Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log possibili minacce informatiche

Controllo log possibili minacce informatiche Opzioni
Topic Precedente · Topic Sucessivo
alexlife
Inviato: Saturday, June 05, 2010 12:43:07 PM
Rank: Member

Iscritto dal : 7/1/2004
Posts: 10
Salve a tutti ,qualcuno pu^o gentilemente controllarmi il log , pagine internet che si aprono da sole ,il pc si avvia in modalita selettiva ed e stato cambiato tutto il desktop.mi ha cambiato sfondo e sbarra ,non riesco a trovare dove il problema ,perfino la tadtiera mi e stata modificata,in piu l'audio non si non funyiona .
Anticipatamente ringrayio e saluto


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.42.47, on 05/06/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Lexmark Barra degli strumenti - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Lexmark Barra degli strumenti - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PrinTray] C:\Windows\system32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; eSobiSubscriber 2.0.4.16; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.jetztspielen.ws/spiele/Race+spiele/Tigercross.html"
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO DI RETE')
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\Windows\system32\ChgService.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate1c9b9fffb8cd680) (gupdate1c9b9fffb8cd680) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Unknown owner - C:\Windows\system32\nlssrv32.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 11517 bytes
Torna in alto
 
Sponsor
Inviato: Saturday, June 05, 2010 12:43:07 PM

 
Torna in alto
 
fdaccc
Inviato: Saturday, June 05, 2010 1:04:04 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
L'unico consiglio che posso darti è quello per sistemare la tastiera:
Start-pannello di controllo-opzioni internazionali e della lingua-scegli italiano italia in opzioni internazionali, spostati poi in lingue, dettagli e come lingua di imput predefinito scegli l'italiano, cosi almeno risolverai il problema della tastiera.
Devi eseguire questa operazioni per ogni account presente nel tuo PC, di più non mi è concesso dirti.
http://pc4life.forumfree.it
Torna in alto
 
bazzurlone
Inviato: Saturday, June 05, 2010 1:25:00 PM

Rank: AiutAmico

Iscritto dal : 1/20/2005
Posts: 1,537
Installa questo http://www.aiutamici.com/software?ID=80346
Aggiornalo e esegui una scansione completa,posta il log che uscira' alla fine
Torna in alto
 
alexlife
Inviato: Sunday, June 06, 2010 10:05:59 PM
Rank: Member

Iscritto dal : 7/1/2004
Posts: 10
bazzurlone ha scritto:
Installa questo http://www.aiutamici.com/software?ID=80346
Aggiornalo e esegui una scansione completa,posta il log che uscira' alla fine



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4172

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

06/06/2010 21.50.53
mbam-log-2010-06-06 (21-50-53).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 320462
Tempo trascorso: 1 ore, 54 minuti, 2 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)


ecco fatto ,nulla di particolare ,in realtà avevo già questo pogramma in versione pro che ho disinstallato,inoltre ho disinstallato anche norton ghost e da allora mi so venuti tutti sti problemi ,tra l'altro ultimamente mi si cambia la schermata di explorer senza che io tocchi nulla,intendo dire il colore ,la stessa cosa anche la tastiera si è risistemata senza che io toccassi nulla ,speriamo che non siano i sintomi di un addio .
.Anticipatamente ringrazio saluti
Torna in alto
 
alexlife
Inviato: Monday, June 07, 2010 7:51:51 PM
Rank: Member

Iscritto dal : 7/1/2004
Posts: 10
salve a tutti,qualcuno mi dia qualche dritta,il mio laptop cmbia in automatico il colore del menu start in automatico,cioe quel grigio chiaro,poi il suono a volte si avvis e a volte lo devo avviare io .Non riesco propio a capire dove sia il problema.Non riesco a leggere nemmeno la posta in windows email,non esce nessun account.
Torna in alto
 
bazzurlone
Inviato: Monday, June 07, 2010 8:15:56 PM

Rank: AiutAmico

Iscritto dal : 1/20/2005
Posts: 1,537
Usa questo
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e
chiudi TUTTI i programmi aperti,(Firewall compreso) e

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix)
tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse)
e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
alexlife
Inviato: Tuesday, June 08, 2010 11:48:59 PM
Rank: Member

Iscritto dal : 7/1/2004
Posts: 10
ciao bazzurl,non riesco a completare la scansione con combofix mi esce sempre questa scritta "processore dei comANDI di windows ha smesso di funzionare" e si blocca,e si chiude in automatico.iNOLTRE HO AVG ANTIVIRUS e sono riuscito a disattivare solo firewall ,identitym proteyione e online e resident shield ,lìantivirus non lo riesco a disalbilitare lo devo solo disinstallare.
ciao e resto in attesa di un tuo gentile aiuto,o se qualcuno ha qualche consiglio da darmi.anticipatamente ringrazio
Torna in alto
 
alexlife
Inviato: Tuesday, June 08, 2010 11:50:40 PM
Rank: Member

Iscritto dal : 7/1/2004
Posts: 10
OPS TANTO HO FATTO CHE CI SONO RIUSCITO ,,,.Think
ECCO IL LOG DO COMBOFIX:>

