
2010-04-15 06:20 . 2004-08-29 15:16 500338 ----a-w- c:\windows\system32\perfh010.dat
2010-04-14 19:42 . 2009-03-16 07:35 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\uTorrent
2010-04-13 07:49 . 2010-01-15 08:44 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Disk Cleaner
2010-04-13 07:48 . 2009-04-03 15:27 -------- d-----w- c:\programmi\Google
2010-04-08 13:28 . 2009-06-13 20:35 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\gtk-2.0
2010-04-06 08:03 . 2009-02-12 21:54 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-05 12:46 . 2009-03-18 13:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-03 13:13 . 2009-02-12 21:53 -------- d-----w- c:\programmi\File comuni\Java
2010-04-03 13:12 . 2009-06-17 06:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-25 06:28 . 2009-12-25 12:01 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Apple Computer
2010-03-22 05:55 . 2009-03-17 10:56 -------- d-----w- c:\programmi\uTorrent
2010-03-20 13:36 . 2009-02-13 08:35 67592 ----a-w- c:\documents and settings\fernanda mazzieri\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-12 06:27 . 2010-03-12 06:27 300616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-12 06:27 . 2010-03-12 06:27 329312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-12 06:27 . 2009-02-13 13:26 -------- d-----w- c:\programmi\File comuni\Real
2010-03-12 06:26 . 2010-03-12 06:26 -------- d-----w- c:\programmi\Real
2010-03-12 06:26 . 2010-03-12 06:26 -------- d-----w- c:\programmi\File comuni\xing shared
2010-03-12 06:25 . 2009-02-13 13:26 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-12 06:25 . 2009-02-13 13:26 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-10 06:15 . 2004-08-19 22:39 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 08:02 . 2010-03-06 08:02 155600 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-02-26 20:24 . 2010-02-26 20:24 -------- d-----w- c:\programmi\CCleaner
2010-02-25 06:16 . 2004-08-19 22:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 06:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:05 . 2004-08-19 22:34 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 09:00 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 21:58 . 2010-01-15 11:23 38784 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-13 14:14 . 2010-02-13 14:14 509 ----a-w- c:\documents and settings\fernanda mazzieri\KiweeChatbarCleanup.bat
2010-02-13 14:13 . 2010-02-13 14:13 298 ----a-w- c:\documents and settings\fernanda mazzieri\UnifiedToolbarCleanup.bat
2010-02-12 10:03 . 2010-03-06 07:32 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-19 22:39 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 06:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_BA42303DF6E9A82071196E.exe
2010-01-25 17:01 . 2010-01-25 15:53 29926 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_3C166BAD640EEF09D248BD.exe
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_D707CE1C009F1381803C2C.exe
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_A92E8E99C2D2589BBFDBFF.exe
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_21F3885A18D238E15AAE81.exe
2010-01-25 17:01 . 2010-01-25 15:53 109534 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_6FEFF9B68218417F98F549.exe
2010-01-24 21:30 . 2010-01-24 21:30 503808 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5785977f-n\msvcp71.dll
2010-01-24 21:30 . 2010-01-24 21:30 499712 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5785977f-n\jmc.dll
2010-01-24 21:30 . 2010-01-24 21:30 348160 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5785977f-n\msvcr71.dll
2010-01-24 21:30 . 2010-01-24 21:30 61440 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7deacdc2-n\decora-sse.dll
2010-01-24 21:30 . 2010-01-24 21:30 12800 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7deacdc2-n\decora-d3d.dll
2010-01-21 16:10 . 2010-03-08 18:10 52224 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Mozilla\Firefox\Profiles\6jxeyzdk.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\components\FFExternalAlert.dll
2010-01-21 16:10 . 2010-03-08 18:10 101376 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Mozilla\Firefox\Profiles\6jxeyzdk.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\components\RadioWMPCore.dll
2010-01-21 15:20 . 2010-01-21 15:20 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-01-21 15:20 . 2010-01-21 15:20 32736 ----a-w- c:\windows\system32\drivers\psmounter.sys
2010-01-21 14:30 . 2010-01-21 14:30 61440 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\decora-sse.dll
2010-01-21 14:30 . 2010-01-21 14:30 503808 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\msvcp71.dll
2010-01-21 14:30 . 2010-01-21 14:30 499712 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\jmc.dll
2010-01-21 14:30 . 2010-01-21 14:30 348160 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\msvcr71.dll
2010-01-21 14:30 . 2010-01-21 14:30 12800 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\decora-d3d.dll
2010-01-21 14:30 . 2010-01-21 14:30 114688 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-1a2fc121-n\jogl_cg.dll
2010-01-21 14:30 . 2010-01-21 14:30 315392 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-1a2fc121-n\jogl.dll
2010-01-21 14:30 . 2010-01-21 14:30 20480 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-1a2fc121-n\jogl_awt.dll
2010-01-21 14:30 . 2010-01-21 14:30 20480 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-3a55512c-n\gluegen-rt.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 08:36 1008896 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2009-12-24 13:32 2166296 ----a-w- c:\programmi\Mininova-Vuze\tbMin1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\programmi\Mininova-Vuze\tbMin1.dll" [2009-12-24 2166296]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\programmi\Mininova-Vuze\tbMin1.dll" [2009-12-24 2166296]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Emule Installer"="c:\programmi\Emule Installer\EmuleInstaller.exe" [2008-11-28 484864]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-29 39408]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MAKTray"="MAKTray.exe" [2004-08-27 287232]
"SetRefresh"="c:\programmi\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SweetIM"="c:\programmi\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-03-12 202256]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\documents and settings\fernanda mazzieri\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-1-20 95232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 06:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgtray.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgui.exe"=
"c:\\Programmi\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:File and Printer Sharing
"2785:TCP"= 2785:TCP:ajyh
"8386:TCP"= 8386:TCP:ajyh

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [21/01/2010 17.20.50 15328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/02/2009 0.27.03 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/02/2009 0.27.09 108552]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 66632]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/02/2009 0.26.58 297752]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [21/01/2010 17.20.24 220128]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [29/06/2009 20.19.10 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [16/03/2009 16.09.55 8192]
S2 wisc;WinInet Soap Connector Library;c:\windows\system32\rundll32.exe wisc.dll,ajyh --> c:\windows\system32\rundll32.exe wisc.dll,ajyh [?]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [21/01/2010 17.20.38 32736]
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-17 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-29 12:04]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-29 18:19]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-29 18:19]

