Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Connessione lentissima!

2 pages: [1] 2
Connessione lentissima! Opzioni
Topic Precedente · Topic Sucessivo
beatrice49
Inviato: Monday, June 28, 2010 4:26:11 PM

Rank: AiutAmico

Iscritto dal : 3/6/2004
Posts: 34
Ciao, mi hanno detto di postare qui il risultato della scasione di HJT:
Grazie e saluti in attesa di responso
Beatrice
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:21:29, on 28/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\3 Internet\3 Internet.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deinumidithor.com/alani/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programmi\Zynga\tbZyn0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programmi\Zynga\tbZyn0.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programmi\Zynga\tbZyn0.dll
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Beatrice\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Mobile Partner] "C:\Programmi\3 Internet\3 Internet.exe"
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E44035F-3526-4D21-932D-EEBE5EBD3FA0} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://fotoadmin.aruba.it/ThirdParty/ImageUploader/ImageUploader4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8394 bytes
Torna in alto
 
Sponsor
Inviato: Monday, June 28, 2010 4:26:11 PM

 
Torna in alto
 
paolopa
Inviato: Monday, June 28, 2010 4:34:32 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ciao beatrice,apri hijack,clicca su "do a system scan only",seleziona le seguenti righe e,con tutte le applicazioni chiuse e disconnessa da internet premi "fix checked":
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programmi\Zynga\tbZyn0.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programmi\Zynga\tbZyn0.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programmi\Zynga\tbZyn0.dll
poi:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
se trova infezioni posta il log che ti rilascera'.
c è una voce che mi dice che il tuo avg ha qualche problema,ma ne parliamo poi,intanto fai questo.
ps:vai in istallazione applicazioni e disinstalla zynga toolbar
Torna in alto
 
wolfestein
Inviato: Monday, June 28, 2010 4:44:15 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,951
Scusa se mi intrometto paolo ma ho notato che ha il Tea Timer di Spyboot attivo,perciò sarebbe meglio che disinstallasse Spyboot e lo rimettesse senza.
Per beatrice49:
Per non attivare il Tea timer quando installi Spyboot fai attenzione alle varie schermate che si aprono e quando arrivi a quella del Tea timer deseleziona la voce in questione.
Torna in alto
 
paolopa
Inviato: Monday, June 28, 2010 4:44:43 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
mi sono accorto adesso che hai il teatimer di spybot,lo devi levare,fai cosi':apri spybot,clicca su modalita'(in alto a sn),modalita' avanzate,clicca sul piu' di utilita'(in basso a sn),nella finestra che si apre clicca resident,leva la spunta a "attiva il teatimer di resident"spegni e riaccendi,ma prima fai tutto il resto che ti ho detto.

ciao wolfe,a onor del vero l avevo visto anche prima ma me ne ero dimenticato,mi hai preceduto di un soffio....
Torna in alto
 
beatrice49
Inviato: Tuesday, June 29, 2010 1:45:24 AM

Rank: AiutAmico

Iscritto dal : 3/6/2004
Posts: 34
paolopa ha scritto:
mi sono accorto adesso che hai il teatimer di spybot,lo devi levare,fai cosi':apri spybot,clicca su modalita'(in alto a sn),modalita' avanzate,clicca sul piu' di utilita'(in basso a sn),nella finestra che si apre clicca resident,leva la spunta a "attiva il teatimer di resident"spegni e riaccendi,ma prima fai tutto il resto che ti ho detto.

ciao wolfe,a onor del vero l avevo visto anche prima ma me ne ero dimenticato,mi hai preceduto di un soffio....

Grazie... fatto tutto credo....cosa mi dite di flash player? crea problemi? A me funziona male credo.
Torna in alto
 
paolopa
Inviato: Tuesday, June 29, 2010 6:36:52 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
mi fai vedere il report di malwarebytes?non dici neppure se ti ha trovato qualcosa...
ci sono altre cose da fare,nel log di hijack risultavano infezioni e sarebbe bene andare un po piu' a fondo,poi vedi tu se vuoi o meno.
Torna in alto
 
beatrice49
Inviato: Tuesday, June 29, 2010 10:32:40 AM

Rank: AiutAmico

Iscritto dal : 3/6/2004
Posts: 34
paolopa ha scritto:
mi fai vedere il report di malwarebytes?non dici neppure se ti ha trovato qualcosa...
ci sono altre cose da fare,nel log di hijack risultavano infezioni e sarebbe bene andare un po piu' a fondo,poi vedi tu se vuoi o meno.

Questo è il risultato della scansione veloce:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4251

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/06/2010 0.35.55
mbam-log-2010-06-29 (00-35-55).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 147293
Tempo trascorso: 7 minuti, 20 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 1
Voci infette nei dati di registro: 0
Cartelle infette: 2
File infetti: 3

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FLTOKOMGR (Worm.KoobFace) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\meetsvc (Worm.KoobFace) -> No action taken.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
C:\Programmi\File comuni\PersonSecurityUninstall (Rogue.PersonalSecurity) -> No action taken.
C:\Documents and Settings\All Users\Menu Avvio\PersonSecurity (Rogue.PersonalSecurity) -> No action taken.

File infetti:
C:\Programmi\File comuni\PersonSecurityUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> No action taken.
C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> No action taken.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> No action taken.
Poi ho rifatto la scansione approfondita e questi sono i risultati:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4251

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/06/2010 8.34.31
mbam-log-2010-06-29 (08-34-31).txt

Tipo di scansione: Scansione completa (C:\|D:\|G:\|)
Elementi esaminati: 362509
Tempo trascorso: 2 ore, 35 minuti, 10 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 1

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\Qoobox\Quarantine\C\Programmi\SudoPlanet\SudoPlanet.dll.vir (Rogue.SudoPlanet) -> Quarantined and deleted successfully.
Ti ringrazio molto e certamente desidero andare più a fondo!
Torna in alto
 
beatrice49
Inviato: Tuesday, June 29, 2010 10:43:40 AM

Rank: AiutAmico

Iscritto dal : 3/6/2004
Posts: 34
[
c è una voce che mi dice che il tuo avg ha qualche problema,ma ne parliamo poi,intanto fai questo.
ps:vai in istallazione applicazioni e disinstalla zynga toolbar[/quote]
Non riesco a farlo Ogni volta che ci provo (anche con CCleaner) mi compare questa finestra: COULD NOT OPEN INSTALL.LOG file...
Torna in alto
 
paolopa
Inviato: Tuesday, June 29, 2010 11:32:44 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
elimina cio' che ha rilevato malwarebytes,scarica questo programma(se non vuoi installarlo c è la versione usb)e prova ad eliminare zynga toolbar.
http://www.aiutamici.com/software?ID=80254
hai gia effettuato una scansione con combofix?la cartella quoobox è la sua quarantena...sara' bene rifarla e vedere il log:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì. questo è per eliminare i rimasugli di combo,poi:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e
chiudi TUTTI i programmi aperti,(Firewall compreso) e

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix)
tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse)
e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
beatrice49
Inviato: Tuesday, June 29, 2010 2:50:32 PM

Rank: AiutAmico

Iscritto dal : 3/6/2004
Posts: 34
[quote=paolopa]elimina cio' che ha rilevato malwarebytes,scarica questo programma(se non vuoi installarlo c è la versione usb)e prova ad eliminare zynga toolbar.
http://www.aiutamici.com/software?ID=80254


Puff puff... Intanto sono riuscita faticosamente ad eliminare Zynga... con Revo U... ora proseguo! Intanto mi devo scaricare Combo fix...
Torna in alto
 
beatrice49
Inviato: Tuesday, June 29, 2010 4:05:02 PM

Rank: AiutAmico

Iscritto dal : 3/6/2004
Posts: 34
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
[/quote]
Un po' lunghetto... ma eccolo!
ComboFix 10-06-28.01 - Beatrice 29/06/2010 15.29.55.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1545 [GMT 2:00]
Eseguito da: c:\documents and settings\Beatrice\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\010112010146115119.xxe
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\0101120101465198.xxe
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\etdtqaq.dat
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\etdtqaq_nav.dat
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\etdtqaq_navps.dat
c:\windows\system32\uol.log
c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-05-28 al 2010-06-29 )))))))))))))))))))))))))))))))))))
.