ComboFix 10-06-08.02 - globalservice 09/06/2010 0.13.28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3066.1821 [GMT 2:00]
Eseguito da: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\StormII
c:\program files\StormII\box\BoxLog.dll
c:\program files\StormII\box\HttpServer.dll
c:\program files\StormII\box\MovieBoxCore.dll
c:\program files\StormII\box\Stline.exe
c:\program files\StormII\playlist.smpl
c:\users\globalservice\AppData\Roaming\.#
c:\users\globalservice\AppData\Roaming\chrtmp
c:\windows\system32\system
c:\windows\system32\systeminfo3.dll

La copia infetta di c:\windows\system32\drivers\kbdclass.sys è stata trovata e disinfettata
ipristinata copia da - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Creati Da 2010-05-08 al 2010-06-08 )))))))))))))))))))))))))))))))))))
.

2010-06-08 22:24 . 2010-06-08 22:25 -------- d-----w- c:\users\globalservice\AppData\Local\temp
2010-06-08 22:24 . 2010-06-08 22:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-08 22:24 . 2010-06-08 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-07 19:27 . 2010-06-07 19:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Zattoo
2010-06-07 18:07 . 2010-06-07 18:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software
2010-06-07 17:28 . 2010-06-07 17:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-07 08:38 . 2010-06-08 11:41 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2010-06-05 14:44 . 2010-06-05 15:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-06-04 20:24 . 2010-06-04 20:24 3581208 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-06-04 20:04 . 2010-06-04 20:04 -------- d-----w- C:\$AVG
2010-06-04 19:56 . 2010-06-04 19:56 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-04 19:52 . 2010-06-03 21:39 875288 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-06-04 19:52 . 2010-06-03 21:39 1656088 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-06-04 19:52 . 2010-06-03 21:39 798488 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-06-04 19:52 . 2010-06-03 21:39 610072 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-06-04 19:33 . 2010-06-04 19:33 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2010-06-04 19:28 . 2010-06-04 19:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Symantec
2010-06-04 19:28 . 2010-06-04 19:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Symantec_Corporation
2010-06-03 22:00 . 2010-06-03 22:00 -------- d-----w- c:\program files\Symantec
2010-06-03 21:59 . 2009-10-01 20:03 131000 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2010-06-03 21:52 . 2010-06-03 21:52 -------- d-----w- C:\5b344792d01785a6a881690f
2010-06-03 21:51 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-03 21:51 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-03 21:51 . 2010-06-04 21:11 -------- d-----w- c:\program files\Norton Ghost
2010-06-03 21:51 . 2010-06-04 21:11 -------- d-----w- c:\programdata\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2010-06-03 21:43 . 2009-09-18 10:28 1115392 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-06-03 21:39 . 2010-06-08 20:35 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-03 21:39 . 2010-06-07 17:28 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-06-03 21:39 . 2010-06-04 19:56 25096 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-06-03 21:39 . 2010-06-04 19:54 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-03 21:39 . 2010-06-04 19:56 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 21:39 . 2010-06-04 19:54 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-03 21:39 . 2010-06-04 19:56 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-03 21:38 . 2010-06-04 19:54 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-06-03 21:38 . 2010-06-03 21:38 -------- d-----w- c:\programdata\avg9
2010-06-03 21:38 . 2010-06-03 21:38 -------- d-----w- c:\program files\AVG
2010-06-03 09:36 . 2010-06-03 09:36 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\PowerCinema
2010-05-29 19:31 . 2010-05-29 19:31 552 ----a-w- c:\users\globalservice\AppData\Local\d3d8caps.dat
2010-05-28 15:48 . 2010-05-28 16:21 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-28 15:33 . 2010-05-28 15:33 -------- d-----w- C:\NVIDIA
2010-05-19 17:37 . 2010-05-18 18:36 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2010-05-18 18:36 . 2010-05-18 18:36 249592 ----a-w- c:\windows\system32\cssdll32.dll
2010-05-18 18:31 . 2010-05-19 07:47 -------- d-----w- c:\users\globalservice\AppData\Roaming\Comodo
2010-05-18 18:08 . 2010-05-18 18:08 -------- d-----w- c:\programdata\Prevx
2010-05-16 16:52 . 2010-06-03 21:22 -------- d-----w- c:\programdata\Alwil Software
2010-05-16 16:52 . 2010-05-16 16:52 -------- d-----w- c:\program files\Alwil Software
2010-05-14 13:47 . 2010-05-14 13:47 -------- d-----w- c:\users\globalservice\AppData\Roaming\dvdcss
