MegaLab.it

Inviato: **lun nov 09, 2009 11:05 pm**

Da alcuni giorni nn riesco a navigare ne con internet expl 8 e crome, comparendomi pagina web nn disponibile.
Ho fatto una scansione con Spybot - Search & Destroy ha trovato alcuni virus e gli ho cancellati.
Ma nonostante questo nn riesco a navigare con i 2 browsers, anzi ho scoperto che riesco a navigare solo con firefox.
Penso che il virus mi abbia corrotto dei file. Io ho provato a installare di nuovo crome. Ma niente
Come faccio a navigare con crome o I.E 8 ??????????????? AIUTOOOOOOOOOO
QUESTO E' IL MIO script effetuato con hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.48.47, on 09/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
D:\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\BinarySense\hldasvc.exe
C:\Programmi\File comuni\BinarySense\hldasvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
D:\Sandboxie\SbieSvc.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\ArcSoft\TotalMedia\TotalMedia.exe
C:\Programmi\ArcSoft\TotalMedia\TMMonitor.exe
D:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClocX] D:\ClocX\ClocX.exe
O4 - HKCU\..\Run: [Lexmark X1100 Series] C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1060284298-1677128483-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1060284298-1677128483-725345543-500\..\RunOnce: [NeroHomeFirstStart] "C:\Programmi\File comuni\Nero\Lib\NMFirstStart.exe" (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Collegamento a ObjectDock.lnk = D:\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = D:\Digisoft AntiDialer\AntiDialer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4706538656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9589659479
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88471EEC-1B01-4A2D-8F53-68D44582CB56}: NameServer = 85.37.17.50 85.38.28.76
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Programmi\File comuni\BinarySense\hlAPP.dll" (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - D:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: GK - Unknown owner - C:\DOCUME~1\Luca\IMPOST~1\Temp\GK.exe (file missing)
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Programmi\File comuni\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMService - Unknown owner - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PFQ - Unknown owner - C:\DOCUME~1\Luca\IMPOST~1\Temp\PFQ.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - D:\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 10239 bytes

Inviato: **mer nov 11, 2009 6:10 pm**

Mi sembra pulito, a parte il fatto che non so cosa sia questo:
O24 - Desktop Component 0: Privacy Protection - (no file)

Due note, che non ti siano di rimprovero ma ti siano utili per il futuro.
1) quello non è uno script, ma un log
2) non scrivere in maiuscolo: equivale ad urlare e qui su MLI non è usanza farlo

Detto questo: le impostazioni dei tre browser sono tutte uguali?
[ciao]

Inviato: **mer nov 11, 2009 9:49 pm**

Confermo che il log di hijackthis è pulito... [^]

Inviato: **mer nov 11, 2009 9:51 pm**

Connessione?Router?

Inviato: **mer nov 11, 2009 10:48 pm**

Fred ha scritto:Mi sembra pulito, a parte il fatto che non so cosa sia questo:
O24 - Desktop Component 0: Privacy Protection - (no file)

Due note, che non ti siano di rimprovero ma ti siano utili per il futuro.
1) quello non è uno script, ma un log
2) non scrivere in maiuscolo: equivale ad urlare e qui su MLI non è usanza farlo

Detto questo: le impostazioni dei tre browser sono tutte uguali?

si si

Inviato: **gio nov 12, 2009 9:46 am**

Potrebbe essere rimasto qualche altro virus. Prova a fare una scansione con Malwarebytes.

Inviato: **gio nov 12, 2009 9:12 pm**

riise90 ha scritto:Potrebbe essere rimasto qualche altro virus. Prova a fare una scansione con Malwarebytes.

Ho fatto una scansione con lo strumento di rimozione della microsoft e mi compare: Trojan Downloader:Win32/Harnig.gen parzialmente rimosso. Come faccio a rimuoverlo completamente ho provato con:Spybot - Search & Destroy, Malwarebytes' Anti-Malware, nod32 anche dalla modalita provvisoria ma nn riesco a eleminarlo. Come facioooooooooooo????

Inviato: **gio nov 12, 2009 9:27 pm**

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.