2010-04-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2970431553-3055220488-3798296123-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2970431553-3055220488-3798296123-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-17 c:\windows\Tasks\User_Feed_Synchronization-{76FC3D1D-6382-48BE-802E-60E3EA401460}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-04-17 c:\windows\Tasks\User_Feed_Synchronization-{DFA0D97C-874A-4F53-9F03-4C8807B5D6FB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.forospyware.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Trusted Zone: swzone.it\forum
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\fernanda mazzieri\Dati applicazioni\Mozilla\Firefox\Profiles\6jxeyzdk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1978305&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Mininova-Vuze Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=it-it&FORM=MICI05&q=
FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\fernanda mazzieri\Dati applicazioni\Mozilla\Firefox\Profiles\6jxeyzdk.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\fernanda mazzieri\Dati applicazioni\Mozilla\Firefox\Profiles\6jxeyzdk.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\components\RadioWMPCore.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 13:55
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2216)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-04-17 13:58:06
ComboFix-quarantined-files.txt 2010-04-17 11:58
ComboFix2.txt 2010-04-17 11:41
ComboFix3.txt 2010-04-17 11:22

Pre-Run: 219.712.999.424 byte disponibili
Post-Run: 219.701.624.832 byte disponibili

- - End Of File - - 0EE3E089FD7D4CBE142DDBAD73CBE095


ecco il risultato



ComboFix 10-04-15.05 - fernanda mazzieri 17/04/2010 13.51.36.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.357 [GMT 2:00]
Eseguito da: c:\documents and settings\fernanda mazzieri\Documenti\Download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Creati Da 2010-03-17 al 2010-04-17 )))))))))))))))))))))))))))))))))))
.