2010-05-14 09:32 . 2010-05-14 09:32 -------- d-----w- c:\program files\Alcohol Soft
2010-05-14 09:23 . 2010-05-14 09:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-13 22:43 . 2010-05-14 09:31 -------- d-----w- c:\users\globalservice\AppData\Roaming\Vso
2010-05-13 22:43 . 2010-05-14 09:31 81920 ----a-w- c:\users\globalservice\AppData\Roaming\ezpinst.exe
2010-05-13 22:43 . 2010-05-14 09:31 47360 ----a-w- c:\users\globalservice\AppData\Roaming\pcouffin.sys
2010-05-13 21:56 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-08 22:19 . 2008-05-08 06:57 662862 ----a-w- c:\windows\system32\perfh010.dat
2010-06-08 22:19 . 2008-05-08 06:57 120326 ----a-w- c:\windows\system32\perfc010.dat
2010-06-08 22:12 . 2010-06-03 20:04 78493 ----a-w- c:\programdata\nvModes.dat
2010-06-07 17:33 . 2010-04-16 18:52 -------- d-----w- c:\program files\SpywareBlaster
2010-06-06 17:25 . 2008-11-17 18:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-06 17:17 . 2008-05-07 21:13 -------- d-----w- c:\program files\Acer GameZone
2010-06-04 21:12 . 2008-11-12 19:26 -------- d-----w- c:\programdata\Symantec
2010-06-04 19:57 . 2010-06-04 19:57 356616 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-06-04 19:57 . 2010-06-04 19:57 74760 ----a-w- c:\programdata\avg9\update\backup\UniversalDD.sys
2010-06-04 19:57 . 2010-06-04 19:57 30216 ----a-w- c:\programdata\avg9\update\backup\AVGIDSFilter.sys
2010-06-04 19:57 . 2010-06-04 19:57 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-04 19:57 . 2010-06-04 19:57 27800 ----a-w- c:\programdata\avg9\update\backup\AVGIDSShim.sys
2010-06-04 19:57 . 2010-06-04 19:57 25608 ----a-w- c:\programdata\avg9\update\backup\AVGIDSvx.sys
2010-06-04 19:57 . 2010-06-04 19:57 122376 ----a-w- c:\programdata\avg9\update\backup\AVGIDSDriver.sys
2010-06-04 19:57 . 2010-06-04 19:57 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-06-04 19:57 . 2010-06-04 19:57 29464 ----a-w- c:\programdata\avg9\update\backup\avgfwd6a.sys
2010-06-04 19:57 . 2010-06-04 19:57 23832 ----a-w- c:\programdata\avg9\update\backup\avgfwd6x.sys
2010-06-04 19:57 . 2010-06-04 19:57 161672 ----a-w- c:\programdata\avg9\update\backup\avgrkx86.sys
2010-06-04 19:57 . 2010-06-04 19:57 -------- d-----w- c:\users\globalservice\AppData\Roaming\Symantec
2010-06-03 20:05 . 2008-10-29 21:16 -------- d-----w- c:\programdata\NVIDIA
2010-06-03 19:57 . 2010-03-13 09:14 -------- d-----w- c:\users\globalservice\AppData\Roaming\vlc
2010-06-03 19:57 . 2010-03-09 20:02 -------- d-----w- c:\program files\Zattoo4
2010-06-03 19:46 . 2006-11-02 13:02 9268 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
2010-06-03 09:36 . 2008-10-29 21:10 105920 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-30 15:28 . 2010-03-28 21:54 -------- d-----w- c:\users\globalservice\AppData\Roaming\Nitro PDF
2010-05-29 21:34 . 2010-03-04 18:49 -------- d-----w- c:\programdata\Lx_cats
2010-05-29 19:32 . 2008-11-03 21:42 1356 ----a-w- c:\users\globalservice\AppData\Local\d3d9caps.dat
2010-05-25 21:28 . 2009-02-28 13:18 1 ----a-w- c:\users\globalservice\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-24 18:47 . 2008-10-29 21:21 -------- d-----w- c:\program files\Launch Manager
2010-05-16 20:46 . 2010-05-16 20:46 12 ----a-w- c:\windows\system32\DROPPEDFILEOKgfx3.tmp
2010-05-16 16:34 . 2009-12-01 21:42 -------- d-----w- c:\programdata\Lavasoft
2010-05-16 10:41 . 2010-04-16 20:36 -------- d-----w- c:\programdata\Kaspersky Lab
2010-05-16 09:40 . 2010-04-16 20:36 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-16 09:40 . 2010-02-13 10:08 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-05-14 22:05 . 2009-12-01 18:55 -------- d-----w- c:\users\globalservice\AppData\Roaming\muvee Technologies
2010-05-14 09:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-13 23:46 . 2010-03-12 20:09 -------- d-----w- c:\program files\Super Internet TV
2010-05-01 10:40 . 2009-09-20 09:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-29 20:32 . 2009-09-12 17:08 -------- d-----w- c:\users\globalservice\AppData\Roaming\GetRightToGo
2010-03-28 21:39 . 2008-11-11 09:19 432 ----a-w- c:\users\globalservice\AppData\Roaming\wklnhst.dat
2010-03-26 22:31 . 2010-03-26 22:31 7168 ----a-w- c:\windows\system32\drivers\utm4njy1.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-10-29 12:43 . 2008-10-29 12:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-07 6265376]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2007-06-11 455600]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]
"Lexmark 6500 Series Fax Server"="c:\program files\Lexmark 6500 Series\fm3032.exe" [2007-06-11 308144]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"USBToolTip"=c:\progra~1\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"PrinTray"=c:\windows\system32\spool\DRIVERS\W32X86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1815193764-2899108687-2117010896-1000]
"EnableNotificationsRef"=dword:00000001

