MegaLab.it

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.13.16, on 18/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\programmi\QTTask.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Netlog Music Tool\NetlogMusicTool.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmi\Philips\SPC 300NC PC Camera\TrayMin300.exe
C:\Programmi\IncrediMail\bin\IMApp.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.24.86.247:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {FD621E34-BFCE-41D3-BF58-43FF97746AD7} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\programmi\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Programmi\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Netlog 24] "C:\Programmi\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/A ... ngctrl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nanathestrange.spaces.live.com// ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 9022424093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9022390703
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B1FA6CD-7381-48D3-BBC0-68537ED2ECEE}: NameServer = 151.99.125.2,151.99.125.3
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 10563 bytes

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programmi\HbTools
c:\programmi\winupdates
c:\windows\IE4 Error Log.txt
c:\windows\system32\CMMGR32.EXE
c:\windows\system32\instsrv.exe
c:\windows\system32\taskkill.com

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISEXENG
-------\Service_ISEXEng


((((((((((((((((((((((((( Files Creati Da 2008-11-18 al 2008-12-18 )))))))))))))))))))))))))))))))))))
.

2008-12-18 13:05 . 2008-12-18 13:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MailFrontier
2008-12-18 13:05 . 2008-12-18 13:07 4,212 ---h----- c:\windows\system32\zllictbl.dat
2008-12-18 13:03 . 2008-12-18 13:27 <DIR> d-------- c:\windows\Internet Logs
2008-12-16 15:07 . 2008-12-18 12:03 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Norton
2008-12-16 15:01 . 2008-12-16 15:01 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2008-12-16 13:25 . 2008-12-16 13:25 <DIR> d-------- c:\programmi\Trend Micro
2008-12-16 02:09 . 2008-12-16 02:09 <DIR> d-------- C:\4be3e5d34c95f48cc7c69be7
2008-12-16 00:37 . 2008-12-16 02:09 <DIR> d-------- c:\programmi\AskBarDis
2008-12-15 12:41 . 2008-12-15 12:41 <DIR> d-------- c:\windows\Sun
2008-12-15 00:17 . 2008-12-15 12:25 <DIR> d-------- c:\windows\system32\URTTemp
2008-12-15 00:17 . 2008-12-15 00:19 <DIR> d-------- c:\programmi\SuperAdBlocker.com
2008-12-15 00:17 . 2008-12-15 00:17 <DIR> d-------- c:\documents and settings\pc\Dati applicazioni\SuperAdBlocker.com
2008-12-14 20:59 . 2008-12-14 20:59 <DIR> d-------- c:\programmi\Lavasoft
2008-12-14 20:59 . 2008-12-14 21:02 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-12-14 20:58 . 2008-12-18 13:58 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-12-14 20:47 . 2008-12-14 20:47 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-14 20:47 . 2008-12-14 20:47 <DIR> d-------- c:\documents and settings\pc\Dati applicazioni\Malwarebytes
2008-12-14 20:47 . 2008-12-14 20:47 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-14 20:47 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 20:47 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-13 03:21 . 2008-12-14 20:23 <DIR> d-------- c:\programmi\MSECACHE