2010-06-27 21:10 . 2010-06-27 21:11 -------- d-----w- c:\documents and settings\Beatrice\Dati applicazioni\.clamwin
2010-06-27 21:10 . 2010-06-27 21:10 -------- d-----w- c:\programmi\ClamWin
2010-06-27 21:10 . 2010-06-27 21:10 -------- d-----w- c:\documents and settings\All Users\.clamwin
2010-06-26 16:25 . 2008-03-17 09:56 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2010-06-26 16:25 . 2008-03-17 09:03 101376 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2010-06-26 16:25 . 2008-03-16 12:47 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-06-26 16:25 . 2008-01-22 13:09 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-06-26 16:25 . 2007-08-09 02:13 24448 ----a-r- c:\windows\system32\drivers\ewdcsc.sys
2010-06-26 13:55 . 2010-06-26 13:55 -------- d-----w- c:\documents and settings\Beatrice\Dati applicazioni\Uniblue
2010-06-26 11:19 . 2010-06-26 11:19 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-26 11:18 . 2010-06-29 12:38 -------- d-----w- c:\programmi\VS Revo Group
2010-06-26 11:18 . 2010-06-26 11:18 -------- d-----w- c:\programmi\StyleCam Blink
2010-06-26 11:18 . 2010-06-26 11:18 -------- d-----w- c:\programmi\BurracoOnLine
2010-06-26 11:18 . 2010-06-26 11:18 -------- d-----w- c:\programmi\McAfee Security Scan
2010-06-26 11:17 . 2010-06-26 12:10 -------- d-----w- c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga
2010-06-26 11:17 . 2010-06-26 11:17 -------- d-----w- c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Conduit
2010-06-26 11:17 . 2010-06-26 11:17 -------- d-----w- c:\programmi\Conduit
2010-06-25 19:46 . 2010-06-25 19:46 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2010-06-25 19:46 . 2010-06-25 19:46 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-06-25 19:46 . 2010-06-25 19:46 -------- d-----w- c:\programmi\Pirelli
2010-06-24 16:34 . 2010-06-26 16:25 -------- d-----w- c:\programmi\3 Internet
2010-06-10 08:47 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 08:30 . 2010-06-28 22:17 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-28 22:17 . 2010-06-28 22:17 -------- d-----w- c:\documents and settings\Beatrice\Dati applicazioni\Malwarebytes
2010-06-28 22:17 . 2010-06-28 22:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-28 14:19 . 2010-06-28 14:19 388096 ----a-r- c:\documents and settings\Beatrice\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-28 01:02 . 2001-08-31 10:00 546790 ----a-w- c:\windows\system32\perfh010.dat
2010-06-28 01:02 . 2001-08-31 10:00 105654 ----a-w- c:\windows\system32\perfc010.dat
2010-06-26 16:22 . 2008-11-17 12:45 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-06-26 16:22 . 2010-04-26 11:25 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-06-26 14:06 . 2006-04-14 17:11 -------- d-----w- c:\programmi\eMule
2010-06-26 11:18 . 2006-12-01 16:03 -------- d-----w- c:\programmi\BOL
2010-06-25 20:30 . 2007-04-23 07:57 -------- d-----w- c:\programmi\TELE2
2010-06-25 20:29 . 2007-09-11 14:44 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-06-25 20:29 . 2008-12-20 11:52 -------- d-----w- c:\programmi\Samsung
2010-06-25 20:28 . 2007-02-07 17:52 -------- d-----w- c:\programmi\Java
2010-06-25 19:42 . 2009-10-02 22:34 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-26 09:09 . 2008-09-21 19:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-05-17 21:09 . 2006-04-14 17:25 -------- d-----w- c:\documents and settings\Beatrice\Dati applicazioni\Skype
2010-05-17 21:07 . 2008-07-15 20:38 -------- d-----w- c:\documents and settings\Beatrice\Dati applicazioni\skypePM
2010-05-15 16:45 . 2006-04-14 15:59 -------- d-----w- c:\programmi\Google
2010-05-11 18:09 . 2006-08-13 22:56 2404 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 10:32 . 2004-08-19 15:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 21:04 . 2008-07-24 19:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2010-05-03 21:04 . 2010-05-03 21:04 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-05-03 21:03 . 2008-03-08 12:45 -------- d-----w- c:\programmi\Nokia
2010-05-03 21:01 . 2009-12-03 07:44 -------- d-----w- c:\programmi\File comuni\Nokia
2010-05-03 20:58 . 2010-05-03 20:58 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}\Installer\CommonCustomActions\msxml6Exec.exe
2010-05-03 20:58 . 2010-05-03 20:58 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}\Installer\CommonCustomActions\Sleep.exe
2010-05-03 20:58 . 2010-05-03 20:58 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}\Installer\CommonCustomActions\vcredistExec.exe
2010-05-03 20:58 . 2010-05-03 20:59 35771808 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}\NokiaSoftwareUpdaterSetup_2.5.1IT.exe
2010-05-02 08:06 . 2004-08-19 15:31 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2010-06-28 22:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-06-28 22:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2004-08-19 15:37 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-10-02 21:10 . 2003-09-16 11:18 779 ----a-w- c:\programmi\IncrediMail.lnk
2008-12-17 19:22 . 2008-12-17 19:20 7339496 ----a-w- c:\programmi\Firefox Setup 3.0.5.exe
2008-12-16 12:57 . 2008-12-16 12:56 1851544 ----a-w- c:\programmi\install_flash_player.exe
2008-05-19 20:22 . 2008-05-19 20:21 1341879 ----a-w- c:\programmi\VirtualDub-1.7.8.zip
2008-01-12 15:42 . 2008-01-22 13:40 187904 ----a-w- c:\programmi\HijackThis.exe
2007-02-07 18:36 . 2007-02-07 18:35 6087482 ----a-w- c:\programmi\Diagnostic Tool for the Microsoft VM 1.0a ITA.zip
2006-11-14 09:48 . 2006-11-14 09:48 68096 ----a-w- c:\programmi\NEKO95.EXE
2006-10-23 08:37 . 2006-10-23 08:37 4675160 ----a-w- c:\programmi\MsgPlusLive-401.exe
2005-06-02 11:26 . 2008-01-16 14:32 4542600 ----a-w- c:\programmi\ymsgrit.exe
2003-09-16 11:14 . 2004-03-03 15:29 6115987 ----a-w- c:\programmi\IncrediMailSetup_it.exe
2001-03-31 17:47 . 2001-03-31 17:47 25 -c--a-w- c:\programmi\PowerDVD Player - with CD-Key.txt
2001-02-05 21:41 . 2001-02-05 21:41 29 -c--a-r- c:\programmi\custom.ini
2001-02-05 09:26 . 2001-02-05 09:26 417 -c--a-r- c:\programmi\layout.bin
2001-02-05 09:26 . 2001-02-05 09:26 65454 -c--a-r- c:\programmi\data1.hdr
2001-02-05 09:26 . 2001-02-05 09:26 13994673 ----a-r- c:\programmi\data2.cab
2001-02-05 09:25 . 2001-02-05 09:25 1610883 ----a-r- c:\programmi\data1.cab
2001-02-05 09:25 . 2001-02-05 09:25 396 -c--a-r- c:\programmi\Setup.ini
2001-02-05 09:25 . 2001-02-05 09:25 226897 -c--a-r- c:\programmi\setup.inx
2001-02-05 09:24 . 2001-02-05 09:24 228 -c--a-r- c:\programmi\powerdvd.sim
2000-10-05 14:01 . 2000-10-05 14:01 339565 -c--a-r- c:\programmi\ikernel.ex_
2000-01-27 13:16 . 2006-10-27 12:20 18 -c--a-w- c:\programmi\Winzip 8.0 Reg#.txt
1999-11-17 07:24 . 1999-11-17 07:24 4703784 ----a-r- c:\programmi\DXMEDIA.EXE
1998-01-14 02:57 . 1998-01-14 02:57 195841 ----a-r- c:\programmi\aspiinst.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-04-22 136176]
"Mobile Partner"="c:\programmi\3 Internet\3 Internet.exe" [2010-06-26 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-07-24 98304]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-10-09 198160]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2010-05-24 86016]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^LG SyncManager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\LG SyncManager.lnk
backup=c:\windows\pss\LG SyncManager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2006-12-12 12:10 87584 ----a-w- c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 13:35 1410344 ----a-w- c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2005-08-31 18:27 1658592 ----a-w- c:\programmi\Messenger\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 07:51 1836328 ----a-w- c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-07-24 19:40 98304 ----a-w- c:\programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-24 23:11 132496 -c--a-w- c:\programmi\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-13 10:44 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-09 21:16 198160 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\Msmsgs.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Programmi\\Kazaa Lite K++\\Kazaa.kpp"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Hercules\\Classic Silver\\Station2.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:VMware FilterPort

