Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » un'occhiata al log hijack please

2 pages: [1] 2
un'occhiata al log hijack please Opzioni
Topic Precedente · Topic Sucessivo
agatone
Inviato: Friday, July 08, 2011 7:06:46 AM
Rank: AiutAmico

Iscritto dal : 1/5/2011
Posts: 112
Non ci sono particolari problemi ma e' per essere sicuro di non avere virus o toolbar strane
Ho poi notato che nei programmi installati ci sono tantissime versioni di Visual c++ e Net Framework.
Secondo voi vanno tenute tutte?

Per r16
P.S.
Se passi di qua me lo controlli tu il log? Pray

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7.08.43, on 08/07/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FILECO~1\Stardock\SDMCP.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Programmi\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Winstep\workshelf.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Stardock\CursorFX\CursorFX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Sandboxie\SbieCtrl.exe
C:\Programmi\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Programmi\Stardock\DesktopGadgets\Gloss Mint Clock\Gloss Mint Clock.exe
C:\PROGRA~1\Stardock\Object Desktop\DesktopX\dxwidget.exe
C:\PROGRA~1\Stardock\Object Desktop\DesktopX\dxwidget.exe
C:\DOCUME~1\paolo\IMPOST~1\Temp\{433F72BD-5811-476F-9276-8B264E84336B}\Blue My Mind Media Player Gadget.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Babylon\Babylon-Pro\Babylon.exe
C:\Programmi\Babylon\Babylon-Pro\Agent\BabylonAgent.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programmi\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programmi\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programmi\PicLensIE\cooliris.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\Outpost Firewall\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [Cm108Sound] RunDll32 cm108.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SkinClock] C:\Programmi\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Workshelf] C:\Programmi\Winstep\workshelf.exe autostart
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [CursorFX] "C:\Programmi\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programmi\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-823518204-1801674531-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Blue My Mind Media Player Gadget.lnk = J:\Backup\Stardock\CONCEPT LCD\Blue My Mind Media Player Gadget.exe
O4 - Startup: Concept LCD Calendar Widget.lnk = J:\Backup\Stardock\CONCEPT LCD\Concept lcd applicazioni\CONCEPT LCD WIDGET\Concept LCD Calendar Widget.exe
O4 - Startup: Concept LCD Media Player Widget.lnk = C:\Programmi\Stardock\Object Desktop\DesktopX\Widgets\Concept LCD Media Player Widget.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Programmi\Nuance\NaturallySpeaking10\Program\natspeak.exe
O4 - Startup: Gloss Mint Clock Gadget.lnk = C:\Programmi\Stardock\DesktopGadgets\Gloss Mint Clock\Gloss Mint Clock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programmi\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programmi\PicLensIE\cooliris.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpost firewall\wl_hook.dll, wbsys.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Programmi\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\Outpost Firewall\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Programmi\Sandboxie\SbieSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 14981 bytes
Torna in alto
 
Sponsor
Inviato: Friday, July 08, 2011 7:06:46 AM

 
Torna in alto
 
r16
Inviato: Friday, July 08, 2011 8:56:39 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Come mai non hai installato un antivirus? Think


Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus (che non vedo) e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Torna in alto
 
agatone
Inviato: Friday, July 08, 2011 9:10:56 PM
Rank: AiutAmico

Iscritto dal : 1/5/2011
Posts: 112
Intanto grazie per la risposta.
E' molto strano...
Vedo ora che MSE non e' attivo!
L'ho installato tempo fa seguendo il vostro consiglio.
Ma ho notato piu' di una volta che mi scompare dai programmi installati.(Francamente non so dopo quale operazione o ricerca...)
Cosi' lo devo reinstallare
Mi e' capitato piu' di una volta ultimamente
Ora eseguo l'operazione che hai descritto e poi posto il log
Torna in alto
 