2010-04-17 07:31 . 2010-04-17 07:31 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Malwarebytes
2010-04-17 07:30 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 07:30 . 2010-04-17 07:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-17 07:30 . 2010-04-17 07:30 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-17 07:30 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 12:00 . 2010-04-15 12:01 125952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic\UUS2\Temp\Update.exe
2010-04-15 11:58 . 2010-04-15 17:03 24352 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-15 11:58 . 2010-04-15 17:03 1804576 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-15 09:44 . 2010-04-15 13:31 -------- d-----w- c:\programmi\File comuni\ParetoLogic
2010-04-15 09:44 . 2010-04-15 13:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic
2010-04-15 09:43 . 2010-04-15 09:43 -------- d-----w- c:\documents and settings\fernanda mazzieri\Impostazioni locali\Dati applicazioni\Downloaded Installations
2010-04-13 13:07 . 2010-04-13 13:11 117760 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-13 13:07 . 2010-04-13 13:07 52224 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-13 13:07 . 2010-04-13 13:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-04-13 13:06 . 2010-04-13 13:06 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-04-13 07:49 . 2010-04-13 07:49 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-11 05:50 . 2010-04-13 13:06 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-04-11 05:50 . 2010-04-11 05:50 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\SUPERAntiSpyware.com
2010-04-06 12:54 . 2010-04-06 12:54 -------- d-----w- c:\programmi\File comuni\PCSuite
2010-04-06 12:54 . 2010-04-06 12:54 -------- d-----w- c:\programmi\File comuni\Nokia
2010-04-06 12:53 . 2010-04-06 12:53 -------- d-----w- c:\programmi\DIFX
2010-04-06 12:53 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-06 12:53 . 2010-04-06 12:53 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-04-06 12:53 . 2009-02-09 05:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-04-06 12:53 . 2010-04-06 12:54 -------- d-----w- c:\programmi\Nokia
2010-04-06 12:52 . 2009-01-01 10:00 52048144 --s-a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\PC-Suite.exe
2010-04-06 12:52 . 2010-04-06 12:52 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-06 12:52 . 2010-04-06 12:52 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-06 12:52 . 2010-04-06 12:52 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-06 12:50 . 2010-04-06 12:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2010-04-06 09:12 . 2001-08-30 21:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-06 09:12 . 2008-04-14 01:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-06 08:12 . 2010-04-06 08:12 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\FUJIFILM
2010-04-06 08:07 . 2000-03-29 15:11 8096 ------w- c:\windows\system32\drivers\MASPINT.SYS
2010-04-06 08:07 . 1997-02-28 01:00 2486 ------w- c:\windows\system\AS16POST.BIN
2010-04-06 08:07 . 2010-04-06 08:07 -------- d-----w- C:\MWASPI
2010-04-06 08:03 . 2010-04-06 08:03 -------- d-----w- c:\programmi\PIXELA
2010-04-06 08:03 . 2004-02-04 23:29 380928 ----a-w- c:\windows\system32\FE05F3D7.dll
2010-04-06 08:03 . 2003-12-09 17:45 401408 ----a-w- c:\windows\system32\FE05F3D6.dll
2010-04-06 08:03 . 2003-08-26 08:54 401408 ----a-w- c:\windows\system32\FE05EFED.dll
2010-04-06 08:03 . 2003-06-25 15:24 299008 ----a-w- c:\windows\system32\FE05F051.dll
2010-04-06 08:03 . 2003-06-09 22:37 299008 ----a-w- c:\windows\system32\FE05F3D5.dll
2010-04-06 08:03 . 2003-06-02 20:50 299008 ----a-w- c:\windows\system32\FE05DA0D.dll
2010-04-06 08:03 . 2002-04-07 02:26 106496 ----a-w- c:\windows\system32\FPXS2Pro.dll
2010-04-06 08:02 . 2003-09-06 05:57 159744 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2010-04-06 08:02 . 2003-09-03 05:45 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
2010-04-06 08:01 . 2001-11-25 11:11 81924 ------w- c:\windows\system32\drivers\VC4CB104.SYS
2010-04-06 08:01 . 2010-04-06 08:01 -------- d-----w- c:\programmi\REGSHAVE
2010-04-06 08:01 . 2002-06-25 08:06 45056 ------w- c:\windows\system32\FINFCOPY.dll
2010-04-06 08:01 . 2002-02-27 11:27 65536 ------w- c:\windows\system32\FINFCHECK.dll
2010-04-06 08:01 . 2002-02-13 10:00 45056 ------w- c:\windows\system32\FCLKBTN.DLL
2010-04-06 08:01 . 2002-02-05 16:33 69632 ------w- c:\windows\system32\FREGSHEX.DLL
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\25615\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\25615\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\25615\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\25615\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 11:56 . 2009-02-18 17:05 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Skype
2010-04-17 09:16 . 2009-02-18 17:07 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\skypePM
2010-04-16 11:59 . 2009-02-13 13:37 -------- d-----w- c:\programmi\eMule
2010-04-15 17:03 . 2010-04-15 11:58 3356 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-15 17:03 . 2010-04-15 11:58 25244 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-15 06:20 . 2004-08-29 15:16 88758 ----a-w- c:\windows\system32\perfc010.dat
2010-04-15 06:20 . 2004-08-29 15:16 500338 ----a-w- c:\windows\system32\perfh010.dat
2010-04-14 19:42 . 2009-03-16 07:35 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\uTorrent
2010-04-13 07:49 . 2010-01-15 08:44 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Disk Cleaner
2010-04-13 07:48 . 2009-04-03 15:27 -------- d-----w- c:\programmi\Google
2010-04-08 13:28 . 2009-06-13 20:35 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\gtk-2.0
2010-04-06 08:03 . 2009-02-12 21:54 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-05 12:46 . 2009-03-18 13:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-03 13:13 . 2009-02-12 21:53 -------- d-----w- c:\programmi\File comuni\Java
2010-04-03 13:12 . 2009-06-17 06:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-25 06:28 . 2009-12-25 12:01 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Apple Computer
2010-03-22 05:55 . 2009-03-17 10:56 -------- d-----w- c:\programmi\uTorrent
2010-03-20 13:36 . 2009-02-13 08:35 67592 ----a-w- c:\documents and settings\fernanda mazzieri\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-12 06:27 . 2010-03-12 06:27 300616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-12 06:27 . 2010-03-12 06:27 329312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-12 06:27 . 2009-02-13 13:26 -------- d-----w- c:\programmi\File comuni\Real
2010-03-12 06:26 . 2010-03-12 06:26 -------- d-----w- c:\programmi\Real
2010-03-12 06:26 . 2010-03-12 06:26 -------- d-----w- c:\programmi\File comuni\xing shared
2010-03-12 06:25 . 2009-02-13 13:26 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-12 06:25 . 2009-02-13 13:26 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-10 06:15 . 2004-08-19 22:39 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 08:02 . 2010-03-06 08:02 155600 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-02-26 20:24 . 2010-02-26 20:24 -------- d-----w- c:\programmi\CCleaner
2010-02-25 06:16 . 2004-08-19 22:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 06:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:05 . 2004-08-19 22:34 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 09:00 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 21:58 . 2010-01-15 11:23 38784 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-13 14:14 . 2010-02-13 14:14 509 ----a-w- c:\documents and settings\fernanda mazzieri\KiweeChatbarCleanup.bat
2010-02-13 14:13 . 2010-02-13 14:13 298 ----a-w- c:\documents and settings\fernanda mazzieri\UnifiedToolbarCleanup.bat
2010-02-12 10:03 . 2010-03-06 07:32 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-19 22:39 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 06:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_BA42303DF6E9A82071196E.exe
2010-01-25 17:01 . 2010-01-25 15:53 29926 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_3C166BAD640EEF09D248BD.exe
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_D707CE1C009F1381803C2C.exe
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_A92E8E99C2D2589BBFDBFF.exe
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_21F3885A18D238E15AAE81.exe
2010-01-25 17:01 . 2010-01-25 15:53 109534 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_6FEFF9B68218417F98F549.exe
2010-01-24 21:30 . 2010-01-24 21:30 503808 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5785977f-n\msvcp71.dll
2010-01-24 21:30 . 2010-01-24 21:30 499712 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5785977f-n\jmc.dll
2010-01-24 21:30 . 2010-01-24 21:30 348160 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5785977f-n\msvcr71.dll
2010-01-24 21:30 . 2010-01-24 21:30 61440 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7deacdc2-n\decora-sse.dll
2010-01-24 21:30 . 2010-01-24 21:30 12800 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7deacdc2-n\decora-d3d.dll
2010-01-21 16:10 . 2010-03-08 18:10 52224 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Mozilla\Firefox\Profiles\6jxeyzdk.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\components\FFExternalAlert.dll
2010-01-21 16:10 . 2010-03-08 18:10 101376 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Mozilla\Firefox\Profiles\6jxeyzdk.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\components\RadioWMPCore.dll
2010-01-21 15:20 . 2010-01-21 15:20 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-01-21 15:20 . 2010-01-21 15:20 32736 ----a-w- c:\windows\system32\drivers\psmounter.sys
2010-01-21 14:30 . 2010-01-21 14:30 61440 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\decora-sse.dll
2010-01-21 14:30 . 2010-01-21 14:30 503808 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\msvcp71.dll
2010-01-21 14:30 . 2010-01-21 14:30 499712 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\jmc.dll
2010-01-21 14:30 . 2010-01-21 14:30 348160 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\msvcr71.dll
2010-01-21 14:30 . 2010-01-21 14:30 12800 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\decora-d3d.dll
2010-01-21 14:30 . 2010-01-21 14:30 114688 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-1a2fc121-n\jogl_cg.dll
2010-01-21 14:30 . 2010-01-21 14:30 315392 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-1a2fc121-n\jogl.dll
2010-01-21 14:30 . 2010-01-21 14:30 20480 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-1a2fc121-n\jogl_awt.dll
2010-01-21 14:30 . 2010-01-21 14:30 20480 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-3a55512c-n\gluegen-rt.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 08:36 1008896 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2009-12-24 13:32 2166296 ----a-w- c:\programmi\Mininova-Vuze\tbMin1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\programmi\Mininova-Vuze\tbMin1.dll" [2009-12-24 2166296]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\programmi\Mininova-Vuze\tbMin1.dll" [2009-12-24 2166296]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Emule Installer"="c:\programmi\Emule Installer\EmuleInstaller.exe" [2008-11-28 484864]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-29 39408]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MAKTray"="MAKTray.exe" [2004-08-27 287232]
"SetRefresh"="c:\programmi\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SweetIM"="c:\programmi\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-03-12 202256]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\documents and settings\fernanda mazzieri\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-1-20 95232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 06:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgtray.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgui.exe"=
"c:\\Programmi\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:File and Printer Sharing
"2785:TCP"= 2785:TCP:ajyh
"8386:TCP"= 8386:TCP:ajyh

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [21/01/2010 17.20.50 15328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/02/2009 0.27.03 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/02/2009 0.27.09 108552]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 66632]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/02/2009 0.26.58 297752]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [21/01/2010 17.20.24 220128]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [29/06/2009 20.19.10 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [16/03/2009 16.09.55 8192]
S2 wisc;WinInet Soap Connector Library;c:\windows\system32\rundll32.exe wisc.dll,ajyh --> c:\windows\system32\rundll32.exe wisc.dll,ajyh [?]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [21/01/2010 17.20.38 32736]
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-17 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-29 12:04]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-29 18:19]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-29 18:19]