R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [06/06/2008 14.31.54 94720]
S1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS --> c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 FltOkoMgr;VMware Monitor CD ACPI Terminal List;c:\windows\system32\svchost.exe -k meetsvc [19/08/2004 17.39.46 14336]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [15/05/2010 18.45.20 136176]
S3 D500U;D500U;c:\windows\system32\drivers\D500U.sys [29/05/2007 14.53.40 50389]
S3 mad600m;mad600m;c:\windows\system32\drivers\mad600m.sys [29/05/2007 14.55.16 25044]
S3 mad600u;mad600u;c:\windows\system32\drivers\mad600u.sys [22/08/2007 18.35.22 51038]
S3 MXBULK;DualCam Still, MXBulk3.Sys;c:\windows\system32\drivers\MXBulk3.sys [19/04/2006 18.46.31 50688]
S3 MXCap;DSC-06 Video Camera;c:\windows\system32\drivers\MXCap3.sys [19/04/2006 18.46.32 63104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03/05/2010 23.03.58 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [03/05/2010 23.03.59 8320]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [20/04/2010 18.43.21 27064]
S3 slicedisk.sys;slicedisk.sys;\??\c:\windows\system32\slicedisk.sys --> c:\windows\system32\slicedisk.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-15 16:45]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-15 16:45]

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-682003330-1003Core.job
- c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-22 07:20]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-682003330-1003UA.job
- c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-22 07:20]

2010-06-29 c:\windows\Tasks\User_Feed_Synchronization-{2402940F-D7E0-4558-9152-0EB20F0A363E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-06-29 c:\windows\Tasks\User_Feed_Synchronization-{EED2BDA2-2C46-4519-B788-EFAB2125BF62}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.deinumidithor.com/alani/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {0E44035F-3526-4D21-932D-EEBE5EBD3FA0}
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Beatrice\Dati applicazioni\Mozilla\Firefox\Profiles\cchcpgng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.deinumidithor.com/alani/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
MSConfigStartUp-Acronis True Image Monitor - c:\programmi\Acronis\TrueImage\TrueImageMonitor.exe
MSConfigStartUp-amxkwjbhtm - c:\documents and settings\beatrice\impostazioni locali\dati applicazioni\amxkwjbhtm.exe
MSConfigStartUp-Netlog 24 - c:\programmi\Netlog 24\Notifier\Netlog24Notifier.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
MSConfigStartUp-PcSync - c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-RecoverFromReboot - c:\windows\Temp\RecoverFromReboot.exe
AddRemove-Active WebCam - c:\program files\Active WebCam\PY_UNINSTAL.EXE SOFTWARE\PySoft\Act_WebCam



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-29 15:36
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,45,c0,c4,f1,07,bf,4b,90,64,f5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,45,c0,c4,f1,07,bf,4b,90,64,f5,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\fggnv]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
"{B9E3A781-69E8-293D-85C9-A4391A07705F}"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\ygscr]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\relog_ap.dll
.
Ora fine scansione: 2010-06-29 15:39:06
ComboFix-quarantined-files.txt 2010-06-29 13:38

Pre-Run: 90.415.640.576 byte disponibili
Post-Run: 90.536.247.296 byte disponibili

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - E550B3C9916AA6454547ABA374336640
Torna in alto
 
paolopa
Inviato: Tuesday, June 29, 2010 5:22:49 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
combofix ti ha eliminato un po di problemi,ma presumo che sia necessario uno script,e te lo deve far eseguire r16,io non sono in grado anche se mi ci arrovello sopra da un po...attendendo lui fai queste operazioni:
Scarica TFC by OldTimer sul desktop
http://oldtimer.geekstogo.com/TFC.exe
chiudi tutti i programmi
avvia TFC, clicca su "start"
al termine della scansione ti chiederà il riavvio, dai ok.
poi:
Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta
a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie),
registro compreso.
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows,
aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci
conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su
Remove selected
combofix per il momento lo teniamo installato perchè servira' per lo script,e i punti di ripristino che contengono le immagini infette li cancelliamo dopo,anche se contengono infezioni sono sempre un ancora di salvataggio....
Torna in alto
 
r16
Inviato: Tuesday, June 29, 2010 5:51:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao beatrice49 .

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

Folder::
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga
c:\programmi\Java\jre1.6.0_03
c:\programmi\McAfee Security Scan

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia da solo, riavvialo tu.
Posta il log aggiornato di combofix.
Torna in alto
 
beatrice49
Inviato: Wednesday, June 30, 2010 12:30:12 AM

Rank: AiutAmico

Iscritto dal : 3/6/2004
Posts: 34
r16 ha scritto:
Ciao beatrice49 .

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

Folder::
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga
c:\programmi\Java\jre1.6.0_03
c:\programmi\McAfee Security Scan

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia da solo, riavvialo tu.
Posta il log aggiornato di combofix.


Sono impossibilitata a proseguire per via del fatto che non riesco a disattivare AVG in nessuna maniera!! Oggi pomeriggio, prima di far girare Combo l'ho proprio disinstallato non riuscendo a disattivarlo, e ora che lo ho appena riinstallato sono distrutta!! Che devo fare????
Torna in alto
 
beatrice49
Inviato: Wednesday, June 30, 2010 1:05:03 AM

Rank: AiutAmico

Iscritto dal : 3/6/2004
Posts: 34
[quote=beatrice49][quote=r16]Ciao beatrice49 .

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

Folder::
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga
c:\programmi\Java\jre1.6.0_03
c:\programmi\McAfee Security Scan

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia da solo, riavvialo tu.
Posta il log aggiornato di combofix.