agatone
Inviato: Friday, July 08, 2011 9:55:02 PM
Rank: AiutAmico

Iscritto dal : 1/5/2011
Posts: 112
Ecco il log

ComboFix 11-07-08.03 - paolo 08/07/2011 21.36.02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2251 [GMT 2:00]
Eseguito da: c:\documents and settings\paolo\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Avira FireWall *Enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Cortafuegos personal de ESET *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\paolo\Dati applicazioni\FIXIO PC Cleaner.exe
c:\documents and settings\paolo\Dati applicazioni\OfferBox
c:\documents and settings\paolo\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\paolo\Dati applicazioni\PCFix
c:\documents and settings\paolo\Dati applicazioni\PriceGong
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\paolo\Dati applicazioni\PriceGong\Data\z.xml
c:\documents and settings\paolo\g2mdlhlpx.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\IsUn0410.exe
c:\windows\system32\zip32.dll
c:\windows\vb.ini
c:\windows\w32dasm8.ini
c:\windows\XSxS
I:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AFPANSI
.
.
((((((((((((((((((((((((( Files Creati Da 2011-06-08 al 2011-07-08 )))))))))))))))))))))))))))))))))))
.
.
2011-07-08 16:10 . 2011-07-08 16:10 -------- d-----r- C:\Sandbox
2011-07-08 13:28 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{E4C2749B-D0AD-46A4-A865-B561CEB91012}\mpengine.dll
2011-07-08 08:58 . 2011-07-08 08:58 -------- d-----w- c:\documents and settings\UpdatusUser\Dati applicazioni\TuneUp Software
2011-07-08 01:38 . 2011-07-08 19:27 -------- d-----w- c:\programmi\Citrix
2011-07-07 11:01 . 2011-07-07 11:01 -------- d-----w- c:\programmi\Market Samurai
2011-07-07 10:22 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-07 10:22 . 2011-07-07 10:23 -------- d-----w- c:\programmi\RocketDock
2011-07-04 22:06 . 2011-07-04 22:06 7840 ----a-w- c:\windows\system32\mcdmsg2.dll
2011-07-04 21:30 . 2011-07-04 21:30 -------- d-----w- c:\programmi\Sandboxie
2011-07-04 14:52 . 2003-04-18 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-07-04 14:19 . 2011-07-04 14:19 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\Nuance
2011-07-04 14:19 . 2011-07-04 14:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2011-07-04 14:19 . 2011-07-04 14:27 -------- d-----w- c:\programmi\File comuni\Nuance
2011-07-04 14:19 . 2011-07-04 14:19 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2011-07-04 14:19 . 2011-07-04 14:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nuance
2011-07-04 10:56 . 2011-07-04 10:57 -------- d-----w- c:\programmi\Microsoft Security Client
2011-07-04 10:37 . 2011-07-04 15:12 -------- d-----w- c:\programmi\Easypano
2011-07-04 00:52 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-07-03 22:57 . 2011-07-03 22:57 -------- d-----w- c:\programmi\IrfanView
2011-07-03 21:31 . 2011-07-03 21:34 -------- d-----w- c:\programmi\Neuro-Programmer 3
2011-07-02 15:43 . 2005-11-30 23:05 397312 ----a-w- c:\windows\system32\puma lcd simulator v77.ocx
2011-07-02 15:43 . 2005-11-08 16:35 40960 ----a-w- c:\windows\system32\akprogressbar.ocx
2011-07-02 15:43 . 2005-11-06 15:14 366080 ----a-w- c:\windows\system32\vbskfr2.ocx
2011-07-02 15:43 . 2004-10-18 04:04 161280 ----a-w- c:\windows\system32\fmod.dll
2011-07-02 15:43 . 2001-04-27 13:11 24576 ----a-w- c:\windows\system32\smartsubclass.dll
2011-07-02 15:43 . 2006-08-24 00:15 90112 ----a-w- c:\windows\system32\dgwaveedit.ocx
2011-07-02 15:43 . 2006-03-03 13:09 90112 ----a-w- c:\windows\system32\kcommobj.ocx
2011-07-02 15:43 . 2005-11-08 16:35 69632 ----a-w- c:\windows\system32\webupdate.ocx
2011-07-02 15:43 . 2004-10-25 08:19 151552 ----a-w- c:\windows\system32\dxvumeter3.ocx
2011-07-02 15:43 . 2004-05-25 13:24 35840 ----a-w- c:\windows\system32\xfxslider.ocx
2011-07-02 15:43 . 1998-12-02 08:11 143360 ----a-w- c:\windows\system32\unzip32.dll
2011-07-02 15:42 . 2011-07-04 15:21 -------- d-----w- c:\programmi\Atmosphere Deluxe
2011-07-02 12:57 . 2011-07-02 15:46 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\amd
2011-07-02 02:45 . 2010-08-13 16:06 403008 ----a-w- c:\windows\system32\drivers\pgusbwdm.sys
2011-07-02 02:33 . 2004-07-13 09:40 48512 ----a-w- c:\windows\system32\drivers\umss.sys
2011-07-02 02:07 . 2011-07-02 02:07 -------- d-----w- c:\programmi\Innovative Solutions
2011-07-02 01:07 . 2011-07-02 01:07 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\Innovative Solutions
2011-07-02 01:07 . 2011-07-02 01:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2011-07-01 17:14 . 2011-07-03 23:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IsolatedStorage
2011-07-01 17:11 . 2011-07-01 17:11 -------- d-----w- c:\programmi\ZennoLab
2011-07-01 16:43 . 2011-07-01 16:45 -------- d-----w- c:\programmi\CCleaner
2011-07-01 16:32 . 2007-06-26 06:40 49152 ----a-w- c:\windows\j3dcore-ogl-chk.dll
2011-07-01 16:32 . 2007-06-26 06:40 40960 ----a-w- c:\windows\j3dcore-ogl-cg.dll
2011-07-01 16:32 . 2007-06-26 06:40 163840 ----a-w- c:\windows\j3dcore-ogl.dll
2011-07-01 16:32 . 2007-06-26 06:40 823296 ----a-w- c:\windows\j3dcore-d3d.dll
2011-07-01 13:14 . 2011-07-01 13:14 -------- d-----w- c:\programmi\File comuni\Java
2011-07-01 13:13 . 2011-07-01 13:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-01 13:13 . 2011-07-01 16:32 -------- d-----w- c:\programmi\Java
2011-07-01 13:12 . 2011-07-07 15:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-01 12:21 . 2011-07-01 11:56 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2011-07-01 12:21 . 2011-07-01 11:55 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys
2011-07-01 12:21 . 2011-07-01 11:55 45208 ----a-w- c:\windows\system32\drivers\psmounter.sys
2011-07-01 11:06 . 2009-11-11 18:54 294912 ----a-w- c:\windows\system32\CM108rm.exe
2011-07-01 11:05 . 2009-08-19 20:06 307200 ----a-w- c:\windows\Cmi108Uninstall.exe
2011-07-01 11:05 . 2004-04-14 16:28 315392 ----a-r- c:\windows\system\fltr108.dll
2011-07-01 11:05 . 2011-07-01 11:05 -------- d-----w- c:\programmi\USB PnP Sound Device
2011-07-01 11:05 . 2010-03-04 17:04 1512960 ----a-r- c:\windows\system32\drivers\CM108.sys
2011-07-01 11:04 . 2003-11-10 16:13 69715 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-07-01 11:04 . 2003-11-10 16:12 266240 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-07-01 11:04 . 2003-11-10 16:12 192512 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-07-01 11:04 . 2003-11-10 16:11 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-07-01 11:04 . 2011-07-01 11:04 188548 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-07-01 11:04 . 2003-11-10 16:14 729088 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-07-01 11:04 . 2011-07-01 11:04 311428 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-07-01 11:04 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-07-01 11:03 . 2011-04-13 13:03 45472 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-07-01 11:03 . 2011-01-07 13:56 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-07-01 11:03 . 2011-07-01 11:03 -------- d-----w- c:\programmi\Microsoft IntelliType Pro
2011-07-01 10:53 . 2011-07-02 01:22 -------- d-----w- c:\programmi\Driver-Soft
2011-06-23 05:07 . 2011-06-23 05:07 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\SMRecorder
2011-06-21 09:30 . 2011-06-21 09:30 3404800 ----a-w- c:\windows\system32\logonuix.exe
2011-06-20 00:53 . 2011-06-20 00:53 -------- d-----w- c:\windows\SoundPackager
2011-06-19 07:12 . 2011-07-02 06:06 -------- d-----w- c:\windows\CursorFX
2011-06-19 07:12 . 2011-06-21 07:03 -------- d-----w- c:\windows\DesktopX
2011-06-19 06:53 . 2011-06-20 01:04 -------- d-----w- c:\windows\WindowBlinds
2011-06-19 06:53 . 2011-06-20 01:04 -------- d-----w- c:\windows\IconPackager
2011-06-19 06:53 . 2011-06-19 06:53 -------- d-----w- c:\windows\Gadgets
2011-06-19 05:32 . 2011-06-19 05:32 -------- d-----w- c:\programmi\iPod
2011-06-18 20:16 . 2008-02-05 12:36 798208 ----a-w- c:\windows\system32\NextControls.ocx
2011-06-18 20:16 . 2011-07-07 10:15 -------- d-----w- c:\programmi\Winstep
2011-06-18 19:18 . 2011-06-18 19:19 -------- d-----w- c:\programmi\screencapstudio
2011-06-18 19:18 . 2011-06-18 19:18 -------- d-----w- c:\windows\ScreenCapStudio
2011-06-18 19:06 . 2011-06-18 19:06 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2011-06-13 20:05 . 2011-06-13 20:05 -------- d-----w- c:\documents and settings\All Users\Documents
2011-06-13 19:23 . 2010-04-01 21:39 58616 ----a-w- c:\windows\system32\wbload.dll
2011-06-13 19:05 . 2011-06-13 19:05 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\TuneUp Software
2011-06-12 21:37 . 2011-06-12 21:37 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\VS Revo Group
2011-06-12 08:56 . 2011-06-18 18:56 -------- d-----w- c:\programmi\File comuni\Stardock
2011-06-12 08:41 . 2011-06-18 18:54 -------- d-----w- c:\programmi\Impulse
2011-06-12 08:41 . 2011-06-12 08:41 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{D63AF49A-8D8F-40D9-8477-44253233DF5A}
2011-06-12 00:18 . 2011-06-12 00:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Gibraltar
2011-06-11 16:28 . 2011-06-19 05:20 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\ODUI
2011-06-11 16:28 . 2011-06-19 05:20 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\Stardock
2011-06-11 16:25 . 2011-06-13 20:05 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\Stardock
2011-06-11 16:24 . 2011-06-21 07:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Stardock
2011-06-11 16:24 . 2011-06-11 16:24 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\PackageAware
2011-06-09 19:08 . 2010-04-01 21:40 42672 ----a-w- c:\windows\system32\wbsys.dll
2011-06-09 17:12 . 2011-06-19 05:24 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\TuneUpMedia
2011-06-09 17:12 . 2011-06-19 05:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUpMedia
2011-06-09 17:11 . 2011-06-09 20:27 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\OpenCandy
2011-06-09 17:11 . 2011-06-09 18:27 -------- d-----w- c:\programmi\SIW
2011-06-09 17:11 . 2011-06-09 17:11 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\OpenCandy
2011-06-09 16:54 . 2011-06-09 16:54 -------- d-----w- c:\programmi\Artisteer 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 13:13 . 2010-04-27 19:10 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-06-14 17:38 . 2010-04-21 07:09 6359656 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-06-06 16:29 . 2011-06-06 11:29 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-06-06 16:23 . 2011-06-06 11:29 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-06-03 20:11 . 2010-09-07 08:57 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-29 07:11 . 2010-10-08 07:37 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-10-08 07:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 15:58 . 2010-04-21 07:09 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-05-25 07:26 . 2010-04-03 18:22 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 07:26 . 2010-04-03 18:23 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 07:26 . 2010-04-03 18:23 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-05-25 07:26 . 2010-04-03 18:23 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-05-25 07:26 . 2010-04-03 18:22 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-05-25 07:26 . 2010-04-03 18:22 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-05-25 07:26 . 2010-04-03 18:22 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-05-25 07:26 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-05-25 07:26 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-05-25 07:26 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-05-25 07:26 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-05-25 07:26 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-05-25 07:26 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-05-25 07:26 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-05-25 07:26 . 2010-04-03 18:22 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-05-25 07:26 . 2010-04-03 18:22 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-05-25 07:26 . 2010-04-03 18:22 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-05-25 07:26 . 2010-04-03 18:22 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-05-25 07:26 . 2010-04-03 18:22 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-05-25 07:26 . 2010-04-03 18:22 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-05-25 07:26 . 2010-04-03 18:22 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-05-25 07:26 . 2010-04-03 18:22 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-05-25 07:26 . 2010-04-03 18:22 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-05-25 07:26 . 2010-04-03 18:22 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-05-25 07:26 . 2010-04-03 18:22 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-05-25 07:26 . 2010-04-03 18:22 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-05-25 07:26 . 2010-04-03 18:22 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-05-25 07:26 . 2010-04-03 18:22 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-05-25 07:26 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-05-25 07:26 . 2010-04-03 18:22 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-05-25 07:26 . 2010-04-03 18:23 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:26 . 2010-04-03 18:23 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:26 . 2010-04-03 18:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 07:26 . 2011-06-03 21:32 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 07:25 . 2010-01-12 10:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 07:25 . 2008-10-07 05:33 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 07:25 . 2011-06-03 21:31 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 07:25 . 2011-06-03 21:31 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 07:25 . 2010-01-12 10:03 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 07:25 . 2010-01-12 10:03 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 07:25 . 2010-01-12 10:03 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 07:25 . 2008-10-07 05:33 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 07:25 . 2008-10-07 05:33 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 07:25 . 2008-10-07 05:33 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 07:25 . 2008-10-07 05:33 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-24 18:32 . 2011-05-24 18:32 434688 ----a-w- c:\windows\system32\ss2uinst.exe