2008-12-13 02:42 . 2008-12-13 02:42 <DIR> d-------- c:\programmi\Windows Live Favorites
2008-12-13 01:22 . 2008-12-13 01:22 <DIR> d-------- c:\programmi\Microsoft Office Outlook Connector
2008-12-12 23:04 . 2008-12-15 22:58 <DIR> d-------- c:\documents and settings\pc\Tracing
2008-12-12 22:56 . 2008-12-12 22:56 <DIR> d-------- c:\programmi\Microsoft
2008-12-12 22:31 . 2008-12-12 22:31 <DIR> d-------- c:\programmi\File comuni\Windows Live
2008-12-11 22:26 . 2006-05-05 10:41 453,120 --a------ c:\windows\system32\dllcache\mrxsmb.sys
2008-12-11 22:21 . 2007-06-26 07:08 1,104,896 --a------ c:\windows\system32\dllcache\msxml3.dll
2008-12-11 21:48 . 2008-12-15 18:26 <DIR> d-------- c:\windows\system32\it
2008-12-11 21:48 . 2008-12-15 18:25 <DIR> d-------- c:\windows\l2schemas
2008-12-11 21:32 . 2006-10-05 03:31 79,872 --a------ c:\windows\system32\msxml6r.dll
2008-12-11 21:30 . 2004-08-19 23:39 3,555,328 --a------ c:\windows\system32\dllcache\moviemk.exe
2008-12-11 21:29 . 2002-09-10 13:00 1,502,208 --a------ c:\windows\system32\dllcache\diskcopy.dll
2008-12-11 21:28 . 2007-10-25 17:42 8,489,472 --a------ c:\windows\system32\dllcache\shell32.dll
2008-12-11 20:09 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-11 02:27 . 2007-01-13 08:24 770,048 --a------ c:\windows\system32\CDDBUISony.dll
2008-12-11 02:27 . 2007-01-13 08:22 655,360 --a------ c:\windows\system32\CDDBControlSony.dll
2008-12-11 02:27 . 2007-01-13 08:22 589,824 --a------ c:\windows\system32\CddbMusicIDSony.dll
2008-12-11 02:27 . 2007-01-13 08:25 532,480 --a------ c:\windows\system32\CddbPlaylist2Sony.dll
2008-12-11 02:27 . 2007-01-13 08:28 98,304 --a------ c:\windows\system32\CddbLangITSony.dll
2008-12-11 02:27 . 2001-09-13 02:15 90,112 --------- c:\windows\snymsico.dll
2008-12-11 02:27 . 2007-01-13 08:24 73,728 --a------ c:\windows\system32\CddbLinkSony.dll
2008-12-11 02:27 . 2002-08-08 15:51 38,951 --------- c:\windows\system32\drivers\NETMDUSB.sys
2008-12-11 02:27 . 2005-10-31 10:46 36,679 --------- c:\windows\system32\drivers\NETMD052.sys
2008-12-11 02:27 . 2003-11-10 12:31 36,232 --------- c:\windows\system32\drivers\NETMD033.sys
2008-12-11 02:27 . 2003-04-01 18:55 35,319 --------- c:\windows\system32\drivers\NETMD031.sys
2008-12-11 02:26 . 2008-12-11 02:26 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Sony Corporation
2008-12-11 02:25 . 2008-12-11 02:25 <DIR> d-------- c:\documents and settings\pc\Dati applicazioni\Sony Corporation
2008-12-07 16:51 . 2008-12-07 16:51 <DIR> d-------- c:\documents and settings\NELLO\Dati applicazioni\ArcSoft
2008-11-23 17:43 . 2008-11-23 17:43 <DIR> d-------- c:\windows\Options
2008-11-23 17:43 . 2004-12-18 09:58 245,820 --a------ c:\windows\system32\VM31bPrp.Ax
2008-11-23 17:43 . 2002-08-22 16:34 147,456 --a------ c:\windows\VMCap.exe
2008-11-23 17:43 . 2005-02-26 16:25 91,527 --a------ c:\windows\system32\drivers\usbVM31b.sys
2008-11-23 17:43 . 2003-05-15 17:17 61,440 --a------ c:\windows\system32\VM31bSTI.dll
2008-11-23 17:43 . 2004-04-26 15:48 53,248 --a------ c:\windows\amcap.exe
2008-11-23 17:43 . 2004-06-09 15:37 40,960 --a------ c:\windows\VM_STI.EXE
2008-11-22 21:56 . 2008-11-23 17:29 <DIR> d-------- c:\programmi\HyCam2
2008-11-22 19:26 . 2008-11-23 17:29 <DIR> d-------- c:\programmi\MioNet
2008-11-22 19:25 . 2008-11-22 19:25 <DIR> d-------- c:\programmi\Philips