Inviato: **ven nov 13, 2009 8:33 am**

Luca90 ha scritto:Ho fatto una scansione con lo strumento di rimozione della microsoft e mi compare: Trojan Downloader:Win32/Harnig.gen parzialmente rimosso. Come faccio a rimuoverlo completamente ho provato con:Spybot - Search & Destroy, Malwarebytes' Anti-Malware, nod32 anche dalla modalita provvisoria ma non riesco a eleminarlo. Come facioooooooooooo????

Dove ti trova il problema? In quale file?

Inviato: **ven nov 13, 2009 11:04 pm**

Amantide ha scritto:Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.

ComboFix 09-11-13.06 - Luca 13/11/2009 22.36.12.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.431 [GMT 1:00]
Eseguito da: c:\documents and settings\Luca\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Spy Emergency *disabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
* Resident AV is active

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3392081087-731342001-2151582609-1000
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
c:\documents and settings\Luca\Dati applicazioni\inst.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\Drivers\bmhdxiivwkko.sys
c:\windows\system32\Drivers\cdnybnjapqui.sys
c:\windows\system32\kungsflmulqvkv.dat

----- BITS: Possibili siti infetti -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P
-------\Legacy_CLBDRIVER
-------\Legacy_kungsfeyrvkklv
-------\Service_kungsfeyrvkklv
-------\Legacy_bmhdxiivwkko
-------\Legacy_cdnybnjapqui
-------\Service_bmhdxiivwkko
-------\Service_cdnybnjapqui

((((((((((((((((((((((((( Files Creati Da 2009-10-13 al 2009-11-13 )))))))))))))))))))))))))))))))))))
.

