Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:19, on 07/01/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\taskeng.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Windows\system32\igfxext.exe
D:\Program Files\PerfectDisk11\PDAgentS1.exe
D:\Program Files\TeamViewer\Version7\TeamViewer.exe
D:\Windows\System32\rundll32.exe
D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
D:\Program Files\Elantech\ETDCtrl.exe
D:\Windows\System32\hkcmd.exe
D:\Windows\System32\igfxpers.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files\Elantech\ETDCtrlHelper.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\NetSetMan Pro\netsetman.exe
D:\Program Files\USB Safely Remove\USBSafelyRemove.exe
D:\Program Files\BatteryCare\BatteryCare.exe
D:\Program Files\DeskDrive\DeskDrive.exe
D:\PROGRA~1\DUMETE~1\DUMeter.exe
D:\Program Files\CursorFX\CursorFx.exe
D:\Program Files\Network Activity Indicator\Network Indicator.exe
D:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
D:\Program Files\Intel\Bluetooth\BTPlayerCtrl.exe
D:\Program Files\Stardock\ObjectDockPlus2\ObjectDockTray.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - D:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [BTMTrayAgent] rundll32.exe "D:\Program Files\Intel\Bluetooth\btmshell.dll",TrayApp
O4 - HKLM\..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IgfxTray] D:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UnlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [NetSetMan] "D:\Program Files\NetSetMan Pro\netsetman.exe" -h
O4 - HKCU\..\Run: [USB Safely Remove] D:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [BatteryCare] "D:\Program Files\BatteryCare\BatteryCare.exe"
O4 - HKCU\..\Run: [DeskDriveStartup] D:\Program Files\DeskDrive\DeskDrive.exe
O4 - HKCU\..\Run: [NetworkIndicator] D:\Users\Bat\Downloads\network-activity-indicator\NetworkIndicator.exe
O4 - HKCU\..\Run: [CursorFX] "D:\Program Files\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-2677233041-3476724028-2502338078-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2677233041-3476724028-2502338078-1001\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Network Indicator.lnk = D:\Program Files\Network Activity Indicator\Network Indicator.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://D:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - D:\Users\Bat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: I&nvia a OneNote -
res://D:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - D:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O10 - Unknown file in Winsock LSP: d:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range:
http://192.168.1.1O15 - ESC Trusted IP range:
http://192.168.1.1O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{267FA31E-DD2A-44EA-9E21-64207596B039}: NameServer = 156.54.205.68,156.54.17.166
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A63174A-FC2A-4FB2-BF62-7FEBF93CA8EF}: NameServer = 8.8.8.8,156.54.205.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{F018245B-E493-475E-9F36-4EAC02723D01}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{267FA31E-DD2A-44EA-9E21-64207596B039}: NameServer = 156.54.205.68,156.54.17.166
O17 - HKLM\System\CS2\Services\Tcpip\..\{267FA31E-DD2A-44EA-9E21-64207596B039}: NameServer = 156.54.205.68,156.54.17.166
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - D:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: x-wpexpert - {382E05AF-964B-41CE-B2B5-ED0BF48013C0} - D:\Program Files\Common Files\WildPackets\peekrexpert.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: D:\Windows\system32\nvinit.dll D:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - D:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll
O22 - SharedTaskScheduler: Ave's FolderBg - {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - D:\Windows\W7FBC\dll.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ashampoo HDD Control 2 Service (AHDDC2) - Unknown owner - D:\Program Files\Ashampoo HDD Control 2\AHDDC2_Service.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - D:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - D:\Program Files\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - D:\Program Files\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - D:\Program Files\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - D:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - D:\Program Files\Ashampoo HDD Control 2\DfsdkS.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - D:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - D:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - D:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @D:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - D:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\PerfectDisk11\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\PerfectDisk11\PDEngine.exe
O23 - Service: PRTG Service (PRTGService) - Paessler GmbH - D:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Returnil Virtual System Core Service (RVSMONBL) - CJSC Returnil Software - D:\Windows\system32\Returnil\RVS3\rvsmon.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - D:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - D:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - D:\Program Files\USB Safely Remove\USBSRService.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - D:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
--
End of file - 14120 bytes
Esegui 