Eccomi!! Con AVG (resident) disattivato!!! spero almeno... ed ecco il nuovo log:
ComboFix 10-06-28.01 - Beatrice 30/06/2010 0.40.17.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1451 [GMT 2:00]
Eseguito da: c:\documents and settings\Beatrice\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Beatrice\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_27_243_CT2438727_Images_633935932263402500_png.png
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_27_243_ct2438727_images_633937740843970000_png.png
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_27_243_CT2438727_Images_633961958884093750_png.png
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_27_243_CT2438727_Images_Menu-Bsilkset_help_gif-Silk_2-633935931302152500_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_27_243_CT2438727_Images_Menu-Dsilkset_comments_gif-Silk_3-633935930069808750_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_27_243_CT2438727_Images_SearchActivationButton-go_but20_gif-General-633936029048558750_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_skins_zynga_dragline_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\CacheIcons\http___storage_conduit_com_images_skins_zynga_seperator_gif.gif
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\LanguagePack\en\LanguagePack.xml
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\LocalSettings.txt
c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Zynga\ThirdPartyComponents.xml
c:\programmi\Java\jre1.6.0_03
c:\programmi\Java\jre1.6.0_03\bin\awt.dll
c:\programmi\Java\jre1.6.0_03\bin\axbridge.dll
c:\programmi\Java\jre1.6.0_03\bin\client\classes.jsa
c:\programmi\Java\jre1.6.0_03\bin\client\jvm.dll
c:\programmi\Java\jre1.6.0_03\bin\client\Xusage.txt
c:\programmi\Java\jre1.6.0_03\bin\cmm.dll
c:\programmi\Java\jre1.6.0_03\bin\dcpr.dll
c:\programmi\Java\jre1.6.0_03\bin\deploy.dll
c:\programmi\Java\jre1.6.0_03\bin\dt_shmem.dll
c:\programmi\Java\jre1.6.0_03\bin\dt_socket.dll
c:\programmi\Java\jre1.6.0_03\bin\fontmanager.dll
c:\programmi\Java\jre1.6.0_03\bin\hpi.dll
c:\programmi\Java\jre1.6.0_03\bin\hprof.dll
c:\programmi\Java\jre1.6.0_03\bin\instrument.dll
c:\programmi\Java\jre1.6.0_03\bin\ioser12.dll
c:\programmi\Java\jre1.6.0_03\bin\j2pcsc.dll
c:\programmi\Java\jre1.6.0_03\bin\j2pkcs11.dll
c:\programmi\Java\jre1.6.0_03\bin\jaas_nt.dll
c:\programmi\Java\jre1.6.0_03\bin\java-rmi.exe
c:\programmi\Java\jre1.6.0_03\bin\java.dll
c:\programmi\Java\jre1.6.0_03\bin\java.exe
c:\programmi\Java\jre1.6.0_03\bin\java_crw_demo.dll
c:\programmi\Java\jre1.6.0_03\bin\javacpl.cpl
c:\programmi\Java\jre1.6.0_03\bin\javacpl.exe
c:\programmi\Java\jre1.6.0_03\bin\javaw.exe
c:\programmi\Java\jre1.6.0_03\bin\javaws.exe
c:\programmi\Java\jre1.6.0_03\bin\jawt.dll
c:\programmi\Java\jre1.6.0_03\bin\JdbcOdbc.dll
c:\programmi\Java\jre1.6.0_03\bin\jdwp.dll
c:\programmi\Java\jre1.6.0_03\bin\jli.dll
c:\programmi\Java\jre1.6.0_03\bin\jpeg.dll
c:\programmi\Java\jre1.6.0_03\bin\jpicom.dll
c:\programmi\Java\jre1.6.0_03\bin\jpiexp.dll
c:\programmi\Java\jre1.6.0_03\bin\jpinscp.dll
c:\programmi\Java\jre1.6.0_03\bin\jpioji.dll
c:\programmi\Java\jre1.6.0_03\bin\jpishare.dll
c:\programmi\Java\jre1.6.0_03\bin\jsound.dll
c:\programmi\Java\jre1.6.0_03\bin\jsoundds.dll
c:\programmi\Java\jre1.6.0_03\bin\jucheck.exe
c:\programmi\Java\jre1.6.0_03\bin\jureg.exe
c:\programmi\Java\jre1.6.0_03\bin\jusched.exe
c:\programmi\Java\jre1.6.0_03\bin\keytool.exe
c:\programmi\Java\jre1.6.0_03\bin\kinit.exe
c:\programmi\Java\jre1.6.0_03\bin\klist.exe
c:\programmi\Java\jre1.6.0_03\bin\ktab.exe
c:\programmi\Java\jre1.6.0_03\bin\management.dll
c:\programmi\Java\jre1.6.0_03\bin\msvcr71.dll
c:\programmi\Java\jre1.6.0_03\bin\net.dll
c:\programmi\Java\jre1.6.0_03\bin\nio.dll
c:\programmi\Java\jre1.6.0_03\bin\npjava11.dll
c:\programmi\Java\jre1.6.0_03\bin\npjava12.dll
c:\programmi\Java\jre1.6.0_03\bin\npjava13.dll
c:\programmi\Java\jre1.6.0_03\bin\npjava14.dll
c:\programmi\Java\jre1.6.0_03\bin\npjava32.dll
c:\programmi\Java\jre1.6.0_03\bin\npjpi160_03.dll
c:\programmi\Java\jre1.6.0_03\bin\npoji610.dll
c:\programmi\Java\jre1.6.0_03\bin\npt.dll
c:\programmi\Java\jre1.6.0_03\bin\orbd.exe
c:\programmi\Java\jre1.6.0_03\bin\pack200.exe
c:\programmi\Java\jre1.6.0_03\bin\policytool.exe
c:\programmi\Java\jre1.6.0_03\bin\regutils.dll
c:\programmi\Java\jre1.6.0_03\bin\rmi.dll
c:\programmi\Java\jre1.6.0_03\bin\rmid.exe
c:\programmi\Java\jre1.6.0_03\bin\rmiregistry.exe
c:\programmi\Java\jre1.6.0_03\bin\servertool.exe
c:\programmi\Java\jre1.6.0_03\bin\splashscreen.dll
c:\programmi\Java\jre1.6.0_03\bin\ssv.dll
c:\programmi\Java\jre1.6.0_03\bin\sunmscapi.dll
c:\programmi\Java\jre1.6.0_03\bin\tnameserv.exe
c:\programmi\Java\jre1.6.0_03\bin\unpack.dll
c:\programmi\Java\jre1.6.0_03\bin\unpack200.exe
c:\programmi\Java\jre1.6.0_03\bin\verify.dll
c:\programmi\Java\jre1.6.0_03\bin\w2k_lsa_auth.dll
c:\programmi\Java\jre1.6.0_03\bin\wsdetect.dll
c:\programmi\Java\jre1.6.0_03\bin\zip.dll
c:\programmi\Java\jre1.6.0_03\COPYRIGHT
c:\programmi\Java\jre1.6.0_03\launch4j-tmp\ShapeCollage.exe
c:\programmi\Java\jre1.6.0_03\lib\calendars.properties
c:\programmi\Java\jre1.6.0_03\lib\classlist
c:\programmi\Java\jre1.6.0_03\lib\cmm\CIEXYZ.pf
c:\programmi\Java\jre1.6.0_03\lib\cmm\GRAY.pf
c:\programmi\Java\jre1.6.0_03\lib\cmm\LINEAR_RGB.pf
c:\programmi\Java\jre1.6.0_03\lib\cmm\sRGB.pf
c:\programmi\Java\jre1.6.0_03\lib\content-types.properties
c:\programmi\Java\jre1.6.0_03\lib\deploy.jar
c:\programmi\Java\jre1.6.0_03\lib\deploy\ffjcext.zip
c:\programmi\Java\jre1.6.0_03\lib\deploy\messages.properties
c:\programmi\Java\jre1.6.0_03\lib\deploy\messages_de.properties
c:\programmi\Java\jre1.6.0_03\lib\deploy\messages_es.properties
c:\programmi\Java\jre1.6.0_03\lib\deploy\messages_fr.properties
c:\programmi\Java\jre1.6.0_03\lib\deploy\messages_it.properties
c:\programmi\Java\jre1.6.0_03\lib\deploy\messages_ja.properties
c:\programmi\Java\jre1.6.0_03\lib\deploy\messages_ko.properties
c:\programmi\Java\jre1.6.0_03\lib\deploy\messages_sv.properties
c:\programmi\Java\jre1.6.0_03\lib\deploy\messages_zh_CN.properties
c:\programmi\Java\jre1.6.0_03\lib\deploy\messages_zh_HK.properties
c:\programmi\Java\jre1.6.0_03\lib\deploy\messages_zh_TW.properties
c:\programmi\Java\jre1.6.0_03\lib\deploy\splash.jpg
c:\programmi\Java\jre1.6.0_03\lib\ext\dnsns.jar
c:\programmi\Java\jre1.6.0_03\lib\ext\meta-index
c:\programmi\Java\jre1.6.0_03\lib\ext\sunjce_provider.jar
c:\programmi\Java\jre1.6.0_03\lib\ext\sunmscapi.jar
c:\programmi\Java\jre1.6.0_03\lib\ext\sunpkcs11.jar
c:\programmi\Java\jre1.6.0_03\lib\flavormap.properties
c:\programmi\Java\jre1.6.0_03\lib\fontconfig.98.bfc
c:\programmi\Java\jre1.6.0_03\lib\fontconfig.98.properties.src
c:\programmi\Java\jre1.6.0_03\lib\fontconfig.bfc
c:\programmi\Java\jre1.6.0_03\lib\fontconfig.properties.src
c:\programmi\Java\jre1.6.0_03\lib\fonts\LucidaSansRegular.ttf
c:\programmi\Java\jre1.6.0_03\lib\i386\jvm.cfg
c:\programmi\Java\jre1.6.0_03\lib\im\indicim.jar
c:\programmi\Java\jre1.6.0_03\lib\im\thaiim.jar
c:\programmi\Java\jre1.6.0_03\lib\images\cursors\cursors.properties
c:\programmi\Java\jre1.6.0_03\lib\images\cursors\invalid32x32.gif
c:\programmi\Java\jre1.6.0_03\lib\images\cursors\win32_CopyDrop32x32.gif
c:\programmi\Java\jre1.6.0_03\lib\images\cursors\win32_CopyNoDrop32x32.gif
c:\programmi\Java\jre1.6.0_03\lib\images\cursors\win32_LinkDrop32x32.gif
c:\programmi\Java\jre1.6.0_03\lib\images\cursors\win32_LinkNoDrop32x32.gif
c:\programmi\Java\jre1.6.0_03\lib\images\cursors\win32_MoveDrop32x32.gif
c:\programmi\Java\jre1.6.0_03\lib\images\cursors\win32_MoveNoDrop32x32.gif
c:\programmi\Java\jre1.6.0_03\lib\javaws.jar
c:\programmi\Java\jre1.6.0_03\lib\jce.jar
c:\programmi\Java\jre1.6.0_03\lib\jsse.jar
c:\programmi\Java\jre1.6.0_03\lib\jvm.hprof.txt
c:\programmi\Java\jre1.6.0_03\lib\logging.properties
c:\programmi\Java\jre1.6.0_03\lib\management-agent.jar
c:\programmi\Java\jre1.6.0_03\lib\management\jmxremote.access
c:\programmi\Java\jre1.6.0_03\lib\management\jmxremote.password.template
c:\programmi\Java\jre1.6.0_03\lib\management\management.properties
c:\programmi\Java\jre1.6.0_03\lib\management\snmp.acl.template
c:\programmi\Java\jre1.6.0_03\lib\meta-index
c:\programmi\Java\jre1.6.0_03\lib\net.properties
c:\programmi\Java\jre1.6.0_03\lib\plugin.jar
c:\programmi\Java\jre1.6.0_03\lib\psfont.properties.ja
c:\programmi\Java\jre1.6.0_03\lib\psfontj2d.properties
c:\programmi\Java\jre1.6.0_03\lib\resources.jar
c:\programmi\Java\jre1.6.0_03\lib\rt.jar
c:\programmi\Java\jre1.6.0_03\lib\security\cacerts
c:\programmi\Java\jre1.6.0_03\lib\security\java.policy
c:\programmi\Java\jre1.6.0_03\lib\security\java.security
c:\programmi\Java\jre1.6.0_03\lib\security\javaws.policy
c:\programmi\Java\jre1.6.0_03\lib\security\local_policy.jar
c:\programmi\Java\jre1.6.0_03\lib\security\US_export_policy.jar
c:\programmi\Java\jre1.6.0_03\lib\sound.properties
c:\programmi\Java\jre1.6.0_03\lib\tzmappings
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Abidjan
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Accra
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Addis_Ababa
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Algiers
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Asmara
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Bamako
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Bangui
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Banjul
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Bissau
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Blantyre
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Brazzaville
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Bujumbura
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Cairo
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Casablanca
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Ceuta
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Conakry
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Dakar
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Dar_es_Salaam
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Djibouti
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Douala
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\El_Aaiun
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Freetown
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Gaborone
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Harare
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Johannesburg
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Kampala
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Khartoum
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Kigali
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Kinshasa
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Lagos
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Libreville
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Lome
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Luanda
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Lubumbashi
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Lusaka
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Malabo
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Maputo
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Maseru
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Mbabane
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Mogadishu
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Monrovia
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Nairobi
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Ndjamena
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Niamey
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Nouakchott
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Ouagadougou
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Porto-Novo
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Sao_Tome
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Tripoli
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Tunis
c:\programmi\Java\jre1.6.0_03\lib\zi\Africa\Windhoek
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Adak
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Anchorage
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Anguilla
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Antigua
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Araguaina
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Argentina\Buenos_Aires
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Argentina\Catamarca
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Argentina\Cordoba
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Argentina\Jujuy
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Argentina\La_Rioja
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Argentina\Mendoza
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Argentina\Rio_Gallegos
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Argentina\San_Juan
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Argentina\Tucuman
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Argentina\Ushuaia
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Aruba
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Asuncion
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Atikokan
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Bahia
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Barbados
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Belem
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Belize
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Blanc-Sablon
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Boa_Vista
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Bogota
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Boise
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Cambridge_Bay
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Campo_Grande
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Cancun
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Caracas
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Cayenne
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Cayman
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Chicago
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Chihuahua
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Costa_Rica
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Cuiaba
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Curacao
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Danmarkshavn
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Dawson
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Dawson_Creek
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Denver
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Detroit
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Dominica
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Edmonton
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Eirunepe
c:\programmi\Java\jre1.6.0_03\lib\zi\America\El_Salvador
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Fortaleza
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Glace_Bay
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Godthab
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Goose_Bay
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Grand_Turk
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Grenada
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Guadeloupe
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Guatemala
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Guayaquil
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Guyana
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Halifax
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Havana
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Hermosillo
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Indiana\Indianapolis
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Indiana\Knox
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Indiana\Marengo
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Indiana\Petersburg
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Indiana\Tell_City
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Indiana\Vevay
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Indiana\Vincennes
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Indiana\Winamac
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Inuvik
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Iqaluit
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Jamaica
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Juneau
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Kentucky\Louisville
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Kentucky\Monticello
c:\programmi\Java\jre1.6.0_03\lib\zi\America\La_Paz
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Lima
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Los_Angeles
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Maceio
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Managua
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Manaus
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Martinique
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Mazatlan
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Menominee
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Merida
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Mexico_City
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Miquelon
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Moncton
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Monterrey
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Montevideo
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Montreal
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Montserrat
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Nassau
c:\programmi\Java\jre1.6.0_03\lib\zi\America\New_York
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Nipigon