2009-11-13 21:14 . 2009-08-02 15:49 3036024 ----a-w- c:\documents and settings\Luca\Dati applicazioni\Simply Super Software\Trojan Remover\lnvF43.exe
2009-11-12 21:27 . 2009-11-12 21:30 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\Spy Emergency
2009-11-12 21:26 . 2009-09-17 07:58 18232 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2009-11-12 21:26 . 2009-09-17 07:58 14392 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2009-11-12 21:26 . 2009-09-17 07:58 12344 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2009-11-12 21:26 . 2009-11-12 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NETGATE
2009-11-12 21:26 . 2009-11-12 21:26 -------- d-----w- c:\programmi\NETGATE
2009-11-12 20:32 . 2009-11-12 20:32 -------- d-----w- c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\MCS Studios
2009-11-12 20:31 . 2009-11-12 20:31 -------- d-----w- c:\programmi\MCS Studios
2009-11-11 20:13 . 2009-11-13 05:46 -------- d-----w- c:\programmi\Exterminate It!
2009-11-09 21:40 . 2008-04-14 02:13 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-11-09 21:40 . 2001-08-30 22:08 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-09 21:40 . 2008-04-14 02:13 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-11-09 21:40 . 2001-08-30 22:08 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-09 21:40 . 2001-08-30 22:08 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-09 21:40 . 2001-08-30 22:08 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-09 21:39 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-09 21:39 . 2004-08-03 20:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-11-09 21:39 . 2004-08-03 20:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-11-09 21:39 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-11-09 21:39 . 2004-08-03 20:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-11-09 21:39 . 2001-08-30 19:46 35402 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-11-09 21:37 . 2001-08-17 19:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2009-11-09 21:36 . 2008-04-13 18:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2009-11-09 21:35 . 2001-08-30 19:10 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2009-11-09 21:34 . 2001-08-17 21:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2009-11-09 21:33 . 2001-08-31 10:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2009-11-09 21:32 . 2001-08-31 10:00 25088 -c--a-w- c:\windows\system32\dllcache\sm59w.dll
2009-11-09 21:31 . 2008-04-13 18:45 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-11-09 21:30 . 2001-08-17 19:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2009-11-09 21:29 . 2001-08-17 20:52 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2009-11-09 21:28 . 2008-04-14 02:12 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2009-11-09 21:27 . 2001-08-30 22:08 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2009-11-09 21:26 . 2001-08-17 20:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-11-09 21:25 . 2001-08-30 20:11 130048 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2009-11-09 21:25 . 2001-08-30 20:11 53279 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2009-11-09 21:25 . 2001-08-30 20:11 76544 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2009-11-09 21:25 . 2001-08-30 22:07 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2009-11-09 21:25 . 2001-08-17 20:49 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2009-11-09 21:25 . 2001-08-30 22:07 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2009-11-09 21:25 . 2001-08-30 20:11 22144 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2009-11-09 21:25 . 2001-08-31 10:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2009-11-09 21:25 . 2001-08-17 19:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2009-11-09 21:25 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2009-11-09 21:25 . 2001-08-17 20:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2009-11-09 21:24 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2009-11-09 21:24 . 2001-08-31 10:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-11-09 21:24 . 2001-08-17 21:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-11-09 21:24 . 2001-08-17 20:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-11-09 21:24 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-11-09 21:24 . 2001-08-17 20:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-11-09 21:24 . 2001-08-30 19:41 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-09 21:24 . 2001-08-17 20:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-11-09 21:22 . 2001-08-17 19:49 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2009-11-09 21:21 . 2001-08-30 22:07 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2009-11-09 21:20 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-11-09 21:20 . 2001-08-31 10:00 6144 -c--a-w- c:\windows\system32\dllcache\kbd101a.dll