R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2009-04-02 135168]
R2 gupdate1c9b9fffb8cd680;Google Update Service (gupdate1c9b9fffb8cd680);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 133104]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [2007-05-29 99248]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
R3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-06-04 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-06-04 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-06-04 27144]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys [2008-09-01 103552]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 utm4njy1;AVZ Kernel Driver;c:\windows\system32\Drivers\utm4njy1.sys [2010-03-26 7168]
R4 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe [2007-05-29 598960]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-14 691696]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-06-04 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-06-04 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-06-04 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-04 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-04 242896]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-06-04 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-04 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-06-04 2331544]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-09-15 188736]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-03 43552]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 17:15]

2010-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 17:15]

2010-06-08 c:\windows\Tasks\User_Feed_Synchronization-{2916B595-576A-4ACD-9704-CC8F49211E42}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
FF - ProfilePath - c:\users\globalservice\AppData\Roaming\Mozilla\Firefox\Profiles\z9gna6mg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - mipony-plugin Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2465030&SearchSource=13
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 00:25
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-06-09 00:29:21
ComboFix-quarantined-files.txt 2010-06-08 22:29

Pre-Run: 24.657.547.264 byte disponibili
Post-Run: 24.617.963.520 byte disponibili

- - End Of File - - 0127F1FE0206F96B2B58CA052BD876D9
Torna in alto
 
alexlife
Inviato: Thursday, June 10, 2010 9:26:38 PM
Rank: Member

Iscritto dal : 7/1/2004
Posts: 10
Ciao barzullone ti ho postato il log,anche se sembra che il problema si sia risolto,solo che non ho piu avg nella sbarra sotto,ed ho ancora alcune anomalie al pc e non so da cosa dipende ,inolktre ho fatto un test per la vulnerabilità ,te lo posto sotto ciao e fammi sapere cosa ne pensi,anche perche ho avg protezione totale ,resto in attesa di qualche consiglio da qualche esperto.anticipatamente ringrazio .

COMODO Leaktests v.1.1.0.3
Date 21.18.37 - 10/06/2010
OS Windows Vista SP1 build 6001
1. RootkitInstallation: MissingDriverLoad Vulnerable
2. RootkitInstallation: LoadAndCallImage Protected
3. RootkitInstallation: DriverSupersede Protected
4. RootkitInstallation: ChangeDrvPath Vulnerable
5. Invasion: Runner Protected
6. Invasion: RawDisk Vulnerable
7. Invasion: PhysicalMemory Protected
8. Invasion: FileDrop Vulnerable
9. Invasion: DebugControl Protected
10. Injection: SetWinEventHook Vulnerable
11. Injection: SetWindowsHookEx Vulnerable
12. Injection: SetThreadContext Vulnerable
13. Injection: Services Vulnerable
14. Injection: ProcessInject Protected
15. Injection: KnownDlls Vulnerable
16. Injection: DupHandles Vulnerable
17. Injection: CreateRemoteThread Protected
18. Injection: APC dll injection Vulnerable
19. Injection: AdvancedProcessTermination Vulnerable
20. InfoSend: ICMP Test Protected
21. InfoSend: DNS Test Vulnerable
22. Impersonation: OLE automation Protected
23. Impersonation: ExplorerAsParent Protected
24. Impersonation: DDE Vulnerable
25. Impersonation: Coat Vulnerable
26. Hijacking: WinlogonNotify Protected
27. Hijacking: Userinit Vulnerable
28. Hijacking: UIHost Protected
29. Hijacking: SupersedeServiceDll Vulnerable
30. Hijacking: StartupPrograms Vulnerable
31. Hijacking: ChangeDebuggerPath Protected
32. Hijacking: AppinitDlls Vulnerable
33. Hijacking: ActiveDesktop Vulnerable
Score 130/330
(C) COMODO 2008
Torna in alto
 
r16
Inviato: Thursday, June 10, 2010 11:29:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Prova questi strumenti per rimuovere i "rimasugli" di McAfee:
http://service.mcafee.com/FAQDocument.aspx?id=TS100507&lc=1040&pf=1