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Nome
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Noronha
c:\programmi\Java\jre1.6.0_03\lib\zi\America\North_Dakota\Center
c:\programmi\Java\jre1.6.0_03\lib\zi\America\North_Dakota\New_Salem
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Panama
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Pangnirtung
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Paramaribo
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Phoenix
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Port-au-Prince
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Port_of_Spain
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Porto_Velho
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Puerto_Rico
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Rainy_River
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Rankin_Inlet
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Recife
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Regina
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Resolute
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Rio_Branco
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Santiago
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Santo_Domingo
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Sao_Paulo
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Scoresbysund
c:\programmi\Java\jre1.6.0_03\lib\zi\America\St_Johns
c:\programmi\Java\jre1.6.0_03\lib\zi\America\St_Kitts
c:\programmi\Java\jre1.6.0_03\lib\zi\America\St_Lucia
c:\programmi\Java\jre1.6.0_03\lib\zi\America\St_Thomas
c:\programmi\Java\jre1.6.0_03\lib\zi\America\St_Vincent
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Swift_Current
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Tegucigalpa
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Thule
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Thunder_Bay
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Tijuana
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Toronto
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Tortola
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Vancouver
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Whitehorse
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Winnipeg
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Yakutat
c:\programmi\Java\jre1.6.0_03\lib\zi\America\Yellowknife
c:\programmi\Java\jre1.6.0_03\lib\zi\Antarctica\Casey
c:\programmi\Java\jre1.6.0_03\lib\zi\Antarctica\Davis
c:\programmi\Java\jre1.6.0_03\lib\zi\Antarctica\DumontDUrville
c:\programmi\Java\jre1.6.0_03\lib\zi\Antarctica\Mawson
c:\programmi\Java\jre1.6.0_03\lib\zi\Antarctica\McMurdo
c:\programmi\Java\jre1.6.0_03\lib\zi\Antarctica\Palmer
c:\programmi\Java\jre1.6.0_03\lib\zi\Antarctica\Rothera
c:\programmi\Java\jre1.6.0_03\lib\zi\Antarctica\Syowa
c:\programmi\Java\jre1.6.0_03\lib\zi\Antarctica\Vostok
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Aden
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Almaty
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Amman
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Anadyr
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Aqtau
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Aqtobe
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Ashgabat
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Baghdad
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Bahrain
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Baku
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Bangkok
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Beirut
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Bishkek
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Brunei
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Calcutta
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Choibalsan
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Chongqing
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Colombo
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Damascus
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Dhaka
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Dili
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Dubai
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Dushanbe
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Gaza
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Harbin
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Hong_Kong
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Hovd
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Irkutsk
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Jakarta
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Jayapura
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Jerusalem
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Kabul
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Kamchatka
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Karachi
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Kashgar
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Katmandu
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Krasnoyarsk
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Kuala_Lumpur
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Kuching
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Kuwait
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Macau
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Magadan
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Makassar
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Manila
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Muscat
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Nicosia
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Novosibirsk
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Omsk
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Oral
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Phnom_Penh
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Pontianak
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Pyongyang
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Qatar
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Qyzylorda
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Rangoon
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Riyadh
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Riyadh87
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Riyadh88
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Riyadh89
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Saigon
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Sakhalin
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Samarkand
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Seoul
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Shanghai
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Singapore
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Taipei
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Tashkent
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Tbilisi
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Tehran
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Thimphu
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Tokyo
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Ulaanbaatar
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Urumqi
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Vientiane
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Vladivostok
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Yakutsk
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Yekaterinburg
c:\programmi\Java\jre1.6.0_03\lib\zi\Asia\Yerevan
c:\programmi\Java\jre1.6.0_03\lib\zi\Atlantic\Azores
c:\programmi\Java\jre1.6.0_03\lib\zi\Atlantic\Bermuda
c:\programmi\Java\jre1.6.0_03\lib\zi\Atlantic\Canary
c:\programmi\Java\jre1.6.0_03\lib\zi\Atlantic\Cape_Verde
c:\programmi\Java\jre1.6.0_03\lib\zi\Atlantic\Faroe
c:\programmi\Java\jre1.6.0_03\lib\zi\Atlantic\Madeira
c:\programmi\Java\jre1.6.0_03\lib\zi\Atlantic\Reykjavik
c:\programmi\Java\jre1.6.0_03\lib\zi\Atlantic\South_Georgia
c:\programmi\Java\jre1.6.0_03\lib\zi\Atlantic\St_Helena
c:\programmi\Java\jre1.6.0_03\lib\zi\Atlantic\Stanley
c:\programmi\Java\jre1.6.0_03\lib\zi\Australia\Adelaide
c:\programmi\Java\jre1.6.0_03\lib\zi\Australia\Brisbane
c:\programmi\Java\jre1.6.0_03\lib\zi\Australia\Broken_Hill
c:\programmi\Java\jre1.6.0_03\lib\zi\Australia\Currie
c:\programmi\Java\jre1.6.0_03\lib\zi\Australia\Darwin
c:\programmi\Java\jre1.6.0_03\lib\zi\Australia\Eucla
c:\programmi\Java\jre1.6.0_03\lib\zi\Australia\Hobart
c:\programmi\Java\jre1.6.0_03\lib\zi\Australia\Lindeman
c:\programmi\Java\jre1.6.0_03\lib\zi\Australia\Lord_Howe
c:\programmi\Java\jre1.6.0_03\lib\zi\Australia\Melbourne
c:\programmi\Java\jre1.6.0_03\lib\zi\Australia\Perth
c:\programmi\Java\jre1.6.0_03\lib\zi\Australia\Sydney
c:\programmi\Java\jre1.6.0_03\lib\zi\CET
c:\programmi\Java\jre1.6.0_03\lib\zi\CST6CDT
c:\programmi\Java\jre1.6.0_03\lib\zi\EET
c:\programmi\Java\jre1.6.0_03\lib\zi\EST
c:\programmi\Java\jre1.6.0_03\lib\zi\EST5EDT
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-1
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-10
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-11
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-12
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-13
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-14
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-2
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-3
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-4
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-5
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-6
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-7
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-8
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT-9
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT+1
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT+10
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT+11
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT+12
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT+2
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT+3
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT+4
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT+5
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT+6
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT+7
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT+8
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\GMT+9
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\UCT
c:\programmi\Java\jre1.6.0_03\lib\zi\Etc\UTC
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Amsterdam
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Andorra
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Athens
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Belgrade
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Berlin
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Brussels
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Bucharest
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Budapest
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Chisinau
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Copenhagen
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Dublin
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Gibraltar
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Helsinki
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Istanbul
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Kaliningrad
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Kiev
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Lisbon
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\London
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Luxembourg
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Madrid
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Malta
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Minsk
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Monaco
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Moscow
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Oslo
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Paris
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Prague
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Riga
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Rome
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Samara
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Simferopol
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Sofia
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Stockholm
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Tallinn
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Tirane
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Uzhgorod
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Vaduz
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Vienna
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Vilnius
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Volgograd
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Warsaw
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Zaporozhye
c:\programmi\Java\jre1.6.0_03\lib\zi\Europe\Zurich
c:\programmi\Java\jre1.6.0_03\lib\zi\GMT
c:\programmi\Java\jre1.6.0_03\lib\zi\HST
c:\programmi\Java\jre1.6.0_03\lib\zi\Indian\Antananarivo
c:\programmi\Java\jre1.6.0_03\lib\zi\Indian\Chagos
c:\programmi\Java\jre1.6.0_03\lib\zi\Indian\Christmas
c:\programmi\Java\jre1.6.0_03\lib\zi\Indian\Cocos
c:\programmi\Java\jre1.6.0_03\lib\zi\Indian\Comoro
c:\programmi\Java\jre1.6.0_03\lib\zi\Indian\Kerguelen
c:\programmi\Java\jre1.6.0_03\lib\zi\Indian\Mahe
c:\programmi\Java\jre1.6.0_03\lib\zi\Indian\Maldives
c:\programmi\Java\jre1.6.0_03\lib\zi\Indian\Mauritius
c:\programmi\Java\jre1.6.0_03\lib\zi\Indian\Mayotte
c:\programmi\Java\jre1.6.0_03\lib\zi\Indian\Reunion
c:\programmi\Java\jre1.6.0_03\lib\zi\MET
c:\programmi\Java\jre1.6.0_03\lib\zi\MST
c:\programmi\Java\jre1.6.0_03\lib\zi\MST7MDT
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Apia
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Auckland
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Chatham
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Easter
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Efate
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Enderbury
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Fakaofo
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Fiji
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Funafuti
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Galapagos
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Gambier
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Guadalcanal
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Guam
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Honolulu
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Johnston
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Kiritimati
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Kosrae
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Kwajalein
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Majuro
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Marquesas
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Midway
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Nauru
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Niue
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Norfolk
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Noumea
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Pago_Pago
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Palau
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Pitcairn
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Ponape
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Port_Moresby
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Rarotonga
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Saipan
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Tahiti
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Tarawa
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Tongatapu
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Truk
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Wake
c:\programmi\Java\jre1.6.0_03\lib\zi\Pacific\Wallis
c:\programmi\Java\jre1.6.0_03\lib\zi\PST8PDT
c:\programmi\Java\jre1.6.0_03\lib\zi\SystemV\AST4
c:\programmi\Java\jre1.6.0_03\lib\zi\SystemV\AST4ADT
c:\programmi\Java\jre1.6.0_03\lib\zi\SystemV\CST6
c:\programmi\Java\jre1.6.0_03\lib\zi\SystemV\CST6CDT
c:\programmi\Java\jre1.6.0_03\lib\zi\SystemV\EST5
c:\programmi\Java\jre1.6.0_03\lib\zi\SystemV\EST5EDT
c:\programmi\Java\jre1.6.0_03\lib\zi\SystemV\HST10
c:\programmi\Java\jre1.6.0_03\lib\zi\SystemV\MST7
c:\programmi\Java\jre1.6.0_03\lib\zi\SystemV\MST7MDT
c:\programmi\Java\jre1.6.0_03\lib\zi\SystemV\PST8
c:\programmi\Java\jre1.6.0_03\lib\zi\SystemV\PST8PDT
c:\programmi\Java\jre1.6.0_03\lib\zi\SystemV\YST9
c:\programmi\Java\jre1.6.0_03\lib\zi\SystemV\YST9YDT
c:\programmi\Java\jre1.6.0_03\lib\zi\WET
c:\programmi\Java\jre1.6.0_03\lib\zi\ZoneInfoMappings
c:\programmi\Java\jre1.6.0_03\LICENSE
c:\programmi\Java\jre1.6.0_03\PATCH.ERR
c:\programmi\Java\jre1.6.0_03\README.txt
c:\programmi\Java\jre1.6.0_03\THIRDPARTYLICENSEREADME.txt
c:\programmi\Java\jre1.6.0_03\Welcome.html
c:\programmi\McAfee Security Scan
c:\programmi\McAfee Security Scan\1.0.150\ftconfig.ini
c:\programmi\McAfee Security Scan\1.0.150\mcbrwsr2.dll
c:\programmi\McAfee Security Scan\1.0.150\mcuicnt.exe
c:\programmi\McAfee Security Scan\1.0.150\SecurityScanner.dll
c:\programmi\McAfee Security Scan\1.0.150\SecurityScanner_LD.dll
c:\programmi\McAfee Security Scan\1.0.150\SSScheduler.exe
c:\programmi\McAfee Security Scan\uninstall.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-05-28 al 2010-06-29 )))))))))))))))))))))))))))))))))))
.