2009-11-09 21:20 . 2001-08-31 10:00 18432 -c--a-w- c:\windows\system32\dllcache\jupiw.dll
2009-11-09 21:20 . 2001-08-31 10:00 9216 -c--a-w- c:\windows\system32\dllcache\iwrps.dll
2009-11-09 21:20 . 2001-08-31 10:00 7168 -c--a-w- c:\windows\system32\dllcache\isapips.dll
2009-11-09 21:20 . 2001-08-17 20:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-11-09 21:20 . 2001-08-17 20:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2009-11-09 21:20 . 2001-08-17 19:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2009-11-09 21:20 . 2001-08-30 22:07 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2009-11-09 21:20 . 2001-08-17 20:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2009-11-09 21:20 . 2008-04-14 01:52 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2009-11-09 21:20 . 2001-08-30 18:43 13568 -c--a-w- c:\windows\system32\dllcache\inport.sys
2009-11-09 21:20 . 2001-08-17 20:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2009-11-09 21:19 . 2001-08-31 10:00 9216 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll
2009-11-09 21:19 . 2001-08-31 10:00 471102 -c--a-w- c:\windows\system32\dllcache\imskdic.dll
2009-11-09 21:19 . 2001-08-31 10:00 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2009-11-09 21:19 . 2001-08-31 10:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2009-11-09 21:19 . 2001-08-31 10:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2009-11-09 21:19 . 2001-08-31 10:00 311359 -c--a-w- c:\windows\system32\dllcache\imepadsv.exe
2009-11-09 21:19 . 2001-08-31 10:00 102463 -c--a-w- c:\windows\system32\dllcache\imepadsm.dll
2009-11-09 21:19 . 2001-08-31 10:00 44032 -c--a-w- c:\windows\system32\dllcache\imekrmig.exe
2009-11-09 21:18 . 2001-08-31 10:00 6656 -c--a-w- c:\windows\system32\dllcache\iissync.exe
2009-11-09 21:18 . 2001-08-31 10:00 3584 -c--a-w- c:\windows\system32\dllcache\iismui.dll
2009-11-09 21:18 . 2001-08-31 10:00 60928 -c--a-w- c:\windows\system32\dllcache\iisclex4.dll
2009-11-09 21:18 . 2001-08-31 10:00 19456 -c--a-w- c:\windows\system32\dllcache\iiscrmap.dll
2009-11-09 21:18 . 2001-08-30 22:07 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-11-09 21:18 . 2001-08-17 21:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2009-11-09 21:18 . 2001-08-30 22:07 20992 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2009-11-09 21:18 . 2001-08-30 22:07 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2009-11-09 21:18 . 2001-08-17 21:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2009-11-09 21:18 . 2001-08-30 22:07 63488 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2009-11-09 21:18 . 2001-08-30 22:07 92160 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2009-11-09 21:18 . 2001-08-30 22:07 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2009-11-09 21:16 . 2001-08-17 20:28 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2009-11-09 21:15 . 2008-04-13 18:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2009-11-09 21:14 . 2001-08-17 19:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2009-11-09 21:13 . 2001-08-30 20:53 629952 -c--a-w- c:\windows\system32\dllcache\eqn.sys
2009-11-09 21:12 . 2001-08-17 19:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2009-11-09 21:11 . 2001-08-30 22:07 159828 -c--a-w- c:\windows\system32\dllcache\digihlc.dll
2009-11-09 21:10 . 2001-08-17 19:19 111872 -c--a-w- c:\windows\system32\dllcache\cwcspud.sys
2009-11-09 21:09 . 2001-08-17 20:57 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2009-11-09 21:08 . 2001-08-31 10:00 54528 -c--a-w- c:\windows\system32\dllcache\cap7146.sys
2009-11-09 21:08 . 2008-04-14 02:13 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2009-11-09 21:08 . 2001-08-30 22:07 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2009-11-09 21:08 . 2001-08-30 22:07 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2009-11-09 21:08 . 2001-08-17 21:04 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2009-11-09 21:08 . 2001-08-17 21:04 223232 -c--a-w- c:\windows\system32\dllcache\camdrv21.sys
2009-11-09 21:08 . 2001-08-17 21:05 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2009-11-09 21:08 . 2001-08-31 10:00 10752 -c--a-w- c:\windows\system32\dllcache\c_iscii.dll