2010-04-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2970431553-3055220488-3798296123-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2970431553-3055220488-3798296123-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-17 c:\windows\Tasks\User_Feed_Synchronization-{76FC3D1D-6382-48BE-802E-60E3EA401460}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-04-17 c:\windows\Tasks\User_Feed_Synchronization-{DFA0D97C-874A-4F53-9F03-4C8807B5D6FB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.forospyware.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Trusted Zone: swzone.it\forum
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\fernanda mazzieri\Dati applicazioni\Mozilla\Firefox\Profiles\6jxeyzdk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1978305&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Mininova-Vuze Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=it-it&FORM=MICI05&q=
FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\fernanda mazzieri\Dati applicazioni\Mozilla\Firefox\Profiles\6jxeyzdk.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\fernanda mazzieri\Dati applicazioni\Mozilla\Firefox\Profiles\6jxeyzdk.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\components\RadioWMPCore.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 13:55
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2216)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-04-17 13:58:06
ComboFix-quarantined-files.txt 2010-04-17 11:58
ComboFix2.txt 2010-04-17 11:41
ComboFix3.txt 2010-04-17 11:22

Pre-Run: 219.712.999.424 byte disponibili
Post-Run: 219.701.624.832 byte disponibili

- - End Of File - - 0EE3E089FD7D4CBE142DDBAD73CBE095
Torna in alto
 
r16
Inviato: Saturday, April 17, 2010 3:28:59 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Questi contrattempi, si verificano, quando si leggono le istruzioni per eseguire Combofix, con superficialità e disattenzione.Eh?
Combofix, andava scaricato sul DESKTOP.
E io, adesso non posso farti eseguire uno script, per eliminare le infezioni, che combofix mi segnala.
Per cui:
Per eliminare i vari Tooll scaricati: (combofix)
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Reistalla Combofix, facendo attenzione, a scaricarlo sul Desktop.
Fai la scansione, e posta il log.

N.B:

PRIMA di eseguire Combofix, esegui queste operazioni:
Vai in "Installazione Applicazioni, e disistalla TUTTE le Toolbar che trovi.

Disattiva il Tea Timer di Spybot:
Apri SpyBot in modalità avanzata (menù modalità - avanzata) poi vai in utilità - resident e togli la spunta a TeaTimer, e riavvia il pc.

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

@ meme1580 :
Per favore, quando dai indicazioni, (es: Combofix, ma in generale tutti.) evidenzia i passaggi più importanti.
Salvarlo sul Desktop, è un passaggio fondamentale.
Torna in alto
 
meme1580
Inviato: Saturday, April 17, 2010 4:00:46 PM

Rank: AiutAmico

Iscritto dal : 3/25/2008
Posts: 170
ok sarà fatto, anche se mi sembrava abbastanza evidente.
Cmq le prox volte lo scriverò in maiuscolo, sottolineato e di colore rosso.
sorry
Torna in alto
 
nonnafer
Inviato: Saturday, April 17, 2010 10:59:03 PM
Rank: Member

Iscritto dal : 1/7/2008
Posts: 27
spero di aver fatto bene anche se dal panello di controllo installazione applicazioni non sono riuscita a rimuovere mininova-vuze toolbar.
ecco il log

ComboFix 10-04-17.01 - fernanda mazzieri 17/04/2010 22.35.29.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.415 [GMT 2:00]
Eseguito da: c:\documents and settings\fernanda mazzieri\Documenti\Download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Creati Da 2010-03-17 al 2010-04-17 )))))))))))))))))))))))))))))))))))
.