2010-06-29 22:12 . 2010-06-29 22:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-29 22:12 . 2010-06-29 22:12 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-29 22:12 . 2010-06-29 22:12 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-29 22:12 . 2010-06-29 22:12 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-29 22:11 . 2010-06-29 22:13 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-29 22:11 . 2010-06-29 22:11 -------- d-----w- c:\programmi\AVG
2010-06-29 22:11 . 2010-06-29 22:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-06-28 22:17 . 2010-06-28 22:17 -------- d-----w- c:\documents and settings\Beatrice\Dati applicazioni\Malwarebytes
2010-06-28 22:17 . 2010-06-28 22:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-28 22:17 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-28 22:17 . 2010-06-29 08:30 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-28 22:17 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-27 21:10 . 2010-06-27 21:11 -------- d-----w- c:\documents and settings\Beatrice\Dati applicazioni\.clamwin
2010-06-27 21:10 . 2010-06-27 21:10 -------- d-----w- c:\programmi\ClamWin
2010-06-27 21:10 . 2010-06-27 21:10 -------- d-----w- c:\documents and settings\All Users\.clamwin
2010-06-26 16:25 . 2008-03-17 09:56 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2010-06-26 16:25 . 2008-03-17 09:03 101376 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2010-06-10 08:47 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 12:38 . 2010-06-26 11:18 -------- d-----w- c:\programmi\VS Revo Group
2010-06-28 14:19 . 2010-06-28 14:19 388096 ----a-r- c:\documents and settings\Beatrice\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-28 01:02 . 2001-08-31 10:00 546790 ----a-w- c:\windows\system32\perfh010.dat
2010-06-28 01:02 . 2001-08-31 10:00 105654 ----a-w- c:\windows\system32\perfc010.dat
2010-06-26 16:25 . 2010-06-24 16:34 -------- d-----w- c:\programmi\3 Internet
2010-06-26 16:22 . 2008-11-17 12:45 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-06-26 16:22 . 2010-04-26 11:25 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-06-26 14:06 . 2006-04-14 17:11 -------- d-----w- c:\programmi\eMule
2010-06-26 13:55 . 2010-06-26 13:55 -------- d-----w- c:\documents and settings\Beatrice\Dati applicazioni\Uniblue
2010-06-26 11:18 . 2006-12-01 16:03 -------- d-----w- c:\programmi\BOL
2010-06-26 11:18 . 2010-06-26 11:18 -------- d-----w- c:\programmi\BurracoOnLine
2010-06-26 11:17 . 2010-06-26 11:17 -------- d-----w- c:\programmi\Conduit
2010-06-25 20:30 . 2007-04-23 07:57 -------- d-----w- c:\programmi\TELE2
2010-06-25 20:29 . 2007-09-11 14:44 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-06-25 20:29 . 2008-12-20 11:52 -------- d-----w- c:\programmi\Samsung
2010-06-25 20:28 . 2007-02-07 17:52 -------- d-----w- c:\programmi\Java
2010-06-25 19:46 . 2010-06-25 19:46 -------- d-----w- c:\programmi\Pirelli
2010-06-25 19:42 . 2009-10-02 22:34 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-26 09:09 . 2008-09-21 19:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-05-17 21:09 . 2006-04-14 17:25 -------- d-----w- c:\documents and settings\Beatrice\Dati applicazioni\Skype
2010-05-17 21:07 . 2008-07-15 20:38 -------- d-----w- c:\documents and settings\Beatrice\Dati applicazioni\skypePM
2010-05-15 16:45 . 2006-04-14 15:59 -------- d-----w- c:\programmi\Google
2010-05-11 18:09 . 2006-08-13 22:56 2404 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 10:32 . 2004-08-19 15:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 21:04 . 2008-07-24 19:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2010-05-03 21:04 . 2010-05-03 21:04 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-05-03 21:03 . 2008-03-08 12:45 -------- d-----w- c:\programmi\Nokia
2010-05-03 21:01 . 2009-12-03 07:44 -------- d-----w- c:\programmi\File comuni\Nokia
2010-05-03 20:58 . 2010-05-03 20:58 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}\Installer\CommonCustomActions\msxml6Exec.exe
2010-05-03 20:58 . 2010-05-03 20:58 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}\Installer\CommonCustomActions\Sleep.exe
2010-05-03 20:58 . 2010-05-03 20:58 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}\Installer\CommonCustomActions\vcredistExec.exe
2010-05-03 20:58 . 2010-05-03 20:59 35771808 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{73C0DA51-DB32-4F66-970B-7298F3CAF37F}\NokiaSoftwareUpdaterSetup_2.5.1IT.exe
2010-05-02 08:06 . 2004-08-19 15:31 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-19 15:37 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-10-02 21:10 . 2003-09-16 11:18 779 ----a-w- c:\programmi\IncrediMail.lnk
2008-12-17 19:22 . 2008-12-17 19:20 7339496 ----a-w- c:\programmi\Firefox Setup 3.0.5.exe
2008-12-16 12:57 . 2008-12-16 12:56 1851544 ----a-w- c:\programmi\install_flash_player.exe
2008-05-19 20:22 . 2008-05-19 20:21 1341879 ----a-w- c:\programmi\VirtualDub-1.7.8.zip
2008-01-12 15:42 . 2008-01-22 13:40 187904 ----a-w- c:\programmi\HijackThis.exe
2007-02-07 18:36 . 2007-02-07 18:35 6087482 ----a-w- c:\programmi\Diagnostic Tool for the Microsoft VM 1.0a ITA.zip
2006-11-14 09:48 . 2006-11-14 09:48 68096 ----a-w- c:\programmi\NEKO95.EXE
2006-10-23 08:37 . 2006-10-23 08:37 4675160 ----a-w- c:\programmi\MsgPlusLive-401.exe
2005-06-02 11:26 . 2008-01-16 14:32 4542600 ----a-w- c:\programmi\ymsgrit.exe
2003-09-16 11:14 . 2004-03-03 15:29 6115987 ----a-w- c:\programmi\IncrediMailSetup_it.exe
2001-03-31 17:47 . 2001-03-31 17:47 25 -c--a-w- c:\programmi\PowerDVD Player - with CD-Key.txt
2001-02-05 21:41 . 2001-02-05 21:41 29 -c--a-r- c:\programmi\custom.ini
2001-02-05 09:26 . 2001-02-05 09:26 417 -c--a-r- c:\programmi\layout.bin
2001-02-05 09:26 . 2001-02-05 09:26 65454 -c--a-r- c:\programmi\data1.hdr
2001-02-05 09:26 . 2001-02-05 09:26 13994673 ----a-r- c:\programmi\data2.cab
2001-02-05 09:25 . 2001-02-05 09:25 1610883 ----a-r- c:\programmi\data1.cab
2001-02-05 09:25 . 2001-02-05 09:25 396 -c--a-r- c:\programmi\Setup.ini
2001-02-05 09:25 . 2001-02-05 09:25 226897 -c--a-r- c:\programmi\setup.inx
2001-02-05 09:24 . 2001-02-05 09:24 228 -c--a-r- c:\programmi\powerdvd.sim
2000-10-05 14:01 . 2000-10-05 14:01 339565 -c--a-r- c:\programmi\ikernel.ex_
2000-01-27 13:16 . 2006-10-27 12:20 18 -c--a-w- c:\programmi\Winzip 8.0 Reg#.txt
1999-11-17 07:24 . 1999-11-17 07:24 4703784 ----a-r- c:\programmi\DXMEDIA.EXE
1998-01-14 02:57 . 1998-01-14 02:57 195841 ----a-r- c:\programmi\aspiinst.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-04-22 136176]
"Mobile Partner"="c:\programmi\3 Internet\3 Internet.exe" [2010-06-26 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-07-24 98304]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-10-09 198160]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2010-05-24 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-29 2065760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-29 22:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^LG SyncManager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\LG SyncManager.lnk
backup=c:\windows\pss\LG SyncManager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2006-12-12 12:10 87584 ----a-w- c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 13:35 1410344 ----a-w- c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2005-08-31 18:27 1658592 ----a-w- c:\programmi\Messenger\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 07:51 1836328 ----a-w- c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-07-24 19:40 98304 ----a-w- c:\programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-13 10:44 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-09 21:16 198160 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\Msmsgs.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Programmi\\Kazaa Lite K++\\Kazaa.kpp"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Hercules\\Classic Silver\\Station2.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:VMware FilterPort