2009-11-09 21:08 . 2001-08-31 10:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2009-11-09 21:06 . 2001-08-30 22:07 102912 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2009-11-09 21:05 . 2001-08-30 18:59 281728 -c--a-w- c:\windows\system32\dllcache\atimtai.sys
2009-11-09 21:04 . 2001-08-31 10:00 50176 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2009-11-09 21:03 . 2001-08-30 22:07 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-11-09 21:03 . 2001-08-31 10:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-11-09 21:03 . 2001-08-31 10:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-11-09 21:03 . 2001-08-31 10:00 171520 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2009-11-09 21:03 . 2001-08-31 10:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-11-09 21:03 . 2001-08-31 10:00 15360 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2009-11-09 21:03 . 2001-08-31 10:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-11-09 20:12 . 1998-06-13 21:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
2009-11-09 20:12 . 2009-11-09 22:38 -------- d-----w- c:\programmi\Gargaroz
2009-11-07 15:31 . 2009-11-07 15:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-11-07 15:31 . 2009-11-07 15:31 -------- d-----w- c:\programmi\NOS
2009-11-07 15:31 . 2009-09-23 15:37 34112 ----a-w- c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\5yf8awju.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-11-07 15:31 . 2009-09-23 15:37 32448 ----a-w- c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\5yf8awju.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-07 15:30 . 2009-09-23 15:37 22352 ----a-w- c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\5yf8awju.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 22:03 . 2008-09-11 22:46 1270894 ----a-w- c:\windows\system32\drivers\RemoveAny.log
2009-11-13 22:00 . 2001-08-31 10:00 491796 ----a-w- c:\windows\system32\perfh010.dat
2009-11-13 22:00 . 2001-08-31 10:00 85110 ----a-w- c:\windows\system32\perfc010.dat
2009-11-13 21:55 . 2008-02-17 17:44 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-12 21:43 . 2008-04-25 13:35 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\uTorrent
2009-11-09 22:32 . 2008-06-21 12:43 2 --shatr- c:\windows\winstart.bat
2009-11-08 20:25 . 2008-04-14 20:46 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\Free Download Manager
2009-11-08 16:38 . 2008-03-11 20:44 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\XnView
2009-11-08 16:05 . 2008-01-16 22:50 -------- d-----w- c:\programmi\Lexmark X1100 Series
2009-11-01 11:59 . 2009-01-29 21:49 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-26 19:36 . 2005-03-02 17:38 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\gtk-2.0
2009-10-11 13:40 . 2008-03-23 17:47 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\dvdcss
2009-10-02 09:01 . 2008-02-17 21:17 25198016 ----a-w- c:\windows\system32\MRT.exe.vir
2009-10-01 22:18 . 2008-04-21 21:29 -------- d-----w- c:\programmi\Windows Live
2009-10-01 22:03 . 2009-10-01 22:03 -------- d-----w- c:\programmi\Microsoft
2009-10-01 22:02 . 2009-10-01 22:02 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-10-01 21:35 . 2009-10-01 21:35 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-09-27 15:59 . 2009-09-27 15:59 -------- d-----w- c:\programmi\Time Stopper
2009-09-26 10:15 . 2009-09-26 10:15 -------- d-----w- c:\programmi\DataGuard
2009-09-25 12:21 . 2009-09-25 12:21 -------- d-----w- c:\programmi\Folderico
2009-09-11 14:17 . 2004-08-19 12:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 05:57 . 2008-09-13 07:07 4045528 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-10 12:54 . 2008-09-09 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-09-09 23:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-19 12:39 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2004-08-19 12:39 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-19 12:39 247326 ----a-w- c:\windows\system32\strmdll.dll
2004-05-07 13:31 . 2008-04-13 14:47 348160 ----a-w- c:\programmi\mozilla firefox\components\MSVCR71.DLL
2006-11-07 10:58 . 2008-04-13 14:47 139264 ----a-w- c:\programmi\mozilla firefox\components\SABFF20.DLL
2008-08-16 14:14 . 2008-08-16 14:14 48 --sha-w- c:\windows\SCECF0C61.tmp
2006-05-03 10:06 . 2008-01-20 17:23 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-01-20 17:23 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 . 2008-02-25 22:40 27648 --sh--w- c:\windows\system32\Smab0.dll
2008-02-04 19:26 . 2008-02-25 22:40 151040 --sh--w- c:\windows\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-11 02:06 . 2007-10-10 18:51 39792 c:\programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