2011-05-13 15:17 . 2010-04-21 07:09 59496 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-05-12 12:10 . 2010-04-21 07:09 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-05-07 09:08 . 2011-05-07 09:08 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2011-05-07 09:08 . 2011-05-07 09:08 180224 ----a-w- c:\windows\system32\WinVd32.sys
2011-05-04 16:31 . 2010-04-21 07:08 295528 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2011-05-02 15:31 . 2010-04-21 06:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-19 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-19 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:05 . 2004-08-19 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:05 . 2004-08-19 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-19 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-19 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-15 14:00 . 2010-04-21 07:07 53248 -c--a-w- c:\windows\system32\CSVer.dll
2011-04-13 13:03 . 2009-05-08 23:14 21792 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2011-04-13 13:02 . 2010-12-10 22:57 40984 ----a-w- c:\windows\system32\drivers\point32.sys
2001-07-10 17:08 . 2010-04-26 10:08 987693 -c--a-w- c:\programmi\Nandub.exe
2001-07-03 17:47 . 2010-04-26 10:08 69632 -c--a-w- c:\programmi\sylia.dll
2001-03-01 09:51 . 2010-04-26 10:08 36864 -c--a-w- c:\programmi\AuxSetup.exe
2000-09-24 04:48 . 2010-04-26 10:08 7752 -c--a-w- c:\programmi\vdsvrlnk.dll
2000-09-24 04:48 . 2010-04-26 10:08 10824 -c--a-w- c:\programmi\vdremote.dll
2000-04-16 20:22 . 2010-04-26 10:08 45056 -c--a-w- c:\programmi\vdicmdrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\programmi\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-09-10 563007]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-27 39408]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"Workshelf"="c:\programmi\Winstep\workshelf.exe" [2011-07-05 15332992]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"CursorFX"="c:\programmi\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe" [2011-06-17 412432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutpostMonitor"="c:\progra~1\Agnitum\Outpost Firewall\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" [2010-11-22 274608]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UpdateService\ISUSPM.exe" [2005-02-16 221184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\paolo\Menu Avvio\Programmi\Esecuzione automatica\
Blue My Mind Media Player Gadget.lnk - j:\backup\Stardock\CONCEPT LCD\Blue My Mind Media Player Gadget.exe [2011-6-21 1505280]
Concept LCD Calendar Widget.lnk - j:\backup\Stardock\CONCEPT LCD\Concept lcd applicazioni\CONCEPT LCD WIDGET\Concept LCD Calendar Widget.exe [2011-6-17 596992]
Concept LCD Media Player Widget.lnk - c:\programmi\Stardock\Object Desktop\DesktopX\Widgets\Concept LCD Media Player Widget.exe [2011-6-18 567296]
Dragon NaturallySpeaking.lnk - c:\programmi\Nuance\NaturallySpeaking10\Program\natspeak.exe [2009-2-13 2819432]
Gloss Mint Clock Gadget.lnk - c:\programmi\Stardock\DesktopGadgets\Gloss Mint Clock\Gloss Mint Clock.exe [2011-6-19 1096704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuix.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2008-03-28 08:23 49152 ----a-w- c:\progra~1\FILECO~1\Stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-04-01 21:40 172336 ----a-w- c:\progra~1\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-11-22 12:08 274608 ----a-w- c:\programmi\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NextSTART"=c:\programmi\Winstep\nextstart.exe autostart
"DriverMax"="c:\programmi\Innovative Solutions\DriverMax\devices.exe" -agent
"DriverMax_RESTART"="c:\programmi\Innovative Solutions\DriverMax\devices.exe" -RESTART
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" -osboot
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"nwiz"=c:\programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" -hide -runkey
"DNS7reminder"="c:\programmi\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Dati applicazioni\Nuance\NaturallySpeaking10\Ereg.ini
"BCSSync"="c:\programmi\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server TCP/IP Port
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [01/07/2011 14.21.48 16024]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/05/2010 12.48.10 691696]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [21/04/2010 9.07.13 13696]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [07/05/2011 11.26.41 704384]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07/09/2010 10.57.56 98392]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\Outpost Firewall\acs.exe [07/05/2011 11.25.16 1195008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [03/06/2011 23.33.15 2214504]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [01/07/2011 14.21.53 220824]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [06/06/2011 18.26.36 1524544]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [07/05/2011 11.08.46 17984]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [07/05/2011 11.25.20 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [07/05/2011 11.26.33 257432]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [01/07/2011 13.03.47 45472]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [26/04/2011 15.30.20 10064]
S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\DRIVERS\ImmunetProtect.sys --> c:\windows\system32\DRIVERS\ImmunetProtect.sys [?]
S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys --> c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys [?]
S1 MpKsl515afdd3;MpKsl515afdd3;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{6EE0863B-3CF8-4691-9993-99AC64093DD8}\MpKsl515afdd3.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{6EE0863B-3CF8-4691-9993-99AC64093DD8}\MpKsl515afdd3.sys [?]
S1 MpKsl61a64640;MpKsl61a64640;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{7BA56E2A-8CD8-4F6E-AC93-61296971C807}\MpKsl61a64640.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{7BA56E2A-8CD8-4F6E-AC93-61296971C807}\MpKsl61a64640.sys [?]
S1 MpKsl9b941007;MpKsl9b941007;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{9AF943FE-7604-4FFD-B00C-2F0D9D2DC1CA}\MpKsl9b941007.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{9AF943FE-7604-4FFD-B00C-2F0D9D2DC1CA}\MpKsl9b941007.sys [?]
S1 MpKslbbaaaaed;MpKslbbaaaaed;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{31A878FA-C683-4066-A9B9-66BAB2F1A4A0}\MpKslbbaaaaed.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{31A878FA-C683-4066-A9B9-66BAB2F1A4A0}\MpKslbbaaaaed.sys [?]
S1 MpKsldcbbc35d;MpKsldcbbc35d;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{E4C2749B-D0AD-46A4-A865-B561CEB91012}\MpKsldcbbc35d.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{E4C2749B-D0AD-46A4-A865-B561CEB91012}\MpKsldcbbc35d.sys [?]
S1 MpKslf212c74d;MpKslf212c74d;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{0B248A40-3EC7-41D0-9DDA-A303E89105F7}\MpKslf212c74d.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{0B248A40-3EC7-41D0-9DDA-A303E89105F7}\MpKslf212c74d.sys [?]
S1 SuperMounter;SuperMounter; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [24/04/2010 4.56.51 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [10/01/2011 2.18.42 8192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21/04/2010 9.09.42 1691480]
S3 esihdrv;esihdrv;\??\c:\docume~1\paolo\IMPOST~1\Temp\esihdrv.sys --> c:\docume~1\paolo\IMPOST~1\Temp\esihdrv.sys [?]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [24/04/2010 4.56.51 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; [x]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programmi\Microsoft Office\Office14\GROOVE.EXE [27/12/2010 23.50.30 31124344]
S3 osppsvc;Office Software Protection Platform;c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22.37.50 4640000]
S3 pbfilter;pbfilter; [x]
S3 pgusbwdm;usb-audio.de driver (commercial 2.8.45);c:\windows\system32\drivers\pgusbwdm.sys [02/07/2011 4.45.37 403008]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [04/07/2011 2.52.19 27064]
S3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13.37.14 517096]
S3 TABAIK;TABAIK; [x]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [01/07/2011 13.05.06 1512960]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-07-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAOLO-PC-paolo.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-07-01 01:44]
.
2011-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-24 02:56]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-24 02:56]
.
2011-07-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-07-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1801674531-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-07-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1801674531-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{04E0ABEC-BE27-4E72-B7E0-9A0EA032BD5F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: I&nvia a OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 83.103.25.250 62.101.93.101
FF - ProfilePath - c:\documents and settings\paolo\Dati applicazioni\Mozilla\Firefox\Profiles\a1ik5tuv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- Associazioni dei file -------
.
.reg=regfile.reg
.txt=txtfile.txt
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - REG_SZ
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F} - (no file)
HKLM-Run-Cm108Sound - cm108.cpl
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-08 21:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-1801674531-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-823518204-1801674531-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{323C72CA-4542-7733-C0F6-95F1ECBD82A7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abdblgcapchmjeealdbplonbgmknabnaho"=hex:6a,61,69,61,6e,64,68,69,6f,61,63,6f,
6e,61,6b,62,61,6a,66,62,00,d3
"pajobippflliehijlhodpfjiljkpakmg"=hex:6a,61,69,61,6e,64,68,69,6f,61,63,6f,6e,
61,6b,62,61,6a,66,62,00,d3
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1504)
c:\progra~1\FILECO~1\Stardock\mcpstub.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\progra~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
- - - - - - - > 'lsass.exe'(1456)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3436)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\programmi\RocketDock\RocketDock.dll
c:\progra~1\FILECO~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\Microsoft Office\Office14\1040\GrooveIntlResource.dll
c:\programmi\Stardock\CursorFX\CurXP0.dll
c:\programmi\Atomic Alarm Clock\Clock.dll
c:\progra~1\FILECO~1\Stardock\mcpcore.dll
c:\programmi\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
c:\programmi\Stardock\Object Desktop\DeskScapes3\deskscape.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\progra~1\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\programmi\Sandboxie\SbieSvc.exe
c:\progra~1\FILECO~1\Stardock\SDMCP.exe
c:\windows\system32\rundll32.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\RunDll32.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\Stardock\Object Desktop\DesktopX\dxwidget.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\progra~1\Stardock\Object Desktop\DesktopX\dxwidget.exe
c:\docume~1\paolo\IMPOST~1\Temp\{433F72BD-5811-476F-9276-8B264E84336B}\Blue My Mind Media Player Gadget.exe
.
**************************************************************************
.
Ora fine scansione: 2011-07-08 21:51:14 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-07-08 19:51
.
Pre-Run: 159.500.959.744 byte disponibili
Post-Run: 159.435.886.592 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
.
- - End Of File - - D9921AD1C97F7ECC2296496EC43DD55E
Torna in alto
 