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30/06/2010 0.12.02 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/06/2010 0.12.05 243024]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [30/06/2010 0.11.29 308136]
R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [06/06/2008 14.31.54 94720]
S1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS --> c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 FltOkoMgr;VMware Monitor CD ACPI Terminal List;c:\windows\system32\svchost.exe -k meetsvc [19/08/2004 17.39.46 14336]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [15/05/2010 18.45.20 136176]
S3 D500U;D500U;c:\windows\system32\drivers\D500U.sys [29/05/2007 14.53.40 50389]
S3 mad600m;mad600m;c:\windows\system32\drivers\mad600m.sys [29/05/2007 14.55.16 25044]
S3 mad600u;mad600u;c:\windows\system32\drivers\mad600u.sys [22/08/2007 18.35.22 51038]
S3 MXBULK;DualCam Still, MXBulk3.Sys;c:\windows\system32\drivers\MXBulk3.sys [19/04/2006 18.46.31 50688]
S3 MXCap;DSC-06 Video Camera;c:\windows\system32\drivers\MXCap3.sys [19/04/2006 18.46.32 63104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03/05/2010 23.03.58 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [03/05/2010 23.03.59 8320]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [20/04/2010 18.43.21 27064]
S3 slicedisk.sys;slicedisk.sys;\??\c:\windows\system32\slicedisk.sys --> c:\windows\system32\slicedisk.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca5892c3-8117-11df-b297-001966e13278}]
\Shell\AutoRun\command - H:\AutoRun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-15 16:45]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-15 16:45]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-682003330-1003Core.job
- c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-22 07:20]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-682003330-1003UA.job
- c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-22 07:20]