2010-04-17 07:31 . 2010-04-17 07:31 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Malwarebytes
2010-04-17 07:30 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 07:30 . 2010-04-17 07:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-17 07:30 . 2010-04-17 07:30 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-17 07:30 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 12:00 . 2010-04-15 12:01 125952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic\UUS2\Temp\Update.exe
2010-04-15 11:58 . 2010-04-15 17:03 24352 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-15 11:58 . 2010-04-15 17:03 1804576 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-15 09:44 . 2010-04-15 13:31 -------- d-----w- c:\programmi\File comuni\ParetoLogic
2010-04-15 09:44 . 2010-04-15 13:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic
2010-04-15 09:43 . 2010-04-15 09:43 -------- d-----w- c:\documents and settings\fernanda mazzieri\Impostazioni locali\Dati applicazioni\Downloaded Installations
2010-04-13 13:07 . 2010-04-13 13:11 117760 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-13 13:07 . 2010-04-13 13:07 52224 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-13 13:07 . 2010-04-13 13:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-04-13 13:06 . 2010-04-13 13:06 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-04-13 07:49 . 2010-04-13 07:49 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-11 05:50 . 2010-04-13 13:06 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-04-11 05:50 . 2010-04-11 05:50 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\SUPERAntiSpyware.com
2010-04-06 12:54 . 2010-04-06 12:54 -------- d-----w- c:\programmi\File comuni\PCSuite
2010-04-06 12:54 . 2010-04-06 12:54 -------- d-----w- c:\programmi\File comuni\Nokia
2010-04-06 12:53 . 2010-04-06 12:53 -------- d-----w- c:\programmi\DIFX
2010-04-06 12:53 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-06 12:53 . 2010-04-06 12:53 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-04-06 12:53 . 2009-02-09 05:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-04-06 12:53 . 2010-04-06 12:54 -------- d-----w- c:\programmi\Nokia
2010-04-06 12:52 . 2009-01-01 10:00 52048144 --s-a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\PC-Suite.exe
2010-04-06 12:52 . 2010-04-06 12:52 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-06 12:52 . 2010-04-06 12:52 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-06 12:52 . 2010-04-06 12:52 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-06 12:50 . 2010-04-06 12:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2010-04-06 09:12 . 2001-08-30 21:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-06 09:12 . 2008-04-14 01:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-06 08:12 . 2010-04-06 08:12 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\FUJIFILM
2010-04-06 08:07 . 2000-03-29 15:11 8096 ------w- c:\windows\system32\drivers\MASPINT.SYS
2010-04-06 08:07 . 1997-02-28 01:00 2486 ------w- c:\windows\system\AS16POST.BIN
2010-04-06 08:07 . 2010-04-06 08:07 -------- d-----w- C:\MWASPI
2010-04-06 08:03 . 2010-04-06 08:03 -------- d-----w- c:\programmi\PIXELA
2010-04-06 08:03 . 2004-02-04 23:29 380928 ----a-w- c:\windows\system32\FE05F3D7.dll
2010-04-06 08:03 . 2003-12-09 17:45 401408 ----a-w- c:\windows\system32\FE05F3D6.dll
2010-04-06 08:03 . 2003-08-26 08:54 401408 ----a-w- c:\windows\system32\FE05EFED.dll
2010-04-06 08:03 . 2003-06-25 15:24 299008 ----a-w- c:\windows\system32\FE05F051.dll
2010-04-06 08:03 . 2003-06-09 22:37 299008 ----a-w- c:\windows\system32\FE05F3D5.dll
2010-04-06 08:03 . 2003-06-02 20:50 299008 ----a-w- c:\windows\system32\FE05DA0D.dll
2010-04-06 08:03 . 2002-04-07 02:26 106496 ----a-w- c:\windows\system32\FPXS2Pro.dll
2010-04-06 08:02 . 2003-09-06 05:57 159744 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2010-04-06 08:02 . 2003-09-03 05:45 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
2010-04-06 08:01 . 2001-11-25 11:11 81924 ------w- c:\windows\system32\drivers\VC4CB104.SYS
2010-04-06 08:01 . 2010-04-06 08:01 -------- d-----w- c:\programmi\REGSHAVE
2010-04-06 08:01 . 2002-06-25 08:06 45056 ------w- c:\windows\system32\FINFCOPY.dll
2010-04-06 08:01 . 2002-02-27 11:27 65536 ------w- c:\windows\system32\FINFCHECK.dll
2010-04-06 08:01 . 2002-02-13 10:00 45056 ------w- c:\windows\system32\FCLKBTN.DLL
2010-04-06 08:01 . 2002-02-05 16:33 69632 ------w- c:\windows\system32\FREGSHEX.DLL
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\25615\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\25615\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\25615\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\25615\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 20:31 . 2009-02-18 17:05 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Skype
2010-04-17 20:15 . 2009-03-18 13:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-17 20:12 . 2010-01-15 08:44 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Disk Cleaner
2010-04-17 19:28 . 2009-02-18 17:07 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\skypePM
2010-04-17 14:10 . 2009-03-16 08:27 -------- d-----w- c:\programmi\Mininova-Vuze
2010-04-16 11:59 . 2009-02-13 13:37 -------- d-----w- c:\programmi\eMule
2010-04-15 17:03 . 2010-04-15 11:58 3356 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-15 17:03 . 2010-04-15 11:58 25244 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-15 06:20 . 2004-08-29 15:16 88758 ----a-w- c:\windows\system32\perfc010.dat
2010-04-15 06:20 . 2004-08-29 15:16 500338 ----a-w- c:\windows\system32\perfh010.dat
2010-04-14 19:42 . 2009-03-16 07:35 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\uTorrent
2010-04-13 07:48 . 2009-04-03 15:27 -------- d-----w- c:\programmi\Google
2010-04-08 13:28 . 2009-06-13 20:35 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\gtk-2.0
2010-04-06 08:03 . 2009-02-12 21:54 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-03 13:13 . 2009-02-12 21:53 -------- d-----w- c:\programmi\File comuni\Java
2010-04-03 13:12 . 2009-06-17 06:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-25 06:28 . 2009-12-25 12:01 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Apple Computer
2010-03-22 05:55 . 2009-03-17 10:56 -------- d-----w- c:\programmi\uTorrent
2010-03-20 13:36 . 2009-02-13 08:35 67592 ----a-w- c:\documents and settings\fernanda mazzieri\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-12 06:27 . 2010-03-12 06:27 300616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-12 06:27 . 2010-03-12 06:27 329312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-12 06:27 . 2009-02-13 13:26 -------- d-----w- c:\programmi\File comuni\Real
2010-03-12 06:26 . 2010-03-12 06:26 -------- d-----w- c:\programmi\Real
2010-03-12 06:26 . 2010-03-12 06:26 -------- d-----w- c:\programmi\File comuni\xing shared
2010-03-12 06:25 . 2009-02-13 13:26 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-12 06:25 . 2009-02-13 13:26 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-10 06:15 . 2004-08-19 22:39 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 08:02 . 2010-03-06 08:02 155600 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-02-26 20:24 . 2010-02-26 20:24 -------- d-----w- c:\programmi\CCleaner
2010-02-25 06:16 . 2004-08-19 22:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 06:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:05 . 2004-08-19 22:34 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 09:00 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 21:58 . 2010-01-15 11:23 38784 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-13 14:14 . 2010-02-13 14:14 509 ----a-w- c:\documents and settings\fernanda mazzieri\KiweeChatbarCleanup.bat
2010-02-13 14:13 . 2010-02-13 14:13 298 ----a-w- c:\documents and settings\fernanda mazzieri\UnifiedToolbarCleanup.bat
2010-02-12 10:03 . 2010-03-06 07:32 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-19 22:39 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 06:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_BA42303DF6E9A82071196E.exe
2010-01-25 17:01 . 2010-01-25 15:53 29926 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_3C166BAD640EEF09D248BD.exe
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_D707CE1C009F1381803C2C.exe
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_A92E8E99C2D2589BBFDBFF.exe
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_21F3885A18D238E15AAE81.exe
2010-01-25 17:01 . 2010-01-25 15:53 109534 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_6FEFF9B68218417F98F549.exe
2010-01-24 21:30 . 2010-01-24 21:30 503808 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5785977f-n\msvcp71.dll
2010-01-24 21:30 . 2010-01-24 21:30 499712 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5785977f-n\jmc.dll
2010-01-24 21:30 . 2010-01-24 21:30 348160 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5785977f-n\msvcr71.dll
2010-01-24 21:30 . 2010-01-24 21:30 61440 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7deacdc2-n\decora-sse.dll
2010-01-24 21:30 . 2010-01-24 21:30 12800 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7deacdc2-n\decora-d3d.dll
2010-01-21 15:20 . 2010-01-21 15:20 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-01-21 15:20 . 2010-01-21 15:20 32736 ----a-w- c:\windows\system32\drivers\psmounter.sys
2010-01-21 14:30 . 2010-01-21 14:30 61440 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\decora-sse.dll
2010-01-21 14:30 . 2010-01-21 14:30 503808 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\msvcp71.dll
2010-01-21 14:30 . 2010-01-21 14:30 499712 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\jmc.dll
2010-01-21 14:30 . 2010-01-21 14:30 348160 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\msvcr71.dll
2010-01-21 14:30 . 2010-01-21 14:30 12800 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\decora-d3d.dll
2010-01-21 14:30 . 2010-01-21 14:30 114688 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-1a2fc121-n\jogl_cg.dll
2010-01-21 14:30 . 2010-01-21 14:30 315392 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-1a2fc121-n\jogl.dll
2010-01-21 14:30 . 2010-01-21 14:30 20480 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-1a2fc121-n\jogl_awt.dll
2010-01-21 14:30 . 2010-01-21 14:30 20480 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-3a55512c-n\gluegen-rt.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 08:36 1008896 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Emule Installer"="c:\programmi\Emule Installer\EmuleInstaller.exe" [2008-11-28 484864]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-29 39408]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MAKTray"="MAKTray.exe" [2004-08-27 287232]
"SetRefresh"="c:\programmi\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SweetIM"="c:\programmi\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-03-12 202256]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\documents and settings\fernanda mazzieri\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-1-20 95232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 06:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgtray.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgui.exe"=
"c:\\Programmi\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:File and Printer Sharing
"2785:TCP"= 2785:TCP:ajyh
"8386:TCP"= 8386:TCP:ajyh