r16
Inviato: Friday, July 08, 2011 11:21:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Miseria....c'è un casino di programmi in quel pc, che manco conosco.Think

Disistalla MSE (deve essere danneggiato)

Dopo la disistallazione di MSE: (è importante)

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt


Code:
KillAll::

Driver::
ImmunetProtectDriver
ImmunetSelfProtectDriver
TABAIK
esihdrv
Lavasoft Kernexplorer
pbfilter

File::
c:\windows\system32\DRIVERS\ImmunetProtect.sys
c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys
c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys

Folder::
c:\programmi\Lavasoft\Ad-Aware
c:\programmi\Lavasoft

RegLock::
[HKEY_USERS\S-1-5-21-823518204-1801674531-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

RegNull::
[HKEY_USERS\S-1-5-21-823518204-1801674531-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{323C72CA-4542-7733-C0F6-95F1ECBD82A7}*]

SecCenter::
{EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
{E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
{11638345-E4FC-4BEE-BB73-EC754659C5F6}
{E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.

N.B:
Sei senza antivirus.
Per cui collegati solo a questo forum.
Per essere più chiari, NON navigare in internet. (collegati SOLO in questo forum)
Torna in alto
 
agatone
Inviato: Saturday, July 09, 2011 12:31:53 AM
Rank: AiutAmico

Iscritto dal : 1/5/2011
Posts: 112
Ciao r16
momenti di grosso panico qui.All'avvio della scansione del txt mi compare il messaggio : rilevato Eset smart security 3.0 se continuate a vostro rischio e pericolo.
Stesso messaggio che alla prima scansione.
Ma prima ho risolto andando a cercare la cartella Eset in c/programmi ed e' partito
Ora ho provato a digitare queste due stringhe(che se ricordi mi erano state consigliate nella mia precedente richiesta di aiuto per eliminare i residui di nod 32) :

sc delete EHttpSrv
premi invio

Ancora start esegui e digita:
sc delete ekrn
premi invio


Ma niente,cosi' ho giocato l'unica carta che avevo in mano cioe' andare a cercare in regseeker le voci inutili
eset smart security,appunto.
E poi e' partita la scansione di Combo fix
Saro' uno sciagurato ma non sapevo che altro fare

Si' e' vero ,ho un po di programmini opzionali ..Whistle
mi servono piu' che altro per fare un po a botte nel difficile mondo dell'Internet marketing ..

Ti posto il nuovo log:

