Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Cortesemente controllate il log...il pc è lento!!! Opzioni
mparimicu
Inviato: Friday, November 19, 2010 10:15:34 PM
Rank: Member

Iscritto dal : 7/4/2009
Posts: 13
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.13.12, on 19/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programmi\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Scarica con IDM - C:\Programmi\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Scarica con IDM contenuti video FLV - C:\Programmi\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Scarica tutti i link con IDM - C:\Programmi\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O15 - Trusted Zone: http://list1.111222.cn
O15 - Trusted Zone: http://software.kuaiche.com
O15 - Trusted Zone: http://kan.pps.tv
O15 - Trusted Zone: http://list1.pps.tv
O15 - Trusted Zone: http://tvguide.pps.tv
O15 - Trusted Zone: http://vodguide.pps.tv
O15 - Trusted Zone: http://list1.ppstream.com
O15 - Trusted Zone: http://notice.ppstream.com
O15 - Trusted Zone: http://xml1.ppstream.com
O15 - Trusted Zone: http://xml2.ppstream.com
O15 - Trusted Zone: http://xml3.ppstream.com
O15 - Trusted Zone: http://list1.ppstream.net
O15 - Trusted Zone: http://list1.ppstv.com
O15 - Trusted Zone: http://list1.ppstv.net
O15 - ESC Trusted Zone: http://list1.111222.cn
O15 - ESC Trusted Zone: http://kan.pps.tv
O15 - ESC Trusted Zone: http://list1.pps.tv
O15 - ESC Trusted Zone: http://tvguide.pps.tv
O15 - ESC Trusted Zone: http://vodguide.pps.tv
O15 - ESC Trusted Zone: http://list1.ppstream.com
O15 - ESC Trusted Zone: http://notice.ppstream.com
O15 - ESC Trusted Zone: http://xml1.ppstream.com
O15 - ESC Trusted Zone: http://xml2.ppstream.com
O15 - ESC Trusted Zone: http://xml3.ppstream.com
O15 - ESC Trusted Zone: http://list1.ppstream.net
O15 - ESC Trusted Zone: http://list1.ppstv.com
O15 - ESC Trusted Zone: http://list1.ppstv.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{A21903E7-2B40-48CE-8DA8-980657545E32}: NameServer = 213.205.32.70,213.205.36.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{6CC10D7F-28BF-42A3-B0A7-B0A49A32A2EF}: NameServer = 213.205.32.70,213.205.36.70
O18 - Protocol: bw+0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Programmi\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 20966 bytes
Sponsor
Inviato: Friday, November 19, 2010 10:15:34 PM

 
shapiro
Inviato: Friday, November 19, 2010 10:33:09 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
cominciamo col chiederci...

conosci questi siti?

Code:
O15 - Trusted Zone: http://list1.111222.cn
O15 - Trusted Zone: http://software.kuaiche.com
O15 - Trusted Zone: http://kan.pps.tv
O15 - Trusted Zone: http://list1.pps.tv
O15 - Trusted Zone: http://tvguide.pps.tv
O15 - Trusted Zone: http://vodguide.pps.tv
O15 - Trusted Zone: http://list1.ppstream.com
O15 - Trusted Zone: http://notice.ppstream.com
O15 - Trusted Zone: http://xml1.ppstream.com
O15 - Trusted Zone: http://xml2.ppstream.com
O15 - Trusted Zone: http://xml3.ppstream.com
O15 - Trusted Zone: http://list1.ppstream.net
O15 - Trusted Zone: http://list1.ppstv.com
O15 - Trusted Zone: http://list1.ppstv.net
O15 - ESC Trusted Zone: http://list1.111222.cn
O15 - ESC Trusted Zone: http://kan.pps.tv
O15 - ESC Trusted Zone: http://list1.pps.tv
O15 - ESC Trusted Zone: http://tvguide.pps.tv
O15 - ESC Trusted Zone: http://vodguide.pps.tv
O15 - ESC Trusted Zone: http://list1.ppstream.com
O15 - ESC Trusted Zone: http://notice.ppstream.com
O15 - ESC Trusted Zone: http://xml1.ppstream.com
O15 - ESC Trusted Zone: http://xml2.ppstream.com
O15 - ESC Trusted Zone: http://xml3.ppstream.com
O15 - ESC Trusted Zone: http://list1.ppstream.net
O15 - ESC Trusted Zone: http://list1.ppstv.com
O15 - ESC Trusted Zone: http://list1.ppstv.net



se la risposta e' no scarica DelDomains sul desktop

=> clic con tasto destro del mouse e scegli "Installa".
mparimicu
Inviato: Friday, November 19, 2010 10:35:37 PM
Rank: Member