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [21/01/2010 17.20.50 15328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/02/2009 0.27.03 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/02/2009 0.27.09 108552]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 66632]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/02/2009 0.26.58 297752]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [21/01/2010 17.20.24 220128]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [29/06/2009 20.19.10 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [16/03/2009 16.09.55 8192]
S2 wisc;WinInet Soap Connector Library;c:\windows\system32\rundll32.exe wisc.dll,ajyh --> c:\windows\system32\rundll32.exe wisc.dll,ajyh [?]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [21/01/2010 17.20.38 32736]
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-17 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-29 12:04]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-29 18:19]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-29 18:19]

2010-04-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2970431553-3055220488-3798296123-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2970431553-3055220488-3798296123-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-17 c:\windows\Tasks\User_Feed_Synchronization-{76FC3D1D-6382-48BE-802E-60E3EA401460}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-04-17 c:\windows\Tasks\User_Feed_Synchronization-{DFA0D97C-874A-4F53-9F03-4C8807B5D6FB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.forospyware.com
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: swzone.it\forum
TCP: {4AD05899-6564-46AA-B09E-4F424CB93976} = 85.37.17.48 85.38.28.88
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\fernanda mazzieri\Dati applicazioni\Mozilla\Firefox\Profiles\6jxeyzdk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1978305&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Mininova-Vuze Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{d51d388b-f5dc-471a-a1ce-5e2d671091c0} - (no file)
Toolbar-{d51d388b-f5dc-471a-a1ce-5e2d671091c0} - (no file)
WebBrowser-{D51D388B-F5DC-471A-A1CE-5E2D671091C0} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 22:40
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-04-17 22:43:19
ComboFix-quarantined-files.txt 2010-04-17 20:43

Pre-Run: 219.577.102.336 byte disponibili
Post-Run: 219.543.097.344 byte disponibili

- - End Of File - - 17BF29C0762040BA604F2FEEFEA8497B



grazie per l' attenzione
Torna in alto
 
r16
Inviato: Saturday, April 17, 2010 11:52:28 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Boh.....evidentemente non sai scaricare un programma sul Desktop.
Quando, in fase di scaricamento del software ti chiede DOVE salvarlo, devi selezionare nel menù a tendina :DESKTOP.
Fai questa operazione se trovi l'icona di Combofix.

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2785:TCP"=-
"8386:TCP"=-

Driver::
wisc

Folder::
c:\windows\Tasks
c:\windows\Temp


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
nonnafer
Inviato: Sunday, April 18, 2010 8:07:56 AM
Rank: Member

Iscritto dal : 1/7/2008
Posts: 27
sì, forse è troppo difficile per me. non ho un'icona di combofix sul desktop ma il log blocco note che ora ho aperto
devo ancora fare quello che hai suggerito nell' ultimo topic?
Torna in alto
 
nonnafer
Inviato: Sunday, April 18, 2010 8:57:43 AM
Rank: Member

Iscritto dal : 1/7/2008
Posts: 27
uso firefox ho scoperto che l' icona di combofix è nella cartella download, cme trasferirla sul desktop?
Torna in alto
 
nonnafer
Inviato: Sunday, April 18, 2010 9:08:36 AM
Rank: Member

Iscritto dal : 1/7/2008
Posts: 27
se avete ancora pazienza...ho trovato l'icona di combofix nella cartella documenti-download e l' ho trasferita sul destop. ora proseguo?
Torna in alto
 
nonnafer
Inviato: Sunday, April 18, 2010 9:35:48 AM
Rank: Member

Iscritto dal : 1/7/2008
Posts: 27
ComboFix 10-04-17.02 - fernanda mazzieri 18/04/2010 9.23.42.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.317 [GMT 2:00]
Eseguito da: c:\documents and settings\fernanda mazzieri\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\fernanda mazzieri\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WISC
-------\Service_wisc


((((((((((((((((((((((((( Files Creati Da 2010-03-18 al 2010-04-18 )))))))))))))))))))))))))))))))))))
.