ComboFix 11-07-08.03 - paolo 09/07/2011 0.02.58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2171 [GMT 2:00]
Eseguito da: c:\documents and settings\paolo\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\paolo\Desktop\CFScript.txt.txt
FW: Outpost Firewall *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
FILE ::
"c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys"
"c:\windows\system32\DRIVERS\ImmunetProtect.sys"
"c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESIHDRV
-------\Legacy_IMMUNETPROTECTDRIVER
-------\Legacy_IMMUNETSELFPROTECTDRIVER
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Legacy_PBFILTER
-------\Legacy_TABAIK
-------\Service_esihdrv
-------\Service_ImmunetProtectDriver
-------\Service_ImmunetSelfProtectDriver
-------\Service_Lavasoft Kernexplorer
-------\Service_pbfilter
-------\Service_TABAIK
.
.
((((((((((((((((((((((((( Files Creati Da 2011-06-08 al 2011-07-08 )))))))))))))))))))))))))))))))))))
.
.
2011-07-08 16:10 . 2011-07-08 16:10 -------- d-----r- C:\Sandbox
2011-07-08 08:58 . 2011-07-08 08:58 -------- d-----w- c:\documents and settings\UpdatusUser\Dati applicazioni\TuneUp Software
2011-07-08 01:38 . 2011-07-08 19:27 -------- d-----w- c:\programmi\Citrix
2011-07-07 11:01 . 2011-07-07 11:01 -------- d-----w- c:\programmi\Market Samurai
2011-07-07 10:22 . 2011-07-07 10:23 -------- d-----w- c:\programmi\RocketDock
2011-07-04 22:06 . 2011-07-04 22:06 7840 ----a-w- c:\windows\system32\mcdmsg2.dll
2011-07-04 21:30 . 2011-07-04 21:30 -------- d-----w- c:\programmi\Sandboxie
2011-07-04 14:52 . 2003-04-18 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-07-04 14:19 . 2011-07-04 14:19 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\Nuance
2011-07-04 14:19 . 2011-07-04 14:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2011-07-04 14:19 . 2011-07-04 14:27 -------- d-----w- c:\programmi\File comuni\Nuance
2011-07-04 14:19 . 2011-07-04 14:19 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2011-07-04 14:19 . 2011-07-04 14:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nuance
2011-07-04 10:56 . 2011-07-08 22:09 -------- d-----w- c:\programmi\Microsoft Security Client
2011-07-04 10:37 . 2011-07-04 15:12 -------- d-----w- c:\programmi\Easypano
2011-07-04 00:52 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-07-03 22:57 . 2011-07-03 22:57 -------- d-----w- c:\programmi\IrfanView
2011-07-03 21:31 . 2011-07-03 21:34 -------- d-----w- c:\programmi\Neuro-Programmer 3
2011-07-02 15:43 . 2005-11-30 23:05 397312 ----a-w- c:\windows\system32\puma lcd simulator v77.ocx
2011-07-02 15:43 . 2005-11-08 16:35 40960 ----a-w- c:\windows\system32\akprogressbar.ocx
2011-07-02 15:43 . 2005-11-06 15:14 366080 ----a-w- c:\windows\system32\vbskfr2.ocx
2011-07-02 15:43 . 2004-10-18 04:04 161280 ----a-w- c:\windows\system32\fmod.dll
2011-07-02 15:43 . 2001-04-27 13:11 24576 ----a-w- c:\windows\system32\smartsubclass.dll
2011-07-02 15:43 . 2006-08-24 00:15 90112 ----a-w- c:\windows\system32\dgwaveedit.ocx
2011-07-02 15:43 . 2006-03-03 13:09 90112 ----a-w- c:\windows\system32\kcommobj.ocx
2011-07-02 15:43 . 2005-11-08 16:35 69632 ----a-w- c:\windows\system32\webupdate.ocx
2011-07-02 15:43 . 2004-10-25 08:19 151552 ----a-w- c:\windows\system32\dxvumeter3.ocx
2011-07-02 15:43 . 2004-05-25 13:24 35840 ----a-w- c:\windows\system32\xfxslider.ocx
2011-07-02 15:43 . 1998-12-02 08:11 143360 ----a-w- c:\windows\system32\unzip32.dll
2011-07-02 15:42 . 2011-07-08 19:56 -------- d-----w- c:\programmi\Atmosphere Deluxe
2011-07-02 12:57 . 2011-07-02 15:46 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\amd
2011-07-02 02:45 . 2010-08-13 16:06 403008 ----a-w- c:\windows\system32\drivers\pgusbwdm.sys
2011-07-02 02:33 . 2004-07-13 09:40 48512 ----a-w- c:\windows\system32\drivers\umss.sys
2011-07-02 02:07 . 2011-07-02 02:07 -------- d-----w- c:\programmi\Innovative Solutions
2011-07-02 01:07 . 2011-07-02 01:07 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\Innovative Solutions
2011-07-02 01:07 . 2011-07-02 01:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2011-07-01 17:14 . 2011-07-03 23:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IsolatedStorage
2011-07-01 17:11 . 2011-07-01 17:11 -------- d-----w- c:\programmi\ZennoLab
2011-07-01 16:43 . 2011-07-01 16:45 -------- d-----w- c:\programmi\CCleaner
2011-07-01 16:32 . 2007-06-26 06:40 49152 ----a-w- c:\windows\j3dcore-ogl-chk.dll
2011-07-01 16:32 . 2007-06-26 06:40 40960 ----a-w- c:\windows\j3dcore-ogl-cg.dll
2011-07-01 16:32 . 2007-06-26 06:40 163840 ----a-w- c:\windows\j3dcore-ogl.dll
2011-07-01 16:32 . 2007-06-26 06:40 823296 ----a-w- c:\windows\j3dcore-d3d.dll
2011-07-01 13:14 . 2011-07-01 13:14 -------- d-----w- c:\programmi\File comuni\Java
2011-07-01 13:13 . 2011-07-01 13:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-01 13:13 . 2011-07-01 16:32 -------- d-----w- c:\programmi\Java
2011-07-01 13:12 . 2011-07-07 15:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-01 12:21 . 2011-07-01 11:56 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2011-07-01 12:21 . 2011-07-01 11:55 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys
2011-07-01 12:21 . 2011-07-01 11:55 45208 ----a-w- c:\windows\system32\drivers\psmounter.sys
2011-07-01 11:06 . 2009-11-11 18:54 294912 ----a-w- c:\windows\system32\CM108rm.exe
2011-07-01 11:05 . 2009-08-19 20:06 307200 ----a-w- c:\windows\Cmi108Uninstall.exe
2011-07-01 11:05 . 2004-04-14 16:28 315392 ----a-r- c:\windows\system\fltr108.dll
2011-07-01 11:05 . 2011-07-01 11:05 -------- d-----w- c:\programmi\USB PnP Sound Device
2011-07-01 11:05 . 2010-03-04 17:04 1512960 ----a-r- c:\windows\system32\drivers\CM108.sys
2011-07-01 11:04 . 2003-11-10 16:13 69715 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-07-01 11:04 . 2003-11-10 16:12 266240 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-07-01 11:04 . 2003-11-10 16:12 192512 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-07-01 11:04 . 2003-11-10 16:11 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-07-01 11:04 . 2011-07-01 11:04 188548 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-07-01 11:04 . 2003-11-10 16:14 729088 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-07-01 11:04 . 2011-07-01 11:04 311428 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-07-01 11:04 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-07-01 11:03 . 2011-04-13 13:03 45472 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-07-01 11:03 . 2011-01-07 13:56 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-07-01 11:03 . 2011-07-01 11:03 -------- d-----w- c:\programmi\Microsoft IntelliType Pro
2011-07-01 10:53 . 2011-07-02 01:22 -------- d-----w- c:\programmi\Driver-Soft
2011-06-23 05:07 . 2011-06-23 05:07 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\SMRecorder
2011-06-21 09:30 . 2011-06-21 09:30 3404800 ----a-w- c:\windows\system32\logonuix.exe
2011-06-20 00:53 . 2011-06-20 00:53 -------- d-----w- c:\windows\SoundPackager
2011-06-19 07:12 . 2011-07-02 06:06 -------- d-----w- c:\windows\CursorFX
2011-06-19 07:12 . 2011-06-21 07:03 -------- d-----w- c:\windows\DesktopX
2011-06-19 06:53 . 2011-06-20 01:04 -------- d-----w- c:\windows\WindowBlinds
2011-06-19 06:53 . 2011-06-20 01:04 -------- d-----w- c:\windows\IconPackager
2011-06-19 06:53 . 2011-06-19 06:53 -------- d-----w- c:\windows\Gadgets
2011-06-19 05:32 . 2011-06-19 05:32 -------- d-----w- c:\programmi\iPod
2011-06-18 20:16 . 2008-02-05 12:36 798208 ----a-w- c:\windows\system32\NextControls.ocx
2011-06-18 20:16 . 2011-07-07 10:15 -------- d-----w- c:\programmi\Winstep
2011-06-18 19:18 . 2011-06-18 19:19 -------- d-----w- c:\programmi\screencapstudio
2011-06-18 19:18 . 2011-06-18 19:18 -------- d-----w- c:\windows\ScreenCapStudio
2011-06-18 19:06 . 2011-06-18 19:06 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2011-06-13 20:05 . 2011-06-13 20:05 -------- d-----w- c:\documents and settings\All Users\Documents
2011-06-13 19:23 . 2010-04-01 21:39 58616 ----a-w- c:\windows\system32\wbload.dll
2011-06-13 19:05 . 2011-06-13 19:05 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\TuneUp Software
2011-06-12 21:37 . 2011-06-12 21:37 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\VS Revo Group
2011-06-12 08:56 . 2011-06-18 18:56 -------- d-----w- c:\programmi\File comuni\Stardock
2011-06-12 08:41 . 2011-06-18 18:54 -------- d-----w- c:\programmi\Impulse
2011-06-12 08:41 . 2011-06-12 08:41 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{D63AF49A-8D8F-40D9-8477-44253233DF5A}
2011-06-12 00:18 . 2011-06-12 00:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Gibraltar
2011-06-11 16:28 . 2011-06-19 05:20 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\ODUI
2011-06-11 16:28 . 2011-06-19 05:20 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\Stardock
2011-06-11 16:25 . 2011-06-13 20:05 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\Stardock
2011-06-11 16:24 . 2011-06-21 07:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Stardock
2011-06-11 16:24 . 2011-06-11 16:24 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\PackageAware
2011-06-09 19:08 . 2010-04-01 21:40 42672 ----a-w- c:\windows\system32\wbsys.dll
2011-06-09 17:12 . 2011-06-19 05:24 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\TuneUpMedia
2011-06-09 17:12 . 2011-06-19 05:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUpMedia
2011-06-09 17:11 . 2011-06-09 20:27 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\OpenCandy
2011-06-09 17:11 . 2011-06-09 18:27 -------- d-----w- c:\programmi\SIW
2011-06-09 17:11 . 2011-06-09 17:11 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\OpenCandy
2011-06-09 16:54 . 2011-06-09 16:54 -------- d-----w- c:\programmi\Artisteer 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 13:13 . 2010-04-27 19:10 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-06-14 17:38 . 2010-04-21 07:09 6359656 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-06-06 16:29 . 2011-06-06 11:29 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-06-06 16:23 . 2011-06-06 11:29 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-06-03 20:11 . 2010-09-07 08:57 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-29 07:11 . 2010-10-08 07:37 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-10-08 07:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 15:58 . 2010-04-21 07:09 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-05-25 07:26 . 2010-04-03 18:22 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 07:26 . 2010-04-03 18:23 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 07:26 . 2010-04-03 18:23 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-05-25 07:26 . 2010-04-03 18:23 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-05-25 07:26 . 2010-04-03 18:22 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-05-25 07:26 . 2010-04-03 18:22 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-05-25 07:26 . 2010-04-03 18:22 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-05-25 07:26 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-05-25 07:26 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-05-25 07:26 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-05-25 07:26 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-05-25 07:26 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-05-25 07:26 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-05-25 07:26 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-05-25 07:26 . 2010-04-03 18:22 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-05-25 07:26 . 2010-04-03 18:22 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-05-25 07:26 . 2010-04-03 18:22 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-05-25 07:26 . 2010-04-03 18:22 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-05-25 07:26 . 2010-04-03 18:22 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-05-25 07:26 . 2010-04-03 18:22 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-05-25 07:26 . 2010-04-03 18:22 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-05-25 07:26 . 2010-04-03 18:22 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-05-25 07:26 . 2010-04-03 18:22 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-05-25 07:26 . 2010-04-03 18:22 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-05-25 07:26 . 2010-04-03 18:22 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-05-25 07:26 . 2010-04-03 18:22 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-05-25 07:26 . 2010-04-03 18:22 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-05-25 07:26 . 2010-04-03 18:22 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-05-25 07:26 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-05-25 07:26 . 2010-04-03 18:22 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-05-25 07:26 . 2010-04-03 18:23 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:26 . 2010-04-03 18:23 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:26 . 2010-04-03 18:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 07:26 . 2011-06-03 21:32 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 07:25 . 2010-01-12 10:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 07:25 . 2008-10-07 05:33 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 07:25 . 2011-06-03 21:31 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 07:25 . 2011-06-03 21:31 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 07:25 . 2010-01-12 10:03 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 07:25 . 2010-01-12 10:03 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 07:25 . 2010-01-12 10:03 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 07:25 . 2008-10-07 05:33 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 07:25 . 2008-10-07 05:33 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 07:25 . 2008-10-07 05:33 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 07:25 . 2008-10-07 05:33 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-24 18:32 . 2011-05-24 18:32 434688 ----a-w- c:\windows\system32\ss2uinst.exe
2011-05-13 15:17 . 2010-04-21 07:09 59496 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-05-12 12:10 . 2010-04-21 07:09 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-05-07 09:08 . 2011-05-07 09:08 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2011-05-07 09:08 . 2011-05-07 09:08 180224 ----a-w- c:\windows\system32\WinVd32.sys
2011-05-04 16:31 . 2010-04-21 07:08 295528 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2011-05-02 15:31 . 2010-04-21 06:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-19 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-19 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:05 . 2004-08-19 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:05 . 2004-08-19 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-19 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-19 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-15 14:00 . 2010-04-21 07:07 53248 -c--a-w- c:\windows\system32\CSVer.dll
2011-04-13 13:03 . 2009-05-08 23:14 21792 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2011-04-13 13:02 . 2010-12-10 22:57 40984 ----a-w- c:\windows\system32\drivers\point32.sys
2001-07-10 17:08 . 2010-04-26 10:08 987693 -c--a-w- c:\programmi\Nandub.exe
2001-07-03 17:47 . 2010-04-26 10:08 69632 -c--a-w- c:\programmi\sylia.dll
2001-03-01 09:51 . 2010-04-26 10:08 36864 -c--a-w- c:\programmi\AuxSetup.exe
2000-09-24 04:48 . 2010-04-26 10:08 7752 -c--a-w- c:\programmi\vdsvrlnk.dll
2000-09-24 04:48 . 2010-04-26 10:08 10824 -c--a-w- c:\programmi\vdremote.dll
2000-04-16 20:22 . 2010-04-26 10:08 45056 -c--a-w- c:\programmi\vdicmdrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-08_19.48.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-08 22:10 . 2011-07-08 22:10 16384 c:\windows\temp\Perflib_Perfdata_408.dat
+ 2011-07-08 22:10 . 2009-10-06 23:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2011-07-08 19:42 . 2009-10-06 23:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\programmi\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-09-10 563007]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-27 39408]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"Workshelf"="c:\programmi\Winstep\workshelf.exe" [2011-07-05 15332992]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"CursorFX"="c:\programmi\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe" [2011-06-17 412432]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutpostMonitor"="c:\progra~1\Agnitum\Outpost Firewall\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" [2010-11-22 274608]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UpdateService\ISUSPM.exe" [2005-02-16 221184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\paolo\Menu Avvio\Programmi\Esecuzione automatica\
Blue My Mind Media Player Gadget.lnk - j:\backup\Stardock\CONCEPT LCD\Blue My Mind Media Player Gadget.exe [2011-6-21 1505280]
Concept LCD Calendar Widget.lnk - j:\backup\Stardock\CONCEPT LCD\Concept lcd applicazioni\CONCEPT LCD WIDGET\Concept LCD Calendar Widget.exe [2011-6-17 596992]
Concept LCD Media Player Widget.lnk - c:\programmi\Stardock\Object Desktop\DesktopX\Widgets\Concept LCD Media Player Widget.exe [2011-6-18 567296]
Dragon NaturallySpeaking.lnk - c:\programmi\Nuance\NaturallySpeaking10\Program\natspeak.exe [2009-2-13 2819432]
Gloss Mint Clock Gadget.lnk - c:\programmi\Stardock\DesktopGadgets\Gloss Mint Clock\Gloss Mint Clock.exe [2011-6-19 1096704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuix.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2008-03-28 08:23 49152 ----a-w- c:\progra~1\FILECO~1\Stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-04-01 21:40 172336 ----a-w- c:\progra~1\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-11-22 12:08 274608 ----a-w- c:\programmi\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NextSTART"=c:\programmi\Winstep\nextstart.exe autostart
"DriverMax"="c:\programmi\Innovative Solutions\DriverMax\devices.exe" -agent
"DriverMax_RESTART"="c:\programmi\Innovative Solutions\DriverMax\devices.exe" -RESTART
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" -osboot
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"nwiz"=c:\programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" -hide -runkey
"DNS7reminder"="c:\programmi\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Dati applicazioni\Nuance\NaturallySpeaking10\Ereg.ini
"BCSSync"="c:\programmi\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server TCP/IP Port
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [01/07/2011 14.21.48 16024]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/05/2010 12.48.10 691696]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [21/04/2010 9.07.13 13696]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [07/05/2011 11.26.41 704384]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07/09/2010 10.57.56 98392]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\Outpost Firewall\acs.exe [07/05/2011 11.25.16 1195008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [03/06/2011 23.33.15 2214504]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [01/07/2011 14.21.53 220824]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [06/06/2011 18.26.36 1524544]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [07/05/2011 11.08.46 17984]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [07/05/2011 11.25.20 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [07/05/2011 11.26.33 257432]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [01/07/2011 13.03.47 45472]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [26/04/2011 15.30.20 10064]
S1 MpKsl515afdd3;MpKsl515afdd3;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{6EE0863B-3CF8-4691-9993-99AC64093DD8}\MpKsl515afdd3.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{6EE0863B-3CF8-4691-9993-99AC64093DD8}\MpKsl515afdd3.sys [?]
S1 MpKsl61a64640;MpKsl61a64640;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{7BA56E2A-8CD8-4F6E-AC93-61296971C807}\MpKsl61a64640.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{7BA56E2A-8CD8-4F6E-AC93-61296971C807}\MpKsl61a64640.sys [?]
S1 MpKsl9b941007;MpKsl9b941007;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{9AF943FE-7604-4FFD-B00C-2F0D9D2DC1CA}\MpKsl9b941007.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{9AF943FE-7604-4FFD-B00C-2F0D9D2DC1CA}\MpKsl9b941007.sys [?]
S1 MpKslbbaaaaed;MpKslbbaaaaed;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{31A878FA-C683-4066-A9B9-66BAB2F1A4A0}\MpKslbbaaaaed.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{31A878FA-C683-4066-A9B9-66BAB2F1A4A0}\MpKslbbaaaaed.sys [?]
S1 MpKsldcbbc35d;MpKsldcbbc35d;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{E4C2749B-D0AD-46A4-A865-B561CEB91012}\MpKsldcbbc35d.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{E4C2749B-D0AD-46A4-A865-B561CEB91012}\MpKsldcbbc35d.sys [?]
S1 MpKslf212c74d;MpKslf212c74d;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{0B248A40-3EC7-41D0-9DDA-A303E89105F7}\MpKslf212c74d.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{0B248A40-3EC7-41D0-9DDA-A303E89105F7}\MpKslf212c74d.sys [?]
S1 SuperMounter;SuperMounter; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [24/04/2010 4.56.51 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [10/01/2011 2.18.42 8192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21/04/2010 9.09.42 1691480]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [24/04/2010 4.56.51 136176]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; [x]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programmi\Microsoft Office\Office14\GROOVE.EXE [27/12/2010 23.50.30 31124344]
S3 osppsvc;Office Software Protection Platform;c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22.37.50 4640000]
S3 pgusbwdm;usb-audio.de driver (commercial 2.8.45);c:\windows\system32\drivers\pgusbwdm.sys [02/07/2011 4.45.37 403008]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [04/07/2011 2.52.19 27064]
S3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13.37.14 517096]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [01/07/2011 13.05.06 1512960]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-07-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAOLO-PC-paolo.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-07-01 01:44]
.
2011-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-24 02:56]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-24 02:56]
.
2011-07-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1801674531-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-07-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1801674531-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{04E0ABEC-BE27-4E72-B7E0-9A0EA032BD5F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: I&nvia a OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 83.103.25.250 62.101.93.101
FF - ProfilePath - c:\documents and settings\paolo\Dati applicazioni\Mozilla\Firefox\Profiles\a1ik5tuv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - REG_SZ
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-09 00:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1500)
c:\progra~1\FILECO~1\Stardock\mcpstub.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\progra~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
- - - - - - - > 'lsass.exe'(1116)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3652)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\programmi\RocketDock\RocketDock.dll
c:\progra~1\FILECO~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\Microsoft Office\Office14\1040\GrooveIntlResource.dll
c:\programmi\Stardock\CursorFX\CurXP0.dll
c:\programmi\Atomic Alarm Clock\Clock.dll
c:\progra~1\FILECO~1\Stardock\mcpcore.dll
c:\programmi\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
c:\programmi\Stardock\Object Desktop\DeskScapes3\deskscape.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\progra~1\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Sandboxie\SbieSvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\progra~1\FILECO~1\Stardock\SDMCP.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\Stardock\Object Desktop\DesktopX\dxwidget.exe
c:\progra~1\Stardock\Object Desktop\DesktopX\dxwidget.exe
c:\docume~1\paolo\IMPOST~1\Temp\{433F72BD-5811-476F-9276-8B264E84336B}\Blue My Mind Media Player Gadget.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2011-07-09 00:14:22 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-07-08 22:14
ComboFix2.txt 2011-07-08 19:51
.
Pre-Run: 159.619.092.480 byte disponibili
Post-Run: 159.624.527.872 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=WP8QOA /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=WP8QOA-BAK
.
- - End Of File - - 9C5A2C575285B5FCAD38414F24A7F145
Torna in alto
 