Iscritto dal : 7/4/2009
Posts: 13
No, non ho la più pallida idea di cosa siano!!!
shapiro
Inviato: Friday, November 19, 2010 10:38:11 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
allora fai come ti ho indicato , scarica quel file e installalo

guarda il post ^
mparimicu
Inviato: Friday, November 19, 2010 10:40:11 PM
Rank: Member

Iscritto dal : 7/4/2009
Posts: 13
Fatto!!! Mi da questo:

; DelDomains.inf © 11-28-04 | Revised 01-15-06
; Created by: Mike Burgess Microsoft MVP
; http://mvps.org/winhelp2002/
;
; Warning: Deletes all entries in the Restricted & Trusted Zone list
; http://mvps.org/winhelp2002/restricted.htm
;
; Revised to include the EscDomains key
;
; To execute this file: in Explorer - right-click (this file)
; Select Install from the Menu.
; Note: you will not see any onscreen action.

[version]
signature="$CHICAGO$"

[DefaultInstall]
DelReg=DelTemps
AddReg=AddTemps

[DelTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"

; Recreate the keys to avoid a restart

[AddTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"
shapiro
Inviato: Friday, November 19, 2010 10:46:17 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
se e' andato tutto bene ti ha pulito da quei siti che non erano niente di buono

controlliamo con un nuovo log di hijackthis
mparimicu
Inviato: Friday, November 19, 2010 10:49:22 PM
Rank: Member

Iscritto dal : 7/4/2009
Posts: 13
Ecco il nuovo log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.49.16, on 19/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programmi\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Scarica con IDM - C:\Programmi\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Scarica con IDM contenuti video FLV - C:\Programmi\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Scarica tutti i link con IDM - C:\Programmi\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A21903E7-2B40-48CE-8DA8-980657545E32}: NameServer = 213.205.32.70,213.205.36.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{6CC10D7F-28BF-42A3-B0A7-B0A49A32A2EF}: NameServer = 213.205.32.70,213.205.36.70
O18 - Protocol: bw+0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {762B2D5C-AE31-4353-9EE5-B722CB9333E5} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Programmi\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 19863 bytes
shapiro
Inviato: Friday, November 19, 2010 10:52:50 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
bene, ora fai questa scansione



scarica malwarebytes

1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
mparimicu
Inviato: Saturday, November 20, 2010 5:59:05 PM
Rank: Member

Iscritto dal : 7/4/2009
Posts: 13
Ecco qui:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 5156

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/11/2010 17.48.45
mbam-log-2010-11-20 (17-48-45).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 252195
Tempo trascorso: 4 ore, 34 minuti, 3 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
shapiro
Inviato: Saturday, November 20, 2010 7:55:14 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Installa Ccleaner

ccleaner

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica atf cleaner

non ha bisogno di installazione

Avvia ATF Cleaner.exe con un doppio click
- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)



scarica combofix da QUI
e mettilo sul desktop
avvia combofix
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!