2008-02-05 19:04 . 2006-11-23 14:10 56928 c:\programmi\CyberLink\PowerDVD\bak\PDVDServ.exe

2008-02-05 19:05 . 2006-12-05 21:55 54832 c:\programmi\CyberLink\PowerDVD\Language\bak\Language.exe

2008-01-20 18:11 . 2003-06-12 08:44 49152 c:\programmi\Digital Video Duplicator\bak\BVRPOlr.exe

2005-06-07 10:31 . 2005-06-07 10:31 819712 c:\programmi\File comuni\PCSuite\DataLayer\bak\DataLayer.exe

2008-01-22 23:02 . 2008-01-22 23:02 77824 c:\programmi\Java\jre1.6.0\bin\bak\jusched.exe

2008-01-20 17:15 . 2008-01-20 17:15 180269 c:\programmi\K-Lite Codec Pack\Real\Update_OB\bak\realsched.exe

2008-01-16 22:50 . 2003-08-19 15:01 57344 c:\programmi\Lexmark X1100 Series\bak\lxbkbmgr.exe
2008-01-16 22:50 . 2003-08-19 15:01 57344 c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe

2004-08-19 12:39 . 2004-08-19 12:39 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-19 12:39 . 2008-04-14 02:14 15360 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="d:\clocx\ClocX.exe" [2007-07-26 270336]
"Lexmark X1100 Series"="c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"SpyEmergency"="c:\programmi\NETGATE\Spy Emergency\SpyEmergency.exe" [2009-10-19 1948216]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2009-02-17 949376]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"Cmaudio"="cmicnfg.cpl" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a ObjectDock.lnk - d:\stardock\ObjectDock\ObjectDock.exe [2008-1-20 3450608]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Digisoft AntiDialer.lnk - d:\digisoft antidialer\AntiDialer.exe [2003-8-19 730112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\PPLive\\PPLive.exe"=
"d:\\TVAnts\\Tvants.exe"=
"d:\\SopCast\\adv\\SopAdver.exe"=
"d:\\SopCast\\SopCast.exe"=
"d:\\TVUPlayer\\TVUPlayer.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\WebMediaPlayer\\WebMediaPlayer.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"d:\\utorrent\\utorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Smart PC Solutions\\1-2-3 Spyware Free\\SpywareFree.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"d:\\eMule\\Emulev0.49\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Luca\\Documenti\\LUCA\\SCUOLA 2008-2009\\INFORMATICA\\ES SCUOLA LINGUAGGIO HTML E ASP\\02 - ASP\\Baby_Web_Server\\babyweb.exe"=
"d:\\GIOCHI\\Briscola\\BriscolaChiamata.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Luca\\Documenti\\LUCA\\SCUOLA 2008-2009\\INFORMATICA\\ES SCUOLA LINGUAGGIO HTML E ASP\\02 - ASP\\Negozio on line\\Baby_Web_Server\\babyweb.exe"=
"d:\\Lphant\\eLePhantClient.exe"=
"c:\\Programmi\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Luca\\Impostazioni locali\\Dati applicazioni\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\eMule\\eMule0.49c-ScarAngel_v3.2-bin\\emule.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [23/04/2008 21.11.37 16855]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 16.11.18 35328]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17/02/2009 21.18.01 15424]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [27/11/2008 23.15.30 160792]
R1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [31/07/2008 9.54.24 11008]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [12/11/2009 22.26.59 12344]
R2 DataGuardService;Data Guard Service;c:\windows\system32\dataguard.sys [26/09/2009 11.15.21 48640]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\programmi\File comuni\BinarySense\hldasvc.exe [15/02/2008 14.17.00 832760]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\programmi\NETGATE\Spy Emergency\SpyEmergencySrv.exe [12/11/2009 22.26.58 1817144]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [23/04/2008 21.11.37 21808]
R3 BDA_Capture_220A;Digital-TV receiver Driver 1.0.1.3;c:\windows\system32\drivers\BDA_Capture_220A.sys [02/01/2006 4.41.31 14080]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [26/09/2008 21.15.10 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [26/09/2008 21.15.10 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [26/09/2008 21.15.09 108675]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/09/2008 0.46.13 19160]
R3 SbieDrv;SbieDrv;d:\sandboxie\SbieDrv.sys [15/11/2008 18.29.10 102912]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [12/11/2009 22.26.59 14392]
S1 gwxauoia;gwxauoia;\??\c:\windows\system32\drivers\gwxauoia.sys -->

c:\windows\system32\drivers\gwxauoia.sys [?]

S1 SABKUTIL;SABKUTIL; [x]
S2 MBAMDrvService;MBAMDrvService;c:\windows\system32\drivers\mbam.sys [10/09/2008 0.46.13 19160]
S2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" -->

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [?]

S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [16/04/2008 22.42.12 8192]
S3 1d610;1d610;\??\c:\windows\system32\1d610.sys -->

c:\windows\system32\1d610.sys [?]

S3 Aku08;Aku08; [x]
S3 BDA_Loader_220A;Digital-TV Receiver Firmware Loader 5.12.26.0;c:\windows\system32\drivers\BDA_Loader_220A.sys [02/01/2006 4.41.31 15744]
S3 Bll43;Bll43; [x]
S3 Bsl28;Bsl28; [x]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [27/01/2008 19.20.09 228352]
S3 CachemanXPService;CachemanXP;d:\progra~1\CACHEM~1\CachemanXP.exe [01/02/2009 15.16.06 355840]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\drivers\CnxTgNW.sys [16/01/2008 23.43.46 56832]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [19/08/2004 13.39.46 14336]
S3 GK;GK;c:\docume~1\Luca\IMPOST~1\Temp\GK.exe -->

c:\docume~1\Luca\IMPOST~1\Temp\GK.exe [?]

S3 Gqq28;Gqq28; [x]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\58.tmp -->

c:\windows\system32\58.tmp [?]

S3 Ndv32;Ndv32; [x]
S3 PFQ;PFQ;c:\docume~1\Luca\IMPOST~1\Temp\PFQ.exe -->

c:\docume~1\Luca\IMPOST~1\Temp\PFQ.exe [?]

S3 Sbx85;Sbx85; [x]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [25/01/2009 16.46.11 356920]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [12/11/2009 22.26.59 18232]
S3 Wmy21;Wmy21; [x]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1677128483-725345543-1003Core.job
- c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 21:05]

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1677128483-725345543-1003UA.job
- c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 21:05]