Poi:
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt
Poi:
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::
Folder::
c:\programdata\Alwil Software
c:\program files\Alwil Software
c:\program files\Alcohol Soft
c:\programdata\Lavasoft
c:\programdata\Kaspersky Lab
c:\program files\Kaspersky Lab
c:\programdata\Kaspersky Lab Setup Files
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=-
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia da solo, riavvialo tu.
Posta il log aggiornato di combofix.

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia da solo, riavvialo tu.
Posta il log aggiornato di combofix.

Seguiranno altre istruzioni.
Torna in alto
 
alexlife
Inviato: Friday, June 11, 2010 7:03:03 PM
Rank: Member

Iscritto dal : 7/1/2004
Posts: 10
Ecco il log ,di combofix.Inoltre gentilmente potresti dirmi se è tutto a posto ,e se devo fare qualche altra cosa ,il problema e che avg ê sul desktop ma non funziona,anche se risulta tutto attivo..infine io della McAfee non ho mai installato nulla ,quindi non capisco come mai ci sono questi resti. grazie.


ComboFix 10-06-10.06 - globalservice 11/06/2010 18.20.46.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3066.1880 [GMT 2:00]
Eseguito da: c:\users\globalservice\Desktop\ComboFix.exe
Opzioni usate :: c:\users\globalservice\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Alcohol Soft
c:\program files\Alcohol Soft\Alcohol 120\ACID.exe
c:\program files\Alcohol Soft\Alcohol 120\Alcohol.exe
c:\program files\Alcohol Soft\Alcohol 120\alcohol.log
c:\program files\Alcohol Soft\Alcohol 120\Alcohol_.exe
c:\program files\Alcohol Soft\Alcohol 120\Alcoholx.dll
c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
c:\program files\Alcohol Soft\Alcohol 120\AxDTA.exe
c:\program files\Alcohol Soft\Alcohol 120\AXShlEx.dll
c:\program files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe
c:\program files\Alcohol Soft\Alcohol 120\AxSWdCPL.exe
c:\program files\Alcohol Soft\Alcohol 120\AxType.ini
c:\program files\Alcohol Soft\Alcohol 120\DevSupp.dll
c:\program files\Alcohol Soft\Alcohol 120\Help\ax_enu.chm
c:\program files\Alcohol Soft\Alcohol 120\imgengine.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_AR.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_BUL.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_CAT.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_Chs.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_Cht.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_CZ.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_DA.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_ES.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_FI.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_FR.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_GE.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_GR.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_HR.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_HU.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_IT.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_JPN.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_KR.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_MK.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_NL.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_NO.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_PL.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_PT.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_PT_BR.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_SK.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_SLV.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_SR.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_SV.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_TR.dll
c:\program files\Alcohol Soft\Alcohol 120\Langs\AX_UA.dll
c:\program files\Alcohol Soft\Alcohol 120\pfctoc.dll
c:\program files\Alcohol Soft\Alcohol 120\pidalc.dll
c:\program files\Alcohol Soft\Alcohol 120\Plugins\AxSWind.dll
c:\program files\Alcohol Soft\Alcohol 120\Plugins\AxtraWd.dll
c:\program files\Alcohol Soft\Alcohol 120\Plugins\DPM.dll
c:\program files\Alcohol Soft\Alcohol 120\Plugins\DPMChart.dll
c:\program files\Alcohol Soft\Alcohol 120\Plugins\Helper\AxSrvUACHlper.exe
c:\program files\Alcohol Soft\Alcohol 120\Plugins\Helper\AxSwindHlp.dll
c:\program files\Alcohol Soft\Alcohol 120\Plugins\Helper\UACHlper.exe
c:\program files\Alcohol Soft\Alcohol 120\Plugins\NapalmBurn.dll
c:\program files\Alcohol Soft\Alcohol 120\star_syn_client.dll
c:\program files\Alcohol Soft\Alcohol 120\StarWind\config.xsd
c:\program files\Alcohol Soft\Alcohol 120\StarWind\license.txt
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindLite.cfg
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Alcohol Soft\Alcohol 120\uninst.exe
c:\program files\Alwil Software
c:\program files\Alwil Software\Avast5\Setup\setup.ini
c:\program files\Kaspersky Lab
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\kis9cf.reg
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\lic.ppl
c:\programdata\Alwil Software
c:\programdata\Kaspersky Lab Setup Files
c:\programdata\Kaspersky Lab
c:\programdata\Kaspersky Lab\AVP9\AVZData\bt.avz
c:\programdata\Kaspersky Lab\AVP9\AVZData\scu.avz
c:\programdata\Kaspersky Lab\AVP9\AVZData\tsw.avz
c:\programdata\Kaspersky Lab\AVP9\Encryption\containers.db
c:\programdata\Kaspersky Lab\AVP9\Temp\2EB2.tmp
c:\programdata\Kaspersky Lab\AVP9\Temp\3087.tmp
c:\programdata\Kaspersky Lab\AVP9\Temp\categories.db
c:\programdata\Kaspersky Lab\AVP9\Temp\E0EF.tmp
c:\programdata\Lavasoft
c:\programdata\Lavasoft\License\adaware.da2