mparimicu
Inviato: Saturday, November 20, 2010 10:31:08 PM
Rank: Member

Iscritto dal : 7/4/2009
Posts: 13
ComboFix 10-11-20.03 - Administrator 20/11/2010 22.18.26.8.2 - x86
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\XSxS
.
---- Esecuzione precedente -------
.
c:\documents and settings\Administrator\Dati applicazioni\BITS\BITS.ini
c:\documents and settings\Administrator\Dati applicazioni\BITS\DHTTable.dat
c:\documents and settings\Administrator\Dati applicazioni\BITS\ProxyList.ini
c:\documents and settings\Administrator\Dati applicazioni\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\Administrator\Dati applicazioni\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\Administrator\Dati applicazioni\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\Administrator\Dati applicazioni\FlashGetBHO\GetUrl.htm
c:\programmi\FlashGet Network\FlashGet 3\adns.dll
c:\programmi\FlashGet Network\FlashGet 3\btcoreu.dll
c:\programmi\FlashGet Network\FlashGet 3\BugReport.dll
c:\programmi\FlashGet Network\FlashGet 3\BugReport.exe
c:\programmi\FlashGet Network\FlashGet 3\cd1.ico
c:\programmi\FlashGet Network\FlashGet 3\ckcore.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\programmi\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\programmi\FlashGet Network\FlashGet 3\commonlib.dll
c:\programmi\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\programmi\FlashGet Network\FlashGet 3\config\clients.met
c:\programmi\FlashGet Network\FlashGet 3\config\clients.met.bak
c:\programmi\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\programmi\FlashGet Network\FlashGet 3\config\emfriends.met
c:\programmi\FlashGet Network\FlashGet 3\config\known.met
c:\programmi\FlashGet Network\FlashGet 3\config\known2_64.met
c:\programmi\FlashGet Network\FlashGet 3\config\preferences.dat
c:\programmi\FlashGet Network\FlashGet 3\config\preferences.ini
c:\programmi\FlashGet Network\FlashGet 3\config\server.met
c:\programmi\FlashGet Network\FlashGet 3\config\server_met.old
c:\programmi\FlashGet Network\FlashGet 3\config\upload.met
c:\programmi\FlashGet Network\FlashGet 3\corestat.dll
c:\programmi\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\client_1_2.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\client_107_73.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\client_107x73_1.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\client_123.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\client_2_1.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\client_3_1.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\client_4.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\client_543333.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\client_5989898989.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\client_hz1.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\client_qg.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\client_tj.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\dian.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\directui_new_1288925810.zip
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\gameall.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\gametop.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\newgame.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\newmovie-game.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\p1.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\p2.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\p3.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\p4.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\p5.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\p6.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\p7.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\p8.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\reom-1.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\reom.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\soft-100920.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\soft.jpg
c:\programmi\FlashGet Network\FlashGet 3\dat\directui\tab.gif
c:\programmi\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\programmi\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\programmi\FlashGet Network\FlashGet 3\dat\stat\advertisement\domain_url_list_en.zip
c:\programmi\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\programmi\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat
c:\programmi\FlashGet Network\FlashGet 3\dbghelp.dll
c:\programmi\FlashGet Network\FlashGet 3\fg.ico
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\programmi\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\programmi\FlashGet Network\FlashGet 3\FGSoftware.exe
c:\programmi\FlashGet Network\FlashGet 3\Flashget3.exe
c:\programmi\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\programmi\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\programmi\FlashGet Network\FlashGet 3\FlashGetHook.dll
c:\programmi\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\programmi\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\programmi\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\programmi\FlashGet Network\FlashGet 3\fnslanguage_en.dll
c:\programmi\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\programmi\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\programmi\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\programmi\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\programmi\FlashGet Network\FlashGet 3\game.ico
c:\programmi\FlashGet Network\FlashGet 3\gb2312-unicode.dic
c:\programmi\FlashGet Network\FlashGet 3\gdiplus.dll
c:\programmi\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\programmi\FlashGet Network\FlashGet 3\GetUrl.htm
c:\programmi\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\programmi\FlashGet Network\FlashGet 3\libem.dll
c:\programmi\FlashGet Network\FlashGet 3\license.txt
c:\programmi\FlashGet Network\FlashGet 3\lst_tz.bin
c:\programmi\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\programmi\FlashGet Network\FlashGet 3\p2pcore.dll
c:\programmi\FlashGet Network\FlashGet 3\p2score.dll
c:\programmi\FlashGet Network\FlashGet 3\perf.ini
c:\programmi\FlashGet Network\FlashGet 3\pncrt.dll
c:\programmi\FlashGet Network\FlashGet 3\pstat.dat
c:\programmi\FlashGet Network\FlashGet 3\pup.dat
c:\programmi\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\programmi\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\programmi\FlashGet Network\FlashGet 3\skin\international\default\topmain.png
c:\programmi\FlashGet Network\FlashGet 3\SnapShot.dll
c:\programmi\FlashGet Network\FlashGet 3\storage.dll
c:\programmi\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\programmi\FlashGet Network\FlashGet 3\uninst.exe
c:\programmi\FlashGet Network\FlashGet 3\VodCore.dll
c:\programmi\FlashGet Network\FlashGet 3\zlib.dll
c:\windows\libem.INI
c:\windows\system32\secustat.dat
c:\windows\system32\vbzlib1.dll
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Creati Da 2010-10-20 al 2010-11-20 )))))))))))))))))))))))))))))))))))
.