r16
Inviato: Saturday, July 09, 2011 12:31:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ma hai eliminato MSE PRIMA della scansione con Combofix?
Perche nel log, non mi risulta che l'hai eliminato.

Se hai cercato di eliminarlo ci sono queste voci ancora da eliminare:
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

Driver::
MpKsl515afdd3
MpKsl61a64640
MpKsl9b941007
MpKslbbaaaaed
MpKsldcbbc35d
MpKslf212c74d
SuperMounter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSC"=-

File::
c:\programmi\Microsoft Security Client\msseces.exe

Folder::
c:\programmi\Microsoft Security Client


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.

Poi dimmi se vuoi reistallarlo, oppure vuoi un'altro antivirus.
Torna in alto
 
agatone
Inviato: Saturday, July 09, 2011 12:48:08 PM
Rank: AiutAmico

Iscritto dal : 1/5/2011
Posts: 112
Si' l'ho disinstalloato prima della scansione come hai detto tu
Torna in alto
 
r16
Inviato: Saturday, July 09, 2011 12:54:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
E allora esegui lo script. (quello sopra)
Poi dimmi cosa vuoi fare riguardo l'installazione di un antivirus.
Torna in alto
 
agatone
Inviato: Saturday, July 09, 2011 1:13:50 PM
Rank: AiutAmico

Iscritto dal : 1/5/2011
Posts: 112
Script eseguito
Perdonami R16 ma tra ieri sera e stamattina ho reinstallato MSE per non andare in rete senza protezione
Stamattina,prima di quest'ultima scansione,l'ho disinstallato di nuovo con Revo
Ecco il log