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_StarWindServiceAE
-------\Service_StarWindServiceAE


((((((((((((((((((((((((( Files Creati Da 2010-05-11 al 2010-06-11 )))))))))))))))))))))))))))))))))))
.

2010-06-11 16:31 . 2010-06-11 16:35 -------- d-----w- c:\users\globalservice\AppData\Local\temp
2010-06-11 16:31 . 2010-06-11 16:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-11 16:31 . 2010-06-11 16:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-11 16:31 . 2010-06-11 16:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-11 16:15 . 2010-06-11 16:17 -------- d-----w- C:\32788R22FWJFW
2010-06-10 19:17 . 2010-06-10 19:17 -------- d-----w- c:\programdata\Comodo Downloader
2010-06-10 18:54 . 2010-06-10 18:54 -------- d-----w- c:\users\globalservice\AppData\Roaming\AVG9
2010-06-10 18:17 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 18:17 . 2010-05-26 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-10 18:17 . 2010-05-26 14:25 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-10 18:17 . 2010-05-04 18:42 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-07 19:27 . 2010-06-07 19:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Zattoo
2010-06-07 18:07 . 2010-06-07 18:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software
2010-06-07 17:28 . 2010-06-07 17:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-07 08:38 . 2010-06-08 11:41 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2010-06-05 14:44 . 2010-06-05 15:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-06-04 20:04 . 2010-06-04 20:04 -------- d-----w- C:\$AVG
2010-06-04 19:57 . 2010-06-04 19:57 -------- d-----w- c:\users\globalservice\AppData\Roaming\Symantec
2010-06-04 19:57 . 2010-06-04 19:57 -------- d-----w- c:\users\globalservice\AppData\Local\Symantec_Corporation
2010-06-04 19:56 . 2010-06-04 19:56 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-04 19:33 . 2010-06-04 19:33 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2010-06-04 19:28 . 2010-06-04 19:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Symantec
2010-06-04 19:28 . 2010-06-04 19:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Symantec_Corporation
2010-06-03 22:00 . 2010-06-03 22:00 -------- d-----w- c:\program files\Symantec
2010-06-03 21:59 . 2009-10-01 20:03 131000 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2010-06-03 21:52 . 2010-06-03 21:52 -------- d-----w- C:\5b344792d01785a6a881690f
2010-06-03 21:51 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-03 21:51 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-03 21:51 . 2010-06-04 21:11 -------- d-----w- c:\program files\Norton Ghost
2010-06-03 21:51 . 2010-06-04 21:11 -------- d-----w- c:\programdata\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2010-06-03 21:39 . 2010-06-11 11:16 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-03 21:39 . 2010-06-07 17:28 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-06-03 21:39 . 2010-06-04 19:56 25096 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-06-03 21:39 . 2010-06-04 19:54 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-03 21:39 . 2010-06-04 19:56 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 21:39 . 2010-06-04 19:54 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-03 21:39 . 2010-06-04 19:56 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-03 21:38 . 2010-06-04 19:54 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-06-03 21:38 . 2010-06-03 21:38 -------- d-----w- c:\programdata\avg9
2010-06-03 21:38 . 2010-06-03 21:38 -------- d-----w- c:\program files\AVG
2010-06-03 09:36 . 2010-06-03 09:36 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\PowerCinema
2010-05-29 19:31 . 2010-05-29 19:31 552 ----a-w- c:\users\globalservice\AppData\Local\d3d8caps.dat
2010-05-28 15:48 . 2010-05-28 16:21 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-28 15:33 . 2010-05-28 15:33 -------- d-----w- C:\NVIDIA
2010-05-19 17:37 . 2010-05-18 18:36 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2010-05-18 18:36 . 2010-05-18 18:36 249592 ----a-w- c:\windows\system32\cssdll32.dll
2010-05-18 18:31 . 2010-05-19 07:47 -------- d-----w- c:\users\globalservice\AppData\Roaming\Comodo
2010-05-18 18:08 . 2010-05-18 18:08 -------- d-----w- c:\programdata\Prevx
2010-05-14 13:47 . 2010-05-14 13:47 -------- d-----w- c:\users\globalservice\AppData\Roaming\dvdcss
2010-05-14 09:23 . 2010-05-14 09:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-13 22:43 . 2010-05-14 09:31 -------- d-----w- c:\users\globalservice\AppData\Roaming\Vso
2010-05-13 21:56 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 16:35 . 2010-06-03 20:04 78493 ----a-w- c:\programdata\nvModes.dat
2010-06-11 15:56 . 2008-12-20 08:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-10 21:40 . 2008-11-17 18:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-10 18:47 . 2008-05-08 06:57 662862 ----a-w- c:\windows\system32\perfh010.dat
2010-06-10 18:47 . 2008-05-08 06:57 120326 ----a-w- c:\windows\system32\perfc010.dat
2010-06-09 16:21 . 2010-04-16 18:52 -------- d-----w- c:\program files\SpywareBlaster
2010-06-06 17:17 . 2008-05-07 21:13 -------- d-----w- c:\program files\Acer GameZone
2010-06-04 21:12 . 2008-11-12 19:26 -------- d-----w- c:\programdata\Symantec
2010-06-04 20:24 . 2010-06-04 20:24 3581208 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-06-04 19:57 . 2010-06-04 19:57 356616 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-06-04 19:57 . 2010-06-04 19:57 74760 ----a-w- c:\programdata\avg9\update\backup\UniversalDD.sys
2010-06-04 19:57 . 2010-06-04 19:57 30216 ----a-w- c:\programdata\avg9\update\backup\AVGIDSFilter.sys
2010-06-04 19:57 . 2010-06-04 19:57 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-04 19:57 . 2010-06-04 19:57 27800 ----a-w- c:\programdata\avg9\update\backup\AVGIDSShim.sys