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 12:17 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic
2008-12-18 11:02 --------- d-----w c:\programmi\Symantec
2008-12-18 11:02 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-12-16 18:02 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-12-16 14:11 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-12-15 11:53 --------- d-----w c:\programmi\Java
2008-12-14 23:22 --------- d-----w c:\programmi\QuickTime
2008-12-14 23:22 --------- d-----w c:\programmi\iTunes
2008-12-14 20:58 --------- d-----w c:\programmi\MSN Messenger
2008-12-14 17:54 --------- d-----w c:\programmi\Windows Live Toolbar
2008-12-13 01:37 --------- d-----w c:\programmi\Windows Live
2008-12-13 01:28 --------- d-----w c:\documents and settings\pc\Dati applicazioni\MSN6
2008-12-13 00:15 --------- d-----w c:\programmi\Apple Software Update
2008-12-12 22:12 13,312 -csha-w c:\programmi\Thumbs.db
2008-12-12 22:11 --------- d-----w c:\programmi\StuffPlug3
2008-12-11 01:47 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-11 01:27 --------- d-----w c:\programmi\Sony
2008-12-11 01:25 --------- d-----w c:\programmi\File comuni\Sony Shared
2008-11-23 16:53 --------- d-----w c:\documents and settings\pc\Dati applicazioni\ArcSoft
2008-11-23 16:45 --------- d-----w c:\programmi\File comuni\ArcSoft
2008-11-23 16:29 --------- d-----w c:\programmi\Google
2008-11-22 18:26 --------- d-----w c:\programmi\File comuni\Ahead
2008-11-22 18:26 --------- d-----w c:\programmi\Ahead
2008-11-17 22:16 --------- d-----w c:\documents and settings\pc\Dati applicazioni\Windows Live Writer
2008-11-10 23:26 --------- d-----w c:\documents and settings\pc\Dati applicazioni\Nokia
2008-11-08 15:36 --------- d-----w c:\programmi\Nokia
2008-11-08 15:36 --------- d-----w c:\programmi\File comuni\PCSuite
2008-11-08 15:36 --------- d-----w c:\programmi\File comuni\Nokia
2008-11-08 15:34 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Installations
2008-11-03 14:47 --------- d-----w c:\programmi\Netlog Toolbar
2008-05-27 08:50 892,928 ----a-w c:\programmi\QTOControl.dll
2008-05-27 08:50 819,200 -c--a-w c:\programmi\QTOLibrary.dll
2008-05-27 08:50 790,528 -c--a-w c:\programmi\QTInfo.exe
2008-05-27 08:50 779,568 ----a-w c:\programmi\QTPlugin.ocx
2008-05-27 08:50 7,677,232 ----a-w c:\programmi\QuickTimePlayer.exe
2008-05-27 08:50 55,622 -c--a-w c:\programmi\Sample.mov
2008-05-27 08:50 548,864 ----a-w c:\programmi\PictureViewer.exe
2008-05-27 08:50 413,696 ----a-w c:\programmi\QTTask.exe
2008-05-27 08:50 364,544 -c--a-w c:\programmi\QTUIPanelControl.dll
2008-05-27 08:50 18,663 -c--a-w c:\programmi\Sample.qtif
2008-05-27 08:50 10,128 -c--a-w c:\programmi\QuickTime Read Me.htm
2008-04-19 13:26 480,848 -c--a-w c:\documents and settings\All Users\Dati applicazioni\pswi_preloaded.exe
2007-06-18 15:08 188,384 -c--a-w c:\documents and settings\pc\Dati applicazioni\GDIPFONTCACHEV1.DAT
2004-04-29 19:24 8,628 -c-ha-w c:\programmi\ORDER.GID
2004-04-25 16:34 1,183 -c--a-w c:\programmi\settings.Ini
2004-04-04 16:27 49,937 -c--a-w c:\programmi\Disinstalla.exe
2003-11-21 15:37 8,290 -c--a-w c:\programmi\ORDER.HLP
2003-11-19 12:59 53,248 -c--a-w c:\programmi\DvdPlayer.exe
2003-09-21 22:00 1,219,149 -c--a-w c:\programmi\WordBox.CAB
2003-09-21 10:56 3,447 -c--a-w c:\programmi\SETUP.LST
2003-07-16 08:38 188,416 -c--a-w c:\programmi\CEVideo.ax