ComboFix 11-07-08.03 - paolo 09/07/2011 12.59.15.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2369 [GMT 2:00]
Eseguito da: c:\documents and settings\paolo\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\paolo\Desktop\CFScript.txt.txt
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
FILE ::
"c:\programmi\Microsoft Security Client\msseces.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL515AFDD3
-------\Legacy_MPKSLBBAAAAED
-------\Legacy_MPKSLDCBBC35D
-------\Legacy_MPKSLF212C74D
-------\Legacy_SUPERMOUNTER
-------\Service_MpKsl515afdd3
-------\Service_MpKsl61a64640
-------\Service_MpKsl9b941007
-------\Service_MpKslbbaaaaed
-------\Service_MpKsldcbbc35d
-------\Service_MpKslf212c74d
-------\Service_SuperMounter
.
.
((((((((((((((((((((((((( Files Creati Da 2011-06-09 al 2011-07-09 )))))))))))))))))))))))))))))))))))
.
.
2011-07-08 16:10 . 2011-07-08 16:10 -------- d-----r- C:\Sandbox
2011-07-08 08:58 . 2011-07-08 08:58 -------- d-----w- c:\documents and settings\UpdatusUser\Dati applicazioni\TuneUp Software
2011-07-08 01:38 . 2011-07-08 19:27 -------- d-----w- c:\programmi\Citrix
2011-07-07 11:01 . 2011-07-07 11:01 -------- d-----w- c:\programmi\Market Samurai
2011-07-07 10:22 . 2011-07-07 10:23 -------- d-----w- c:\programmi\RocketDock
2011-07-04 22:06 . 2011-07-04 22:06 7840 ----a-w- c:\windows\system32\mcdmsg2.dll
2011-07-04 21:30 . 2011-07-04 21:30 -------- d-----w- c:\programmi\Sandboxie
2011-07-04 14:52 . 2003-04-18 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-07-04 14:19 . 2011-07-04 14:19 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\Nuance
2011-07-04 14:19 . 2011-07-04 14:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2011-07-04 14:19 . 2011-07-04 14:27 -------- d-----w- c:\programmi\File comuni\Nuance
2011-07-04 14:19 . 2011-07-04 14:19 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2011-07-04 14:19 . 2011-07-04 14:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nuance
2011-07-04 10:37 . 2011-07-04 15:12 -------- d-----w- c:\programmi\Easypano
2011-07-04 00:52 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-07-03 22:57 . 2011-07-03 22:57 -------- d-----w- c:\programmi\IrfanView
2011-07-03 21:31 . 2011-07-03 21:34 -------- d-----w- c:\programmi\Neuro-Programmer 3
2011-07-02 15:43 . 2005-11-30 23:05 397312 ----a-w- c:\windows\system32\puma lcd simulator v77.ocx
2011-07-02 15:43 . 2005-11-08 16:35 40960 ----a-w- c:\windows\system32\akprogressbar.ocx
2011-07-02 15:43 . 2005-11-06 15:14 366080 ----a-w- c:\windows\system32\vbskfr2.ocx
2011-07-02 15:43 . 2004-10-18 04:04 161280 ----a-w- c:\windows\system32\fmod.dll
2011-07-02 15:43 . 2001-04-27 13:11 24576 ----a-w- c:\windows\system32\smartsubclass.dll
2011-07-02 15:43 . 2006-08-24 00:15 90112 ----a-w- c:\windows\system32\dgwaveedit.ocx
2011-07-02 15:43 . 2006-03-03 13:09 90112 ----a-w- c:\windows\system32\kcommobj.ocx
2011-07-02 15:43 . 2005-11-08 16:35 69632 ----a-w- c:\windows\system32\webupdate.ocx
2011-07-02 15:43 . 2004-10-25 08:19 151552 ----a-w- c:\windows\system32\dxvumeter3.ocx
2011-07-02 15:43 . 2004-05-25 13:24 35840 ----a-w- c:\windows\system32\xfxslider.ocx
2011-07-02 15:43 . 1998-12-02 08:11 143360 ----a-w- c:\windows\system32\unzip32.dll
2011-07-02 15:42 . 2011-07-08 19:56 -------- d-----w- c:\programmi\Atmosphere Deluxe
2011-07-02 12:57 . 2011-07-02 15:46 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\amd
2011-07-02 02:45 . 2010-08-13 16:06 403008 ----a-w- c:\windows\system32\drivers\pgusbwdm.sys
2011-07-02 02:33 . 2004-07-13 09:40 48512 ----a-w- c:\windows\system32\drivers\umss.sys
2011-07-02 02:07 . 2011-07-02 02:07 -------- d-----w- c:\programmi\Innovative Solutions
2011-07-02 01:07 . 2011-07-02 01:07 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\Innovative Solutions
2011-07-02 01:07 . 2011-07-02 01:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2011-07-01 17:14 . 2011-07-03 23:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IsolatedStorage
2011-07-01 17:11 . 2011-07-01 17:11 -------- d-----w- c:\programmi\ZennoLab
2011-07-01 16:43 . 2011-07-01 16:45 -------- d-----w- c:\programmi\CCleaner
2011-07-01 16:32 . 2007-06-26 06:40 49152 ----a-w- c:\windows\j3dcore-ogl-chk.dll
2011-07-01 16:32 . 2007-06-26 06:40 40960 ----a-w- c:\windows\j3dcore-ogl-cg.dll
2011-07-01 16:32 . 2007-06-26 06:40 163840 ----a-w- c:\windows\j3dcore-ogl.dll
2011-07-01 16:32 . 2007-06-26 06:40 823296 ----a-w- c:\windows\j3dcore-d3d.dll
2011-07-01 13:14 . 2011-07-01 13:14 -------- d-----w- c:\programmi\File comuni\Java
2011-07-01 13:13 . 2011-07-01 13:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-01 13:13 . 2011-07-01 16:32 -------- d-----w- c:\programmi\Java
2011-07-01 13:12 . 2011-07-07 15:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-01 12:21 . 2011-07-01 11:56 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2011-07-01 12:21 . 2011-07-01 11:55 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys
2011-07-01 12:21 . 2011-07-01 11:55 45208 ----a-w- c:\windows\system32\drivers\psmounter.sys
2011-07-01 11:06 . 2009-11-11 18:54 294912 ----a-w- c:\windows\system32\CM108rm.exe
2011-07-01 11:05 . 2009-08-19 20:06 307200 ----a-w- c:\windows\Cmi108Uninstall.exe
2011-07-01 11:05 . 2004-04-14 16:28 315392 ----a-r- c:\windows\system\fltr108.dll
2011-07-01 11:05 . 2011-07-01 11:05 -------- d-----w- c:\programmi\USB PnP Sound Device
2011-07-01 11:05 . 2010-03-04 17:04 1512960 ----a-r- c:\windows\system32\drivers\CM108.sys
2011-07-01 11:04 . 2003-11-10 16:13 69715 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-07-01 11:04 . 2003-11-10 16:12 266240 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-07-01 11:04 . 2003-11-10 16:12 192512 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-07-01 11:04 . 2003-11-10 16:11 5632 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-07-01 11:04 . 2011-07-01 11:04 188548 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-07-01 11:04 . 2003-11-10 16:14 729088 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-07-01 11:04 . 2011-07-01 11:04 311428 ----a-w- c:\programmi\File comuni\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-07-01 11:04 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-07-01 11:03 . 2011-04-13 13:03 45472 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-07-01 11:03 . 2011-01-07 13:56 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-07-01 11:03 . 2011-07-01 11:03 -------- d-----w- c:\programmi\Microsoft IntelliType Pro
2011-07-01 10:53 . 2011-07-02 01:22 -------- d-----w- c:\programmi\Driver-Soft
2011-06-23 05:07 . 2011-06-23 05:07 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\SMRecorder
2011-06-21 09:30 . 2011-06-21 09:30 3404800 ----a-w- c:\windows\system32\logonuix.exe
2011-06-20 00:53 . 2011-06-20 00:53 -------- d-----w- c:\windows\SoundPackager
2011-06-19 07:12 . 2011-07-02 06:06 -------- d-----w- c:\windows\CursorFX
2011-06-19 07:12 . 2011-06-21 07:03 -------- d-----w- c:\windows\DesktopX
2011-06-19 06:53 . 2011-06-20 01:04 -------- d-----w- c:\windows\WindowBlinds
2011-06-19 06:53 . 2011-06-20 01:04 -------- d-----w- c:\windows\IconPackager
2011-06-19 06:53 . 2011-06-19 06:53 -------- d-----w- c:\windows\Gadgets
2011-06-19 05:32 . 2011-06-19 05:32 -------- d-----w- c:\programmi\iPod
2011-06-18 20:16 . 2008-02-05 12:36 798208 ----a-w- c:\windows\system32\NextControls.ocx
2011-06-18 20:16 . 2011-07-07 10:15 -------- d-----w- c:\programmi\Winstep
2011-06-18 19:18 . 2011-06-18 19:19 -------- d-----w- c:\programmi\screencapstudio
2011-06-18 19:18 . 2011-06-18 19:18 -------- d-----w- c:\windows\ScreenCapStudio
2011-06-18 19:06 . 2011-06-18 19:06 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2011-06-13 20:05 . 2011-06-13 20:05 -------- d-----w- c:\documents and settings\All Users\Documents
2011-06-13 19:23 . 2010-04-01 21:39 58616 ----a-w- c:\windows\system32\wbload.dll
2011-06-13 19:05 . 2011-06-13 19:05 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\TuneUp Software
2011-06-12 21:37 . 2011-06-12 21:37 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\VS Revo Group
2011-06-12 08:56 . 2011-06-18 18:56 -------- d-----w- c:\programmi\File comuni\Stardock
2011-06-12 08:41 . 2011-06-18 18:54 -------- d-----w- c:\programmi\Impulse
2011-06-12 08:41 . 2011-06-12 08:41 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{D63AF49A-8D8F-40D9-8477-44253233DF5A}
2011-06-12 00:18 . 2011-06-12 00:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Gibraltar
2011-06-11 16:28 . 2011-06-19 05:20 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\ODUI
2011-06-11 16:28 . 2011-06-19 05:20 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\Stardock
2011-06-11 16:25 . 2011-06-13 20:05 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\Stardock
2011-06-11 16:24 . 2011-06-21 07:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Stardock
2011-06-11 16:24 . 2011-06-11 16:24 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\PackageAware
2011-06-09 19:08 . 2010-04-01 21:40 42672 ----a-w- c:\windows\system32\wbsys.dll
2011-06-09 17:12 . 2011-06-19 05:24 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\TuneUpMedia
2011-06-09 17:12 . 2011-06-19 05:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUpMedia
2011-06-09 17:11 . 2011-06-09 20:27 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\OpenCandy
2011-06-09 17:11 . 2011-06-09 18:27 -------- d-----w- c:\programmi\SIW
2011-06-09 17:11 . 2011-06-09 17:11 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\OpenCandy
2011-06-09 16:54 . 2011-06-09 16:54 -------- d-----w- c:\programmi\Artisteer 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 13:13 . 2010-04-27 19:10 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-06-14 17:38 . 2010-04-21 07:09 6359656 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-06-06 16:29 . 2011-06-06 11:29 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-06-06 16:23 . 2011-06-06 11:29 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-06-03 20:11 . 2010-09-07 08:57 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-29 07:11 . 2010-10-08 07:37 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-10-08 07:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 15:58 . 2010-04-21 07:09 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-05-25 07:26 . 2010-04-03 18:22 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 07:26 . 2010-04-03 18:23 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 07:26 . 2010-04-03 18:23 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-05-25 07:26 . 2010-04-03 18:23 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-05-25 07:26 . 2010-04-03 18:22 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-05-25 07:26 . 2010-04-03 18:22 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-05-25 07:26 . 2010-04-03 18:22 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-05-25 07:26 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-05-25 07:26 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-05-25 07:26 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-05-25 07:26 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-05-25 07:26 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-05-25 07:26 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-05-25 07:26 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-05-25 07:26 . 2010-04-03 18:22 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-05-25 07:26 . 2010-04-03 18:22 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-05-25 07:26 . 2010-04-03 18:22 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-05-25 07:26 . 2010-04-03 18:22 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-05-25 07:26 . 2010-04-03 18:22 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-05-25 07:26 . 2010-04-03 18:22 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-05-25 07:26 . 2010-04-03 18:22 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-05-25 07:26 . 2010-04-03 18:22 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-05-25 07:26 . 2010-04-03 18:22 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-05-25 07:26 . 2010-04-03 18:22 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-05-25 07:26 . 2010-04-03 18:22 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-05-25 07:26 . 2010-04-03 18:22 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-05-25 07:26 . 2010-04-03 18:22 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-05-25 07:26 . 2010-04-03 18:22 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-05-25 07:26 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-05-25 07:26 . 2010-04-03 18:22 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-05-25 07:26 . 2010-04-03 18:23 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:26 . 2010-04-03 18:23 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:26 . 2010-04-03 18:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 07:26 . 2011-06-03 21:32 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 07:25 . 2010-01-12 10:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 07:25 . 2008-10-07 05:33 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 07:25 . 2011-06-03 21:31 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 07:25 . 2011-06-03 21:31 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 07:25 . 2010-01-12 10:03 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 07:25 . 2010-01-12 10:03 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 07:25 . 2010-01-12 10:03 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 07:25 . 2008-10-07 05:33 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 07:25 . 2008-10-07 05:33 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 07:25 . 2008-10-07 05:33 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 07:25 . 2008-10-07 05:33 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-24 18:32 . 2011-05-24 18:32 434688 ----a-w- c:\windows\system32\ss2uinst.exe
2011-05-13 15:17 . 2010-04-21 07:09 59496 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-05-12 12:10 . 2010-04-21 07:09 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-05-07 09:08 . 2011-05-07 09:08 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2011-05-07 09:08 . 2011-05-07 09:08 180224 ----a-w- c:\windows\system32\WinVd32.sys
2011-05-04 16:31 . 2010-04-21 07:08 295528 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2011-05-02 15:31 . 2010-04-21 06:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-19 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-19 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:05 . 2004-08-19 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:05 . 2004-08-19 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-19 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-19 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-15 14:00 . 2010-04-21 07:07 53248 -c--a-w- c:\windows\system32\CSVer.dll
2011-04-13 13:03 . 2009-05-08 23:14 21792 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2011-04-13 13:02 . 2010-12-10 22:57 40984 ----a-w- c:\windows\system32\drivers\point32.sys
2001-07-10 17:08 . 2010-04-26 10:08 987693 -c--a-w- c:\programmi\Nandub.exe
2001-07-03 17:47 . 2010-04-26 10:08 69632 -c--a-w- c:\programmi\sylia.dll
2001-03-01 09:51 . 2010-04-26 10:08 36864 -c--a-w- c:\programmi\AuxSetup.exe
2000-09-24 04:48 . 2010-04-26 10:08 7752 -c--a-w- c:\programmi\vdsvrlnk.dll
2000-09-24 04:48 . 2010-04-26 10:08 10824 -c--a-w- c:\programmi\vdremote.dll
2000-04-16 20:22 . 2010-04-26 10:08 45056 -c--a-w- c:\programmi\vdicmdrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-08_19.48.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-09 11:06 . 2011-07-09 11:06 16384 c:\windows\temp\Perflib_Perfdata_41c.dat
+ 2011-07-09 11:06 . 2009-10-06 23:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2011-07-08 19:42 . 2009-10-06 23:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2011-07-09 00:49 . 2011-07-09 00:49 301056 c:\windows\Installer\92a29.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\programmi\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-09-10 563007]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-27 39408]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"Workshelf"="c:\programmi\Winstep\workshelf.exe" [2011-07-05 15332992]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"CursorFX"="c:\programmi\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe" [2011-06-17 412432]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutpostMonitor"="c:\progra~1\Agnitum\Outpost Firewall\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" [2010-11-22 274608]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UpdateService\ISUSPM.exe" [2005-02-16 221184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\paolo\Menu Avvio\Programmi\Esecuzione automatica\
Blue My Mind Media Player Gadget.lnk - j:\backup\Stardock\CONCEPT LCD\Blue My Mind Media Player Gadget.exe [2011-6-21 1505280]
Concept LCD Calendar Widget.lnk - j:\backup\Stardock\CONCEPT LCD\Concept lcd applicazioni\CONCEPT LCD WIDGET\Concept LCD Calendar Widget.exe [2011-6-17 596992]
Concept LCD Media Player Widget.lnk - c:\programmi\Stardock\Object Desktop\DesktopX\Widgets\Concept LCD Media Player Widget.exe [2011-6-18 567296]
Dragon NaturallySpeaking.lnk - c:\programmi\Nuance\NaturallySpeaking10\Program\natspeak.exe [2009-2-13 2819432]
Gloss Mint Clock Gadget.lnk - c:\programmi\Stardock\DesktopGadgets\Gloss Mint Clock\Gloss Mint Clock.exe [2011-6-19 1096704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuix.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2008-03-28 08:23 49152 ----a-w- c:\progra~1\FILECO~1\Stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-04-01 21:40 172336 ----a-w- c:\progra~1\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-11-22 12:08 274608 ----a-w- c:\programmi\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NextSTART"=c:\programmi\Winstep\nextstart.exe autostart
"DriverMax"="c:\programmi\Innovative Solutions\DriverMax\devices.exe" -agent
"DriverMax_RESTART"="c:\programmi\Innovative Solutions\DriverMax\devices.exe" -RESTART
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" -osboot
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"nwiz"=c:\programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" -hide -runkey
"DNS7reminder"="c:\programmi\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Dati applicazioni\Nuance\NaturallySpeaking10\Ereg.ini
"BCSSync"="c:\programmi\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server TCP/IP Port
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [01/07/2011 14.21.48 16024]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/05/2010 12.48.10 691696]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [21/04/2010 9.07.13 13696]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [07/05/2011 11.26.41 704384]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07/09/2010 10.57.56 98392]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\Outpost Firewall\acs.exe [07/05/2011 11.25.16 1195008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [03/06/2011 23.33.15 2214504]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [01/07/2011 14.21.53 220824]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [06/06/2011 18.26.36 1524544]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [07/05/2011 11.08.46 17984]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [07/05/2011 11.25.20 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [07/05/2011 11.26.33 257432]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [01/07/2011 13.03.47 45472]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [26/04/2011 15.30.20 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [24/04/2010 4.56.51 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [10/01/2011 2.18.42 8192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21/04/2010 9.09.42 1691480]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [24/04/2010 4.56.51 136176]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; [x]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programmi\Microsoft Office\Office14\GROOVE.EXE [27/12/2010 23.50.30 31124344]
S3 osppsvc;Office Software Protection Platform;c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22.37.50 4640000]
S3 pgusbwdm;usb-audio.de driver (commercial 2.8.45);c:\windows\system32\drivers\pgusbwdm.sys [02/07/2011 4.45.37 403008]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [04/07/2011 2.52.19 27064]
S3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13.37.14 517096]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [01/07/2011 13.05.06 1512960]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-07-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAOLO-PC-paolo.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-07-01 01:44]
.
2011-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-24 02:56]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-24 02:56]
.
2011-07-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1801674531-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-07-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1801674531-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{04E0ABEC-BE27-4E72-B7E0-9A0EA032BD5F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: I&nvia a OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 83.103.25.250 62.101.93.101
FF - ProfilePath - c:\documents and settings\paolo\Dati applicazioni\Mozilla\Firefox\Profiles\a1ik5tuv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - REG_SZ
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-09 13:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1188)
c:\progra~1\FILECO~1\Stardock\mcpstub.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\progra~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
- - - - - - - > 'lsass.exe'(1304)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(1668)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\programmi\RocketDock\RocketDock.dll
c:\progra~1\FILECO~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\Microsoft Office\Office14\1040\GrooveIntlResource.dll
c:\programmi\Stardock\CursorFX\CurXP0.dll
c:\programmi\Atomic Alarm Clock\Clock.dll
c:\progra~1\FILECO~1\Stardock\mcpcore.dll
c:\programmi\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
c:\programmi\Stardock\Object Desktop\DeskScapes3\deskscape.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\progra~1\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Sandboxie\SbieSvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~1\FILECO~1\Stardock\SDMCP.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\Stardock\Object Desktop\DesktopX\dxwidget.exe
c:\progra~1\Stardock\Object Desktop\DesktopX\dxwidget.exe
c:\docume~1\paolo\IMPOST~1\Temp\{433F72BD-5811-476F-9276-8B264E84336B}\Blue My Mind Media Player Gadget.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2011-07-09 13:10:16 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-07-09 11:10
ComboFix2.txt 2011-07-08 22:14
ComboFix3.txt 2011-07-08 19:51
.
Pre-Run: 159.440.539.648 byte disponibili
Post-Run: 159.424.888.832 byte disponibili
.
- - End Of File - - 9859B52BA2997DD84A4FDCBED8E64B2D
Torna in alto
 