2010-06-29 c:\windows\Tasks\User_Feed_Synchronization-{2402940F-D7E0-4558-9152-0EB20F0A363E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2010-06-29 c:\windows\Tasks\User_Feed_Synchronization-{EED2BDA2-2C46-4519-B788-EFAB2125BF62}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.deinumidithor.com/alani/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {0E44035F-3526-4D21-932D-EEBE5EBD3FA0}
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Beatrice\Dati applicazioni\Mozilla\Firefox\Profiles\cchcpgng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.deinumidithor.com/alani/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Beatrice\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\programmi\Java\jre1.6.0_03\bin\jusched.exe
AddRemove-McAfee Security Scan - c:\programmi\McAfee Security Scan\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-30 00:50
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\fggnv]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
"{B9E3A781-69E8-293D-85C9-A4391A07705F}"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\ygscr]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3172)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-30 00:59:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-29 22:59
ComboFix2.txt 2010-06-29 13:39

Pre-Run: 90.123.849.728 byte disponibili
Post-Run: 90.106.064.896 byte disponibili

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - E8C110A6207E2F4A92609AC2D7BDA63F
Torna in alto
 
paolopa
Inviato: Wednesday, June 30, 2010 6:08:33 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
posta anche un log di hijack,cosi' lo trova quando entra.come ti sembra vada il pc?hai ancora problemi?
Torna in alto
 
beatrice49
Inviato: Wednesday, June 30, 2010 10:20:12 AM

Rank: AiutAmico

Iscritto dal : 3/6/2004
Posts: 34
paolopa ha scritto:
posta anche un log di hijack,cosi' lo trova quando entra.come ti sembra vada il pc?hai ancora problemi?

lo trova chi???
comunque eccolo! La connessione fa semre schifo, anche quella con la pennetta 3....
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:19:28, on 30/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deinumidithor.com/alani/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Beatrice\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Mobile Partner] "C:\Programmi\3 Internet\3 Internet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E44035F-3526-4D21-932D-EEBE5EBD3FA0} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://fotoadmin.aruba.it/ThirdParty/ImageUploader/ImageUploader4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7599 bytes
Torna in alto
 
paolopa
Inviato: Wednesday, June 30, 2010 10:43:51 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
beatrice49 ha scritto:
paolopa ha scritto:
posta anche un log di hijack,cosi' lo trova quando entra.come ti sembra vada il pc?hai ancora problemi?

lo trova chi???
comunque eccolo! La connessione fa semre schifo, anche quella con la pennetta 3....



lo trova r16,tra me e lui c è una differenza abissale a suo favore,ed è meglio se controlla lui entrambi i log.
Torna in alto
 
r16
Inviato: Wednesday, June 30, 2010 12:22:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:

Commenta:
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"O4 -
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Beatrice\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E44035F-3526-4D21-932D-EEBE5EBD3FA0} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55. cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://fotoadmin.aruba.it/ThirdParty/ImageUploader/ImageUploader4.cab


Vai in Installazione Applicazioni, e rimuovi TUTTE le versioni JAVA che trovi.
Scarica l'ultima versione di Java:
http://www.java.com/it/download/index.jsp

Se in fase di installazione, ti venisse rchiesta l'installazione di qualche Toolbar, non la installare. (Togli la punta ).
Posta un nuovo log di hijackthis
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Connessione lentissima!


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.