2010-06-04 19:57 . 2010-06-04 19:57 25608 ----a-w- c:\programdata\avg9\update\backup\AVGIDSvx.sys
2010-06-04 19:57 . 2010-06-04 19:57 122376 ----a-w- c:\programdata\avg9\update\backup\AVGIDSDriver.sys
2010-06-04 19:57 . 2010-06-04 19:57 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-06-04 19:57 . 2010-06-04 19:57 29464 ----a-w- c:\programdata\avg9\update\backup\avgfwd6a.sys
2010-06-04 19:57 . 2010-06-04 19:57 23832 ----a-w- c:\programdata\avg9\update\backup\avgfwd6x.sys
2010-06-04 19:57 . 2010-06-04 19:57 161672 ----a-w- c:\programdata\avg9\update\backup\avgrkx86.sys
2010-06-03 21:39 . 2010-06-04 19:52 875288 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-06-03 21:39 . 2010-06-04 19:52 1656088 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-06-03 21:39 . 2010-06-04 19:52 798488 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-06-03 21:39 . 2010-06-04 19:52 610072 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-06-03 20:05 . 2008-10-29 21:16 -------- d-----w- c:\programdata\NVIDIA
2010-06-03 19:57 . 2010-03-13 09:14 -------- d-----w- c:\users\globalservice\AppData\Roaming\vlc
2010-06-03 19:57 . 2010-03-09 20:02 -------- d-----w- c:\program files\Zattoo4
2010-06-03 19:46 . 2006-11-02 13:02 9268 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
2010-06-03 09:36 . 2008-10-29 21:10 105920 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-30 15:28 . 2010-03-28 21:54 -------- d-----w- c:\users\globalservice\AppData\Roaming\Nitro PDF
2010-05-29 21:34 . 2010-03-04 18:49 -------- d-----w- c:\programdata\Lx_cats
2010-05-29 19:32 . 2008-11-03 21:42 1356 ----a-w- c:\users\globalservice\AppData\Local\d3d9caps.dat
2010-05-25 21:28 . 2009-02-28 13:18 1 ----a-w- c:\users\globalservice\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-24 18:47 . 2008-10-29 21:21 -------- d-----w- c:\program files\Launch Manager
2010-05-16 20:46 . 2010-05-16 20:46 12 ----a-w- c:\windows\system32\DROPPEDFILEOKgfx3.tmp
2010-05-14 22:05 . 2009-12-01 18:55 -------- d-----w- c:\users\globalservice\AppData\Roaming\muvee Technologies
2010-05-14 09:31 . 2010-05-13 22:43 81920 ----a-w- c:\users\globalservice\AppData\Roaming\ezpinst.exe
2010-05-14 09:31 . 2010-05-13 22:43 81920 ----a-w- c:\users\globalservice\AppData\Roaming\ezpinst.exe
2010-05-14 09:31 . 2010-05-13 22:43 47360 ----a-w- c:\users\globalservice\AppData\Roaming\pcouffin.sys
2010-05-14 09:31 . 2010-05-13 22:43 47360 ----a-w- c:\users\globalservice\AppData\Roaming\pcouffin.sys
2010-05-14 09:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-13 23:46 . 2010-03-12 20:09 -------- d-----w- c:\program files\Super Internet TV
2010-05-04 18:37 . 2010-06-10 18:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 16:53 . 2010-06-10 18:16 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-10 18:16 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 10:40 . 2009-09-20 09:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-29 20:32 . 2009-09-12 17:08 -------- d-----w- c:\users\globalservice\AppData\Roaming\GetRightToGo
2010-04-23 13:55 . 2010-06-10 18:16 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:10 . 2010-06-10 18:16 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-03-28 21:39 . 2008-11-11 09:19 432 ----a-w- c:\users\globalservice\AppData\Roaming\wklnhst.dat
2010-03-26 22:31 . 2010-03-26 22:31 7168 ----a-w- c:\windows\system32\drivers\utm4njy1.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-10-29 12:43 . 2008-10-29 12:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-07 6265376]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"USBToolTip"=c:\progra~1\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"PrinTray"=c:\windows\system32\spool\DRIVERS\W32X86\3\printray.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"Lexmark 6500 Series Fax Server"="c:\program files\Lexmark 6500 Series\fm3032.exe" /s
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe"
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe"
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1815193764-2899108687-2117010896-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate1c9b9fffb8cd680;Google Update Service (gupdate1c9b9fffb8cd680);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 133104]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [2007-05-29 99248]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys [2008-09-01 103552]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 utm4njy1;AVZ Kernel Driver;c:\windows\system32\Drivers\utm4njy1.sys [2010-03-26 7168]
R4 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe [2007-05-29 598960]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-14 691696]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-06-04 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-06-04 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-06-04 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-04 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-04 242896]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-06-04 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-04 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-06-04 2331544]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2009-04-02 135168]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-09-15 188736]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-06-04 122376]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-06-04 30216]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-06-04 27144]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-03 43552]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 17:15]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 17:15]