2010-11-06 17:24 . 2010-11-20 21:18 -------- d-----w- c:\windows\system32\CatRoot2
2010-11-06 13:12 . 2006-10-18 18:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2010-11-05 14:45 . 2010-11-06 19:12 -------- d-----w- C:\found.000
2010-11-03 16:39 . 2010-11-03 16:39 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ProgSense
2010-10-30 20:09 . 2004-08-19 13:39 33280 -c--a-w- c:\windows\system32\dllcache\rundll32.exe
2010-10-30 20:09 . 2004-08-19 13:39 33280 ----a-w- c:\windows\system32\rundll32.exe
2010-10-24 16:07 . 2010-10-24 16:07 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Mozilla
2010-10-22 15:33 . 2010-09-10 05:49 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-22 15:23 . 2009-08-06 17:23 15584 ----a-w- c:\windows\system32\wuapi.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-05 11:27 . 2009-03-02 18:54 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-18 08:00 . 2010-10-20 15:14 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-15 02:50 . 2010-06-14 15:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2008-10-13 15:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:49 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-08-29 17:26 . 2010-08-29 17:26 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-29 17:26 . 2010-08-29 17:26 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\tcpip.sys

[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2006-03-02 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2006-03-02 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\winlogon.exe

[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 6B00176C49AD983527346A0CB3B29BD1 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 6B00176C49AD983527346A0CB3B29BD1 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\4637342\comctl32.dll
[7] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2006-03-02 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2006-03-02 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[7] 2006-03-02 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\80014\comctl32.dll
[7] 2006-03-02 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2006-03-02 . D81759006D620D41F7FD1D2A4A10C7F3 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-09 . 592F44BB500F995BEAD0EB8BA06BC104 . 2148864 . . [5.1.2600.5755] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-02-09 . B330561E515AA626F81407978AB5C72C . 2310144 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 . B330561E515AA626F81407978AB5C72C . 2310144 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 . B330561E515AA626F81407978AB5C72C . 2310144 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-04-14 . 85B6D05F83DFBAFEF5F58836CE39586C . 2148864 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2006-03-02 . 8AB08C18BED548F7A534E9650911F660 . 2151936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2006-03-02 . 8AB08C18BED548F7A534E9650911F660 . 2151936 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ntoskrnl.exe

[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . 3E163C943AC3ECC44826954A579E0F87 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 3E163C943AC3ECC44826954A579E0F87 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2006-03-02 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2006-03-02 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\user32.dll

[-] 2008-04-14 . 889676A942A232F349C9F8177CD9B782 . 1543168 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . 889676A942A232F349C9F8177CD9B782 . 1543168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2006-03-02 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2006-03-02 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\explorer.exe

[7] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-14 . 9C53CD8539F65CB380347F6689C8F188 . 1312256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . 9C53CD8539F65CB380347F6689C8F188 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[7] 2006-03-02 . 66364440C71911D07468F3791206FB87 . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll

[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 7F4C43F75EBF781352DB3B5EF6BF8230 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 7F4C43F75EBF781352DB3B5EF6BF8230 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2006-03-02 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2006-03-02 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ctfmon.exe