2009-11-05 c:\windows\Tasks\NeroLiveEpgUpdate-LUCA-PC1_Luca.job
- c:\programmi\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 08:59]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{8A06B909-5DF8-4862-9397-49F3AEB9D7F4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = http://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
LSP: c:\windows\system32\imon.dll
LSP: c:\programmi\File comuni\PC Tools\LSP\PCTLsp.dll
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\programmi\File comuni\BinarySense\hlAPP.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\5yf8awju.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Mozilla Firefox\components\SABFF20.DLL
FF - plugin: c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\5yf8awju.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\5yf8awju.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-AudioEdit Deluxe - c:\documents and settings\All Users\Dati applicazioni\{F481FC18-57D5-4479-B2FB-083BFF223F8F}\setup_aed.exe
AddRemove-Shock Aero 3D v0.97 - c:\windows\IFinst27.exe
AddRemove-{2E1DE390-879C-4291-9B68-DA032D2CC98E} - c:\documents and settings\All Users\Dati applicazioni\{F481FC18-57D5-4479-B2FB-083BFF223F8F}\setup_aed.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 22:57
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc23.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\58.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1677128483-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1C9927C-6DC7-2D03-8CF7-B813C777FFA1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iapecalndikakiefmb"=hex:6a,61,6c,64,65,63,65,6a,66,64,70,6c,61,6b,61,6d,6c,66,
6a,6e,00,f0
"haffojcinpikgfjb"=hex:69,61,6f,62,6f,64,6e,66,66,6e,68,6b,69,62,70,6b,6d,65,
00,00

[HKEY_USERS\S-1-5-21-1060284298-1677128483-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d6,61,89,e0,8d,06,c4,7b,51,66,4a,d5,19,51,ac,c1,e3,c9,52,fe,6e,74,03,
e9,15,36,e1,43,2f,0c,1d,03,a2,5c,65,ae,8d,52,07,a9,27,a0,94,09,34,5b,12,16,\
"??"=hex:52,86,53,a4,b4,eb,c2,b2,b3,b1,68,21,8e,ec,92,50

[HKEY_USERS\S-1-5-21-1060284298-1677128483-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:41,56,b8,a0,fc,a5,8a,a5,0c,32,f8,5c,86,6e,7f,b0,d3,df,c7,80,50,
6b,0f,14,94,0f,7c,72,ee,c4,55,8a,cc,c8,8d,26,37,05,f9,6a,37,6a,01,3e,d7,5f,\
"rkeysecu"=hex:d6,b3,c3,0e,65,a5,4a,a0,7b,46,00,ee,7f,ad,b4,5b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1C9927C-6DC7-2D03-8CF7-B813C777FFA1}\InProcServer32*]
"fajoidolbcgi"=hex:61,62,6b,64,6a,6e,6a,65,68,6e,65,67,64,68,6c,6b,70,67,62,67,
6f,6f,69,6c,68,6c,6f,67,6e,63,66,61,6a,63,00,35
"najooomdckhplmlbppiglpcnkamg"=hex:64,62,6b,66,6e,6a,6a,6b,6f,6b,63,62,69,61,
6f,63,6a,62,70,62,6d,67,69,68,6c,66,67,67,6e,6b,6b,68,67,70,70,67,64,67,70,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(536)
c:\windows\system32\WININET.dll
d:\stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Microsoft Office\OFFICE11\msohev.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\programmi\Lexmark X1100 Series\lxbkbmon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\programmi\Eset\nod32krn.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
d:\sandboxie\SbieSvc.exe
c:\programmi\Spyware Doctor\sdhelp.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-11-13 23:09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-13 22:09

Pre-Run: 31.516.123.136 byte disponibili
Post-Run: 31.355.428.864 byte disponibili

- - End Of File - - 4928F3F1E0174F22DEC8DDF763E95B45

Inviato: **ven nov 13, 2009 11:24 pm**

Un po' di robaccia è stata rimossa, hai provato a riavviare il pc e controllare la connessione?

Siccome si vedono ancora alcuni servizi sospetti, ti consiglio di eseguire anche la scansione con Kaspersky Virus Removal Tool.

MegaLab.it

NON RIESCO A NAVIGARE

NON RIESCO A NAVIGARE

Re: NON RIESCO A NAVIGARE

Re: NON RIESCO A NAVIGARE

Re: NON RIESCO A NAVIGARE

Re: NON RIESCO A NAVIGARE

Re: NON RIESCO A NAVIGARE

Re: NON RIESCO A NAVIGARE

Re: NON RIESCO A NAVIGARE

Re: NON RIESCO A NAVIGARE

Re: NON RIESCO A NAVIGARE

Re: NON RIESCO A NAVIGARE