2003-07-16 08:38 147,456 ----a-w c:\programmi\CEAudio.ax
2003-05-26 09:46 609,069 -c--a-w c:\programmi\DVDPlayer.chm
2003-05-26 09:09 752,377 -c--a-w c:\programmi\DVD_player.pdf
2003-04-18 14:42 34,990 -c--a-w c:\programmi\Readme.htm
2003-04-01 14:53 21,206 -c--a-w c:\programmi\DvdPlayer.ico
2001-08-15 14:29 8,114,351 -c--a-w c:\programmi\Data.Cab
2001-08-15 14:28 62,723 -c--a-w c:\programmi\setup.ini
2001-05-17 11:37 18,797,840 -c--a-w c:\programmi\Deadly Weaponz.exe
2001-03-02 17:32 1,438 -c--a-w c:\programmi\REGISTER.txt
2001-01-31 10:53 168 -c--a-w c:\programmi\info.txt
2001-01-31 10:37 159 -c--a-w c:\programmi\joystick.txt
2000-07-27 11:49 1,526,275 -c--a-w c:\programmi\instmsiw.exe
2000-07-27 11:49 1,513,987 -c--a-w c:\programmi\instmsia.exe
2008-04-16 22:00 8 -csh--r c:\windows\system32\72F9550F14.sys
2008-04-19 13:25 5,434 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Netlog Music Tool"="c:\programmi\Netlog Music Tool\NetlogMusicTool.exe" [2008-09-19 1728456]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-01 68856]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"QuickTime Task"="c:\programmi\QTTask.exe" [2008-05-27 413696]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\pc\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
TrayMin300.exe.lnk - c:\programmi\Philips\SPC 300NC PC Camera\TrayMin300.exe [2008-11-23 278528]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 1 (0x1)
"DisableLocalUserRunOnce"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ir41"= c:\windows\System32\ir41_32.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^MyWebSearch Email Plugin.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\MyWebSearch Email Plugin.lnk
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 23:39 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a--c--- 2003-05-21 17:37 229437 c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-31 10:07 1838592 c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2003-09-01 13:42 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 13:22 243072 c:\programmi\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2003-05-02 08:19 4640768 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\programmi\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a--c--- 2005-05-03 01:00 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra--c--- 2003-05-02 08:19 323584 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 2006-09-12 02:58 16264192 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a--c--- 2006-05-16 04:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2006-07-21 02:14 86016 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra--c--- 2005-03-11 04:33 53248 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
-ra--c--- 2005-11-04 05:15 163840 c:\windows\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IMApp.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2007-08-31 22336]
R1 avgntdd;avgntdd;c:\windows\system32\DRIVERS\avgntdd.sys [2007-08-31 45376]
R2 athsgt;athsgt;c:\windows\system32\DRIVERS\athsgt.sys [2007-04-18 164992]
R2 limsgt;limsgt;c:\windows\system32\DRIVERS\limsgt.sys [2007-04-18 12544]
S1 SABKUTIL;SABKUTIL;\??\c:\programmi\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 CCCP106;110T SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-17 c:\windows\Tasks\Symantec NetDetect.job
- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2005-03-16 11:48]