[7] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-09 . 844C5BC1F022E7790BA6DD2610823BE6 . 2027520 . . [5.1.2600.5755] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-02-09 . 58067AE0C38014627F3B5AF32E0E7C2B . 2188800 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-09 . 58067AE0C38014627F3B5AF32E0E7C2B . 2188800 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-09 . 58067AE0C38014627F3B5AF32E0E7C2B . 2188800 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 . FE93732DE7D6EA191E2FF816341D6FFF . 2027520 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2006-03-02 . 4B42A1C0085CE18E4BE81A25A3D1C9CF . 2018816 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2006-03-02 . 4B42A1C0085CE18E4BE81A25A3D1C9CF . 2018816 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ntkrnlpa.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[-] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[-] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[7] 2008-04-14 . 173E49AEBB665C0577D751BA55F84B6C . 93184 . . [6.00.2900.5512] . . c:\windows\ie7\iexplore.exe
[7] 2008-04-14 . 173E49AEBB665C0577D751BA55F84B6C . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe
[-] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe
[7] 2006-03-02 . C49ED6E4358FFAECFE70FC8F3C67D224 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-07-26 12:09 70776 ----a-w- c:\programmi\Internet Download Manager\IDMShellExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\programmi\ASUS\ASUS Remote\RemoteControlAppl.exe" [2006-02-14 69632]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-03-02 44544]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2008-10-11 813584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-20 10:51 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Logitech . Registrazione prodotti.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BlueSoleil.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Logitech Desktop Messenger.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^TSS Instrument API Tray Utility.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2008-10-11 17:33 32768 ----a-w- c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-12-18 13:34 868352 ----a-r- c:\programmi\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)
"a2free"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\PeerBlock\\peerblock.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [12/11/2009 19.45.25 6097]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/03/2009 19.54.35 717296]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\symds.sys [24/09/2010 11.28.20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\symefa.sys [24/09/2010 11.28.20 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [04/11/2010 1.07.06 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\cchpx86.sys [24/09/2010 11.28.20 501888]
R1 dk2drv;DK2 WindowsNT Driver;c:\windows\system32\drivers\dk2drv.sys [04/11/2008 20.20.04 49720]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [26/07/2010 16.13.39 74208]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [15/01/2009 16.17.40 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 16.17.38 74480]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\ironx86.sys [24/09/2010 11.28.20 116784]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/11 00:08];c:\programmi\CyberLink\PowerDVD10\NavFilter\000.fcl [13/03/2010 11.58.52 87536]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [04/11/2008 20.20.23 33404]
R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [04/11/2008 20.20.24 13440]
R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [04/11/2008 20.20.24 16314]
R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [04/11/2008 20.20.24 8344]
R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [04/11/2008 20.20.24 34080]
R2 NIS;Norton Internet Security;c:\programmi\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [24/09/2010 11.28.04 126392]
R2 PARLDR2K;ParLdr2k;c:\windows\system32\drivers\parldr2k.sys [04/11/2008 20.34.04 10454]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [11/10/2008 18.35.51 2825088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/11/2010 12.32.31 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101119.001\IDSXpx86.sys [19/10/2010 21.36.22 341880]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [27/04/2010 11.47.57 136176]
S3 MBLAUDRV;Mobiola Audio Service;c:\windows\system32\drivers\BTCamAudioDrv.sys [31/10/2008 17.57.30 13312]
S3 MBLAUDRVOUT;Mobiola Audio Out Service;c:\windows\system32\drivers\BTCamAudioDrvOut.sys [31/10/2008 17.57.30 18304]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2); [x]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [04/11/2008 20.19.40 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [04/11/2008 20.19.40 8320]
S3 pbfilter;pbfilter;c:\programmi\PeerBlock\pbfilter.sys [20/01/2010 18.41.07 14424]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [04/11/2008 21.45.45 32377]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 16.17.42 7408]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [12/11/2009 19.45.25 299923]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12.16.28 753504]
S3 z3f2bus;Sony Ericsson driver (WDM);c:\windows\system32\DRIVERS\z3f2bus.sys --> c:\windows\system32\DRIVERS\z3f2bus.sys [?]
S3 z3f2mgmt;Sony Ericsson USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\z3f2mgmt.sys --> c:\windows\system32\DRIVERS\z3f2mgmt.sys [?]
S4 a2free;a-squared Free Service;c:\programmi\a-squared Free\a2service.exe [12/10/2008 15.09.07 1872320]
.
Contenuto della cartella 'Scheduled Tasks'

2010-11-20 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-11-06 20:55]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-27 10:47]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-27 10:47]