2010-04-17 07:31 . 2010-04-17 07:31 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Malwarebytes
2010-04-17 07:30 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 07:30 . 2010-04-17 07:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-17 07:30 . 2010-04-17 07:30 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-17 07:30 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 12:00 . 2010-04-15 12:01 125952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic\UUS2\Temp\Update.exe
2010-04-15 11:58 . 2010-04-15 17:03 24352 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-15 11:58 . 2010-04-15 17:03 1804576 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-15 09:44 . 2010-04-15 13:31 -------- d-----w- c:\programmi\File comuni\ParetoLogic
2010-04-15 09:44 . 2010-04-15 13:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic
2010-04-15 09:43 . 2010-04-15 09:43 -------- d-----w- c:\documents and settings\fernanda mazzieri\Impostazioni locali\Dati applicazioni\Downloaded Installations
2010-04-13 13:07 . 2010-04-13 13:11 117760 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-13 13:07 . 2010-04-13 13:07 52224 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-13 13:07 . 2010-04-13 13:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-04-13 13:06 . 2010-04-13 13:06 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-04-13 07:49 . 2010-04-13 07:49 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-11 05:50 . 2010-04-13 13:06 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-04-11 05:50 . 2010-04-11 05:50 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\SUPERAntiSpyware.com
2010-04-06 12:54 . 2010-04-06 12:54 -------- d-----w- c:\programmi\File comuni\PCSuite
2010-04-06 12:54 . 2010-04-06 12:54 -------- d-----w- c:\programmi\File comuni\Nokia
2010-04-06 12:53 . 2010-04-06 12:53 -------- d-----w- c:\programmi\DIFX
2010-04-06 12:53 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-06 12:53 . 2010-04-06 12:53 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-04-06 12:53 . 2009-02-09 05:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-04-06 12:53 . 2010-04-06 12:54 -------- d-----w- c:\programmi\Nokia
2010-04-06 12:52 . 2009-01-01 10:00 52048144 --s-a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\PC-Suite.exe
2010-04-06 12:52 . 2010-04-06 12:52 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-06 12:52 . 2010-04-06 12:52 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-06 12:52 . 2010-04-06 12:52 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-06 12:50 . 2010-04-06 12:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2010-04-06 09:12 . 2001-08-30 21:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-06 09:12 . 2008-04-14 01:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-06 08:12 . 2010-04-06 08:12 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\FUJIFILM
2010-04-06 08:07 . 2000-03-29 15:11 8096 ------w- c:\windows\system32\drivers\MASPINT.SYS
2010-04-06 08:07 . 1997-02-28 01:00 2486 ------w- c:\windows\system\AS16POST.BIN
2010-04-06 08:07 . 2010-04-06 08:07 -------- d-----w- C:\MWASPI
2010-04-06 08:03 . 2010-04-06 08:03 -------- d-----w- c:\programmi\PIXELA
2010-04-06 08:03 . 2004-02-04 23:29 380928 ----a-w- c:\windows\system32\FE05F3D7.dll
2010-04-06 08:03 . 2003-12-09 17:45 401408 ----a-w- c:\windows\system32\FE05F3D6.dll
2010-04-06 08:03 . 2003-08-26 08:54 401408 ----a-w- c:\windows\system32\FE05EFED.dll
2010-04-06 08:03 . 2003-06-25 15:24 299008 ----a-w- c:\windows\system32\FE05F051.dll
2010-04-06 08:03 . 2003-06-09 22:37 299008 ----a-w- c:\windows\system32\FE05F3D5.dll
2010-04-06 08:03 . 2003-06-02 20:50 299008 ----a-w- c:\windows\system32\FE05DA0D.dll
2010-04-06 08:03 . 2002-04-07 02:26 106496 ----a-w- c:\windows\system32\FPXS2Pro.dll
2010-04-06 08:02 . 2003-09-06 05:57 159744 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2010-04-06 08:02 . 2003-09-03 05:45 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
2010-04-06 08:01 . 2001-11-25 11:11 81924 ------w- c:\windows\system32\drivers\VC4CB104.SYS
2010-04-06 08:01 . 2010-04-06 08:01 -------- d-----w- c:\programmi\REGSHAVE
2010-04-06 08:01 . 2002-06-25 08:06 45056 ------w- c:\windows\system32\FINFCOPY.dll
2010-04-06 08:01 . 2002-02-27 11:27 65536 ------w- c:\windows\system32\FINFCHECK.dll
2010-04-06 08:01 . 2002-02-13 10:00 45056 ------w- c:\windows\system32\FCLKBTN.DLL
2010-04-06 08:01 . 2002-02-05 16:33 69632 ------w- c:\windows\system32\FREGSHEX.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 07:32 . 2009-02-18 17:05 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Skype
2010-04-18 07:31 . 2009-02-18 17:07 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\skypePM
2010-04-17 20:15 . 2009-03-18 13:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-17 20:12 . 2010-01-15 08:44 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Disk Cleaner
2010-04-17 14:10 . 2009-03-16 08:27 -------- d-----w- c:\programmi\Mininova-Vuze
2010-04-16 11:59 . 2009-02-13 13:37 -------- d-----w- c:\programmi\eMule
2010-04-15 17:03 . 2010-04-15 11:58 3356 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-15 17:03 . 2010-04-15 11:58 25244 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-15 06:20 . 2004-08-29 15:16 88758 ----a-w- c:\windows\system32\perfc010.dat
2010-04-15 06:20 . 2004-08-29 15:16 500338 ----a-w- c:\windows\system32\perfh010.dat
2010-04-14 19:42 . 2009-03-16 07:35 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\uTorrent
2010-04-13 07:48 . 2009-04-03 15:27 -------- d-----w- c:\programmi\Google
2010-04-08 13:28 . 2009-06-13 20:35 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\gtk-2.0
2010-04-06 08:03 . 2009-02-12 21:54 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-03 13:13 . 2009-02-12 21:53 -------- d-----w- c:\programmi\File comuni\Java
2010-04-03 13:12 . 2009-06-17 06:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-25 06:28 . 2009-12-25 12:01 -------- d-----w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Apple Computer
2010-03-22 05:55 . 2009-03-17 10:56 -------- d-----w- c:\programmi\uTorrent
2010-03-20 13:36 . 2009-02-13 08:35 67592 ----a-w- c:\documents and settings\fernanda mazzieri\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-12 06:27 . 2010-03-12 06:27 300616 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-12 06:27 . 2010-03-12 06:27 118784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-12 06:27 . 2010-03-12 06:27 329312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-12 06:27 . 2009-02-13 13:26 -------- d-----w- c:\programmi\File comuni\Real
2010-03-12 06:26 . 2010-03-12 06:26 -------- d-----w- c:\programmi\Real
2010-03-12 06:26 . 2010-03-12 06:26 -------- d-----w- c:\programmi\File comuni\xing shared
2010-03-12 06:25 . 2009-02-13 13:26 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-12 06:25 . 2009-02-13 13:26 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-10 06:15 . 2004-08-19 22:39 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 08:02 . 2010-03-06 08:02 155600 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-02-26 20:24 . 2010-02-26 20:24 -------- d-----w- c:\programmi\CCleaner
2010-02-25 06:16 . 2004-08-19 22:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 06:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:05 . 2004-08-19 22:34 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 09:00 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 21:58 . 2010-01-15 11:23 38784 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-13 14:14 . 2010-02-13 14:14 509 ----a-w- c:\documents and settings\fernanda mazzieri\KiweeChatbarCleanup.bat
2010-02-13 14:13 . 2010-02-13 14:13 298 ----a-w- c:\documents and settings\fernanda mazzieri\UnifiedToolbarCleanup.bat
2010-02-12 10:03 . 2010-03-06 07:32 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-19 22:39 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 06:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_BA42303DF6E9A82071196E.exe
2010-01-25 17:01 . 2010-01-25 15:53 29926 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_3C166BAD640EEF09D248BD.exe
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_D707CE1C009F1381803C2C.exe
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_A92E8E99C2D2589BBFDBFF.exe
2010-01-25 17:01 . 2010-01-25 15:53 43646 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_21F3885A18D238E15AAE81.exe
2010-01-25 17:01 . 2010-01-25 15:53 109534 ----a-r- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Microsoft\Installer\{1DD377D6-FE55-40FA-B1C2-42DCB2E540A0}\_6FEFF9B68218417F98F549.exe
2010-01-24 21:30 . 2010-01-24 21:30 503808 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5785977f-n\msvcp71.dll
2010-01-24 21:30 . 2010-01-24 21:30 499712 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5785977f-n\jmc.dll
2010-01-24 21:30 . 2010-01-24 21:30 348160 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5785977f-n\msvcr71.dll
2010-01-24 21:30 . 2010-01-24 21:30 61440 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7deacdc2-n\decora-sse.dll
2010-01-24 21:30 . 2010-01-24 21:30 12800 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7deacdc2-n\decora-d3d.dll
2010-01-21 15:20 . 2010-01-21 15:20 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-01-21 15:20 . 2010-01-21 15:20 32736 ----a-w- c:\windows\system32\drivers\psmounter.sys
2010-01-21 14:30 . 2010-01-21 14:30 61440 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\decora-sse.dll
2010-01-21 14:30 . 2010-01-21 14:30 503808 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\msvcp71.dll
2010-01-21 14:30 . 2010-01-21 14:30 499712 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\jmc.dll
2010-01-21 14:30 . 2010-01-21 14:30 348160 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\msvcr71.dll
2010-01-21 14:30 . 2010-01-21 14:30 12800 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-37e51d6c-n\decora-d3d.dll
2010-01-21 14:30 . 2010-01-21 14:30 114688 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-1a2fc121-n\jogl_cg.dll
2010-01-21 14:30 . 2010-01-21 14:30 315392 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-1a2fc121-n\jogl.dll
2010-01-21 14:30 . 2010-01-21 14:30 20480 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-1a2fc121-n\jogl_awt.dll
2010-01-21 14:30 . 2010-01-21 14:30 20480 ----a-w- c:\documents and settings\fernanda mazzieri\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-3a55512c-n\gluegen-rt.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-17_20.40.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-18 07:30 . 2010-04-18 07:30 16384 c:\windows\temp\Perflib_Perfdata_428.dat
+ 2010-04-18 06:43 . 2010-04-18 06:43 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-04-18 06:43 . 2010-04-18 06:43 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-04-18 06:43 . 2010-04-18 06:43 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-04-18 06:43 . 2010-04-18 06:43 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-04-18 06:43 . 2010-04-18 06:43 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-04-18 06:43 . 2010-04-18 06:43 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-04-18 06:43 . 2010-04-18 06:43 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ARPPRODUCTICON.exe
+ 2010-04-18 05:56 . 2010-04-18 06:00 1588 c:\windows\SoftwareDistribution\EventCache\{3E47D90F-739B-4C11-B394-A64F66CE5CF7}.bin
+ 2010-04-18 06:43 . 2010-04-18 06:43 1235968 c:\windows\Installer\2d2d32.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 08:36 1008896 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Emule Installer"="c:\programmi\Emule Installer\EmuleInstaller.exe" [2008-11-28 484864]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-29 39408]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MAKTray"="MAKTray.exe" [2004-08-27 287232]
"SetRefresh"="c:\programmi\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SweetIM"="c:\programmi\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-03-12 202256]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\documents and settings\fernanda mazzieri\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-1-20 95232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 06:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgtray.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgui.exe"=
"c:\\Programmi\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:File and Printer Sharing