2010-06-11 c:\windows\Tasks\User_Feed_Synchronization-{2916B595-576A-4ACD-9704-CC8F49211E42}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
FF - ProfilePath - c:\users\globalservice\AppData\Roaming\Mozilla\Firefox\Profiles\z9gna6mg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - mipony-plugin Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2465030&SearchSource=13
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-11 18:35
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(1304)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-11 18:45:19 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-11 16:45
ComboFix2.txt 2010-06-08 22:29

Pre-Run: 18.712.268.800 byte disponibili
Post-Run: 18.162.614.272 byte disponibili

- - End Of File - - 373863E68418CD4F4F9E167612FD07AD
Torna in alto
 
r16
Inviato: Friday, June 11, 2010 11:22:12 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
Inoltre gentilmente potresti dirmi se è tutto a posto

Presuppongo allora che il pc funziona bene.
Aggiorna il S.O. (è importante)
http://www.microsoft.com/downloads/details.aspx?FamilyID=891ab806-2431-4d00-afa3-99ff6f22448d&displaylang=it

Per AVG, lo disistalli così:
Cessane l'esecuzione dalla Tray bar. (vicino all'orologio)
Vai in Installazione Applicazioni e lo Rimuovi.
Poi scarica ed esegui questo tooll per eliminare eventuali "rimasugli":
http://www.grisoft.cz/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Fai una pulizie (registro compreso) con CCleaner.
Riavvia il pc.

Reistalla AVG:
http://www.aiutamici.com/software?ID=11537
Lo aggiorni, e fai una scansione completa.
Torna in alto
 
alexlife
Inviato: Sunday, June 20, 2010 2:30:07 PM
Rank: Member

Iscritto dal : 7/1/2004
Posts: 10
Dancing Dancing anche se con ritardo vi ringrazio ,ho eseguito tutti i consigli e il problema è stato (speriamo ) risolto ,solo una piccola domanda ,riscansionando il sistema con comodo leak test il sistema non risulta totalmente protetto ,anche se ho un antivirus pro completo,....o sarà che ogni produttore adotta tecniche diverse ..
cmq grazie per l'aiuto.
Torna in alto
 
r16
Inviato: Sunday, June 20, 2010 7:24:47 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
riscansionando il sistema con comodo leak test il sistema non risulta totalmente protetto ,anche se ho un antivirus pro completo,....o sarà che ogni produttore adotta tecniche diverse ..

Non saprei che dirti.. (non conosco, comodo leak test )
Ogni software, ha un suo sistema per proteggere le varie aree di un pc. (vedi Kaspersky).
L'importante, è che il pc funzioni bene, e che tieni i software di difesa aggiornati.
Hai aggiornati il S.O al SP2 ?
http://windows.microsoft.com/it-it/windows-vista/Learn-how-to-install-Windows-Vista-Service-Pack-2-SP2
Ciao.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log possibili minacce informatiche


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.