r16
Inviato: Saturday, July 09, 2011 1:51:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok.
Scarica TFC by OldTimer sul desktop
http://oldtimer.geekstogo.com/TFC.exe
chiudi tutti i programmi
avvia TFC, clicca su "start"
al termine della scansione ti chiederà il riavvio, dai ok.

Per eliminare i vari Tooll scaricati: (Combofix)
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Installa un antivirus (quello che ti trovi meglio) e posta un log di HijackThis.
Torna in alto
 
agatone
Inviato: Saturday, July 09, 2011 2:30:48 PM
Rank: AiutAmico

Iscritto dal : 1/5/2011
Posts: 112
Ciao R16
ho installato MSE con cui mi trovo benissimo
Volevo chiederti un paio di cose
Perche' in un hard disk esterno si sino aggiunte dopo le scansioni delle cartelle nominate "found.ooo-oo1-002.ecc.."
Le devo lasciare?
Cosi' anche un po di tempo fa si sono aggiunti dei file txt(eula) e dll,mi pare dopo la scansione di SMW
Devo lasciare anche questi?
Un'altra domanda forse un po banale: tra i programmi che ho installato ci sono parecchi aggiornamenti di Microsoft.Net framework e di Visual C++
Devo obbligatoriamente tenerli tutti?

Posto il log hijack

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.18.29, on 09/07/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FILECO~1\Stardock\SDMCP.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\Programmi\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Winstep\workshelf.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Stardock\CursorFX\CursorFX.exe
C:\Programmi\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Programmi\Stardock\DesktopGadgets\Gloss Mint Clock\Gloss Mint Clock.exe
C:\PROGRA~1\Stardock\Object Desktop\DesktopX\dxwidget.exe
C:\PROGRA~1\Stardock\Object Desktop\DesktopX\dxwidget.exe
C:\DOCUME~1\paolo\IMPOST~1\Temp\{433F72BD-5811-476F-9276-8B264E84336B}\Blue My Mind Media Player Gadget.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Programmi\Microsoft Security Client\msseces.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programmi\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programmi\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programmi\PicLensIE\cooliris.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\Outpost Firewall\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MSC] "C:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [SkinClock] C:\Programmi\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Workshelf] C:\Programmi\Winstep\workshelf.exe autostart
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [CursorFX] "C:\Programmi\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programmi\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-823518204-1801674531-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Blue My Mind Media Player Gadget.lnk = J:\Backup\Stardock\CONCEPT LCD\Blue My Mind Media Player Gadget.exe
O4 - Startup: Concept LCD Calendar Widget.lnk = J:\Backup\Stardock\CONCEPT LCD\Concept lcd applicazioni\CONCEPT LCD WIDGET\Concept LCD Calendar Widget.exe
O4 - Startup: Concept LCD Media Player Widget.lnk = J:\Backup\Stardock\CONCEPT LCD\Concept lcd applicazioni\CONCEPT LCD WIDGET\Concept LCD Media Player Widget.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Programmi\Nuance\NaturallySpeaking10\Program\natspeak.exe
O4 - Startup: Gloss Mint Clock Gadget.lnk = C:\Programmi\Stardock\DesktopGadgets\Gloss Mint Clock\Gloss Mint Clock.exe
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programmi\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programmi\PicLensIE\cooliris.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Programmi\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\Outpost Firewall\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Programmi\Sandboxie\SbieSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 14167 bytes
Torna in alto
 
r16
Inviato: Saturday, July 09, 2011 2:45:13 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":

Commenta:

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe



Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223

Posta un nuovo log di HJT.


Commenta:
Perche' in un hard disk esterno si sino aggiunte dopo le scansioni delle cartelle nominate "found.ooo-oo1-002.ecc.."

Le puoi eliminare.
Commenta:
Cosi' anche un po di tempo fa si sono aggiunti dei file txt(eula) e dll,mi pare dopo la scansione di SMW
Devo lasciare anche questi?

Che roba è SMW ?
Intendi Malwarebytes?

Commenta:
Un'altra domanda forse un po banale: tra i programmi che ho installato ci sono parecchi aggiornamenti di Microsoft.Net framework e di Visual C++
Devo obbligatoriamente tenerli tutti?

Sì'. (che fastidio ti danno?)
Torna in alto
 
agatone
Inviato: Saturday, July 09, 2011 3:10:05 PM
Rank: AiutAmico

Iscritto dal : 1/5/2011
Posts: 112
Code:
Commenta:
Un'altra domanda forse un po banale: tra i programmi che ho installato ci sono parecchi aggiornamenti di Microsoft.Net framework e di Visual C++
Devo obbligatoriamente tenerli tutti?

Sì'. (che fastidio ti danno?)


hai ragione..nessun fastidio

Code:
Che roba è SMW ?
Intendi Malwarebytes?


Perdonami e' System Info for Windows..!

Posto il log dopo avere fixato la voci e la pulizia con CCCleaner


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.05.52, on 09/07/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FILECO~1\Stardock\SDMCP.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\Programmi\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Winstep\workshelf.exe
C:\Programmi\Stardock\CursorFX\CursorFX.exe
C:\Programmi\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Programmi\Stardock\DesktopGadgets\Gloss Mint Clock\Gloss Mint Clock.exe
C:\PROGRA~1\Stardock\Object Desktop\DesktopX\dxwidget.exe
C:\PROGRA~1\Stardock\Object Desktop\DesktopX\dxwidget.exe
C:\DOCUME~1\paolo\IMPOST~1\Temp\{433F72BD-5811-476F-9276-8B264E84336B}\Blue My Mind Media Player Gadget.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Programmi\Microsoft Security Client\msseces.exe
C:\Programmi\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programmi\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programmi\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programmi\PicLensIE\cooliris.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\Outpost Firewall\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSC] "C:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [SkinClock] C:\Programmi\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [Workshelf] C:\Programmi\Winstep\workshelf.exe autostart
O4 - HKCU\..\Run: [CursorFX] "C:\Programmi\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programmi\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-823518204-1801674531-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Blue My Mind Media Player Gadget.lnk = J:\Backup\Stardock\CONCEPT LCD\Blue My Mind Media Player Gadget.exe
O4 - Startup: Concept LCD Calendar Widget.lnk = J:\Backup\Stardock\CONCEPT LCD\Concept lcd applicazioni\CONCEPT LCD WIDGET\Concept LCD Calendar Widget.exe
O4 - Startup: Concept LCD Media Player Widget.lnk = J:\Backup\Stardock\CONCEPT LCD\Concept lcd applicazioni\CONCEPT LCD WIDGET\Concept LCD Media Player Widget.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Programmi\Nuance\NaturallySpeaking10\Program\natspeak.exe
O4 - Startup: Gloss Mint Clock Gadget.lnk = C:\Programmi\Stardock\DesktopGadgets\Gloss Mint Clock\Gloss Mint Clock.exe
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programmi\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programmi\PicLensIE\cooliris.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Programmi\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\Outpost Firewall\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Programmi\Sandboxie\SbieSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 12924 bytes
Torna in alto
 
r16
Inviato: Saturday, July 09, 2011 3:39:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Il log và bene.

Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO

Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:(esclusivamente, su partizioni in NTFS):
clicca sulla voce Open the misc tool section .
clicca su Open ads spy.
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected

Fai uno ScanDisk, e una deframmentazione del HD.
Riattiva il ripristino configurazione di sistema

Il pc dovrebbe funzionare meglio di prima.
O no? Think

Commenta:
Perdonami e' System Info for Windows..!

Scusami tu, ma continuo a non capire cosa sia....Think

è stà roba qui ?:
http://www.gtopala.com/
Torna in alto
 
agatone
Inviato: Saturday, July 09, 2011 3:46:41 PM
Rank: AiutAmico

Iscritto dal : 1/5/2011
Posts: 112
Si' e' quello
Torna in alto
 
r16
Inviato: Saturday, July 09, 2011 3:51:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ah....
Beh secondo la guida è un software che non richiede l'installazione (standalone).
Se lo usi tienilo, altrimenti eliminalo.
Che te ne fai se non lo usi, oppure lo usi 1 volta all'anno.

Funziona tutto bene?
Torna in alto
 
agatone
Inviato: Saturday, July 09, 2011 4:01:05 PM
Rank: AiutAmico

Iscritto dal : 1/5/2011
Posts: 112
Giusto,gia' disinstallato..
SIW mi e' appunto servito per fornire al negoziante i dati della Ram per comprare una espansione.
Ma giustamente come dici tu puo' servire ogni tot tempo.
Si funzione tutto bene
Pare che quella maledetta chiave di registro Kraccata di Eset se ne sia andata,Che ne pensi ?
Ora puliro' l'hard disk esterno dalle cartelle create da SIW
Per ora grazie TANTISSIMO
Torna in alto
 
r16
Inviato: Saturday, July 09, 2011 4:06:53 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
Pare che quella maledetta chiave di registro Kraccata di Eset se ne sia andata,Che ne pensi ?

Non c'è più, perche in parte l'hai eliminata tu , e il lavoro definitivo, l'ha eseguito lo script di Combofix.
Sono stati eliminati anche rimasugli di Avira.
E' probabile che i problemi che avevi con l'antivirus, siano stati causati da questi software (Nod e Avira) disistallati male.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » un'occhiata al log hijack please


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.