2008-12-18 c:\windows\Tasks\User_Feed_Synchronization-{DC0F82C3-1A27-46B0-ABA5-E3AC01C0483C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
- - - - ORFÃOS REMOVIDOS - - - -

Toolbar-{FD621E34-BFCE-41D3-BF58-43FF97746AD7} - (no file)
WebBrowser-{FD621E34-BFCE-41D3-BF58-43FF97746AD7} - (no file)
HKCU-Run-Uniblue RegistryBooster 2 - c:\programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Netlog 24 - c:\programmi\Netlog 24\Notifier\Netlog24Notifier.exe
Notify-dimsntfy - (no file)
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-BearShare - c:\programmi\BearShare\BearShare.exe
MSConfigStartUp-ccApp - c:\programmi\File comuni\Symantec Shared\ccApp.exe
MSConfigStartUp-DataLayer - c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
MSConfigStartUp-Felix - c:\program files\ScreenMates\felix.exe
MSConfigStartUp-ICQ Lite - c:\programmi\ICQLite\ICQLite.exe
MSConfigStartUp-iTunesHelper - c:\programmi\iTunes\iTunesHelper.exe
MSConfigStartUp-Magentic - c:\progra~1\Magentic\bin\Magentic.exe
MSConfigStartUp-msnappau - c:\programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
MSConfigStartUp-Picasa Media Detector - c:\programmi\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-PicasaNet - c:\programmi\Hello\Hello.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-TrojanScanner - c:\programmi\Trojan Remover\Trjscan.exe
MSConfigStartUp-Windows ServeAd - c:\program files\Windows ServeAd\WinServAd.exe
MSConfigStartUp-WinFixer2005 - c:\programmi\WinFixer 2005\UWFX5.exe
MSConfigStartUp-winupdates - c:\programmi\winupdates\winupdates.exe
MSConfigStartUp-Yahoo! Pager - c:\programmi\Yahoo!\Messenger\ypager.exe
MSConfigStartUp-YeppStudioAgent - c:\programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 80.24.86.247:80
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Add animation to IncrediMail Style Box
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {8B1FA6CD-7381-48D3-BBC0-68537ED2ECEE} = 151.99.125.2,151.99.125.3

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\msvcp60.dll
c:\windows\Downloaded Program Files\Housecall_ActiveX.dll
O16 -: {215B8138-A3CF-44C5-803F-8226143CFC0A}
hxxp://eu-housecall.trendmicro-europe.c ... hcImpl.cab
c:\windows\Downloaded Program Files\hcImpl.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 15:25:44
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\programmi\AntiVir PersonalEdition Classic\sched.exe
c:\programmi\AntiVir PersonalEdition Classic\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\MDM.EXE
c:\windows\system32\PSIService.exe
c:\windows\system32\WGATray.exe
c:\programmi\IncrediMail\bin\IMApp.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-18 15:32:34 - macchina è stato riavviato [pc]
ComboFix-quarantined-files.txt 2008-12-18 14:31:52

Pre-Run: 3,893,792,768 byte disponibili
Post-Run: 3,959,349,248 byte disponibili

331 --- E O F --- 2008-10-24 11:06:40

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.00.56, on 19/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\programmi\QTTask.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmi\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Netlog Music Tool\NetlogMusicTool.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Philips\SPC 300NC PC Camera\TrayMin300.exe
C:\Programmi\Tall Emu\Online Armor\oahlp.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\IncrediMail\bin\IMApp.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\DOCUME~1\pc\IMPOST~1\Temp\JkDefrag.exe
C:\Programmi\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\pc\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\pc\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.24.86.247:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\programmi\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Programmi\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Programmi\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/A ... ngctrl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nanathestrange.spaces.live.com// ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 9022424093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9022390703
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B1FA6CD-7381-48D3-BBC0-68537ED2ECEE}: NameServer = 151.99.125.2,151.99.125.3
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Programmi\Tall Emu\Online Armor\oacat.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Programmi\Tall Emu\Online Armor\oasrv.exe

--
End of file - 10501 bytes