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [21/01/2010 17.20.50 15328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/02/2009 0.27.03 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/02/2009 0.27.09 108552]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 66632]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/02/2009 0.26.58 297752]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [16/03/2009 16.09.55 8192]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [21/01/2010 17.20.24 220128]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [29/06/2009 20.19.10 133104]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [21/01/2010 17.20.38 32736]
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-18 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-29 12:04]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-29 18:19]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-29 18:19]

2010-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2970431553-3055220488-3798296123-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2970431553-3055220488-3798296123-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-17 c:\windows\Tasks\User_Feed_Synchronization-{76FC3D1D-6382-48BE-802E-60E3EA401460}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-04-18 c:\windows\Tasks\User_Feed_Synchronization-{DFA0D97C-874A-4F53-9F03-4C8807B5D6FB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.forospyware.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Trusted Zone: swzone.it\forum
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\fernanda mazzieri\Dati applicazioni\Mozilla\Firefox\Profiles\6jxeyzdk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1978305&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Mininova-Vuze Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 09:30
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\programmi\SweetIM\Messenger\mgAdaptersProxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\SUPERAntiSpyware\SASSEH.DLL
c:\programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll
c:\programmi\Nero\Nero 7\Nero BackItUp\MSVCP71.dll
c:\programmi\WinRAR\rarext.dll
c:\programmi\Malwarebytes' Anti-Malware\mbamext.dll
c:\programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\MAKTray.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-18 09:34:56 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-18 07:34
ComboFix2.txt 2010-04-17 20:43

Pre-Run: 219.270.291.456 byte disponibili
Post-Run: 219.297.464.320 byte disponibili

- - End Of File - - 8F3A07BAB51B72D95890ABB42643EEF7



speriamo bene. grazie
Torna in alto
 
r16
Inviato: Sunday, April 18, 2010 1:41:14 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Perbacco, ha funzionato. Anxious
Ho imparato qualcosa di nuovo. Whistle
Posta un log di hijckthis
Torna in alto
 
nonnafer
Inviato: Sunday, April 18, 2010 2:00:11 PM
Rank: Member

Iscritto dal : 1/7/2008
Posts: 27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.58.02, on 18/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\MAKTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\vVX1000.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\Programmi\SweetIM\Messenger\SweetIM.exe
C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Emule Installer\EmuleInstaller.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [MAKTray] MAKTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programmi\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [Emule Installer] "C:\Programmi\Emule Installer\EmuleInstaller.exe" hmw
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SIMBAR={E3616FBB-C184-4DB3-B404-D7E2B6B3C073}; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.habbo.it/shockwave_client"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.inforiviera.it/new_webcam/AxisCamControl.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AD05899-6564-46AA-B09E-4F424CB93976}: NameServer = 85.37.17.48 85.38.28.88
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11315 bytes

eccolo
Torna in alto
 
r16
Inviato: Sunday, April 18, 2010 2:27:31 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Per eliminare i vari Tooll scaricati:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SetRefresh] C:\Programmi\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [Emule Installer] "C:\Programmi\Emule Installer\EmuleInstaller.exe" hmw
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SIMBAR={E3616FBB-C184-4DB3-B404-D7E2B6B3C073}; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.habbo.it/shockwave_client"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactiv ex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.inforiviera.it/new_webcam/AxisCamControl.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab


Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected .

N.B:
Dov'è l'antivirus?
Torna in alto
 
nonnafer
Inviato: Monday, April 19, 2010 6:00:09 PM
Rank: Member

Iscritto dal : 1/7/2008
Posts: 27
buon giorno
ho effettuato tutte le azioni consigliate nell' ultimo post ma senza alcun risultato.
poi sono andata in "cerca" ed ho inserito la parola makhk.ecco il risultato.
c:\windows\makhk" e null' altro. l' ho eliminata e la finestra è scomparsa.
il mio antivirus è avg8 free. mi fa le scanzioni tutti i giorni e si aggiorna automaticamente.perchè hijackthis non lo rileva?
vi ringrazio per la vostra attenzione e saluto cordialmente
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » makhkdll


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.