2010-10-16 c:\windows\Tasks\switchShakeIcon.job
- c:\programmi\NCH Swift Sound\Switch\switch.exe [2010-10-14 16:45]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.tiscali.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: Download all by FlashGet3
IE: Download by FlashGet3
IE: Scarica con IDM - c:\programmi\Internet Download Manager\IEExt.htm
IE: Scarica con IDM contenuti video FLV - c:\programmi\Internet Download Manager\IEGetVL.htm
IE: Scarica tutti i link con IDM - c:\programmi\Internet Download Manager\IEGetAll.htm
TCP: {A21903E7-2B40-48CE-8DA8-980657545E32} = 213.205.32.70,213.205.36.70
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\7ob7qfnc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.it/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Administrator\Dati applicazioni\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\7ob7qfnc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\programmi\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Veetle\Player\npvlc.dll
FF - plugin: c:\programmi\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmi\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-20 22:24
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\programmi\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\programmi\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-682003330-261478967-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,a2,59,d0,3b,e7,0f,42,a8,30,c3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,4e,0b,97,3e,b9,26,4d,95,f6,48,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,9e,4f,e8,e8,ab,7a,46,b1,14,cb,\

[HKEY_USERS\S-1-5-21-682003330-261478967-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:5c,98,4e,c6,4e,90,2d,56,12,a9,4c,42,d1,03,2d,bf,e0,a8,d9,01,62,
54,60,b8,15,1c,db,03,28,67,09,75,49,4e,f6,50,a2,0d,27,8a,dd,e9,e2,ac,84,a6,\
"rkeysecu"=hex:2c,52,5d,b9,5f,aa,c5,74,96,0e,bc,61,95,03,45,cb

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{21b66ec7-2a3d-4c49-8114-92e2d5f9730a}]
@Denied: (Full) (Everyone)
"Model"=dword:00000091
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b9,1c,79,1c,8f,e7,4e,cf,14,d2,a2,1b,d1,bc,ec,0b,84,ef,c2,99,81,
17,f9,e4,e0,f2,6f,f7,a4,2f,83,77,ce,6e,f4,6e,74,7a,8c,3a,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_NTAKRNL\0000\LogConf]
@DACL=(02 0000)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1724)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1908)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll

- - - - - - - > 'explorer.exe'(2404)
c:\windows\system32\WININET.dll
c:\programmi\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\COMRes.dll
c:\programmi\Internet Download Manager\IDMShellExt.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
Ora fine scansione: 2010-11-20 22:29:05
ComboFix-quarantined-files.txt 2010-11-20 21:29
ComboFix2.txt 2009-09-11 19:13
ComboFix3.txt 2009-08-20 15:36
ComboFix4.txt 2009-08-18 10:35
ComboFix5.txt 2009-09-12 13:55

Pre-Run: 13.528.555.520 byte disponibili
Post-Run: 13.487.775.744 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 8D3D28F09CD62F61BC73292F1CC82FB4
shapiro
Inviato: Monday, November 22, 2010 6:58:03 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
mi spiace per il ritardo ma in questi giorni c'e' troppo traffico in rete ;)

per caso hai gia' usato combofix prima di aprire questa discussione?
mparimicu
Inviato: Monday, November 22, 2010 8:00:59 PM
Rank: Member

Iscritto dal : 7/4/2009
Posts: 13
Si lo avevo già usato....perchè??
shapiro
Inviato: Monday, November 22, 2010 8:24:18 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
Si lo avevo già usato....perchè??


perche' non te lo avrei fatto rieseguire ma ti avrei chiesto il log, come sto' facendo adesso

mparimicu
Inviato: Monday, November 22, 2010 11:34:56 PM
Rank: Member

Iscritto dal : 7/4/2009
Posts: 13
E vabbè dai :D Ora che mi consigli di fare?
shapiro
Inviato: Tuesday, November 23, 2010 12:11:36 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
controlla se in C hai il vecchio log
mparimicu
Inviato: Tuesday, November 23, 2010 7:40:23 PM
Rank: Member

Iscritto dal : 7/4/2009
Posts: 13
No! C'è solo l'ultimo =(
shapiro
Inviato: Tuesday, November 23, 2010 8:04:46 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


rimuovi combofix con OTC by OldTimer

eseguilo
Clicca su CleanUp.
Alla richiesta di riavvio clicca SI


collegati qui e fai una scansione completa del pc usando il browser I.E.
mparimicu
Inviato: Wednesday, November 24, 2010 7:48:15 PM
Rank: Member

Iscritto dal : 7/4/2009
Posts: 13
Ho eliminato combofix e avviato la scansione completa, ma DOPO 9 ORE ERA ANCORA AL 12%...e l'ho interrotta!
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.