www.MegaLab.it

[ivan92]

Stavo navigando in internet quando sono uscito da firefox il computer ha iniziato ad andare molto lento...fate conto che la freccia del mouse non si muoveva...vredo di essermi beccato qualcosa di grosso...comunque vi riascio il log di hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.06.44, on 05/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\CaledosLAB\Caledos Automatic Wallpaper Changer\CaledosWallpaper6.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Utente\Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AvkWebIE.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Caledos Wallpaper (startup).lnk = ?
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{035A7A39-03E6-4522-9147-59CAF8CF44C6}: NameServer = 85.37.17.6 85.38.28.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{035A7A39-03E6-4522-9147-59CAF8CF44C6}: NameServer = 85.37.17.6 85.38.28.89
O17 - HKLM\System\CS2\Services\Tcpip\..\{035A7A39-03E6-4522-9147-59CAF8CF44C6}: NameServer = 85.37.17.6 85.38.28.89
O20 - AppInit_DLLs: C:\WINDOWS\System32\APSHook.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Guardiano AntiVirus (AVKWCtl) - G Data Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G Data Backup Service - G Data Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: G Data Tuner Service - G Data Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: G Data Scanner (GDScan) - G DATA Software AG - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
O23 - Service: Servizio di Google Update (gupdate1c9a3f1bdcd0f3e) (gupdate1c9a3f1bdcd0f3e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 11924 bytes

[Max01]

Il log è pulito....vedo che utilizzi G-Data Total Care, probabilmente il motivo è questo, non so se il tuo computer lo regge.
Tra l'altro si vedono anche rimasugli di Norton, diverse toolbar che non so a cosa ti servono e un sacco di programmi in avvio.

[leofelix]

Ciao,
intanto ho notato che oltre al G-Data nel sistema ci sono tracce del Norton Internet Security, che immagino non sia stato disinstallato del tutto.
Due antivirus con protezione in tempo reale nello stesso sistema non aumentano la sicurezza, in compenso possono creare crash, rallentamenti, interazioni e falsi positivi.
Inoltre hai in esecuzione automatica moltissime voci, alcune certamente superflue (vedi Windows Live Messenger per esempio), senza contare le innumerevoli barrette perfettamente inutili di Yahoo e Windows Live per Internet Explorer (che io disinstallerei completamente)
Noto inoltre che hai installato anche PC Tools Spyware Doctor e A-squared free: entrambi installano servizi e voci in esecuzione automatica, senza contare che il PC tools Spyware Doctor non brilla certo per leggerezza..

Mentre arrivano i soccorsi dagli esperti di sicurezza di MegaLab, io ti suggerirei di verificare che il Norton sia completamente disinstallato, usando il Norton Removal tool

http://service1.symantec.com/Support/ts ... 3108162039

Quindi di riavviare, la RAM si dovrebbe liberare al riavvio come per magia e il sistema dovrebbe rispondere meglio.

[EDIT] ho appena notato che Max01 ha risposto in contemporanea traendo le mie stesse conclusioni o quasi, sorry:-)

[ivan92]

ok farò come mi hai detto...comunque io spywaredoctor e a-squared free chiudo sempre in modo che non mi utilizzino molta cpu...li utilizzo solo quando ci sono dei problemi...comunque ti ringrazio anticipatamente....ti farò sapere come va

[leofelix]

ok farò come mi hai detto...comunque io spywaredoctor e a-squared free chiudo sempre in modo che non mi utilizzino molta cpu...li utilizzo solo quando ci sono dei problemi...comunque ti ringrazio anticipatamente....ti farò sapere come va

prego, figurati.
Tieni presente che i servizi installati sia da a-squared free sia da PC tools Spyware Doctor rimangono attivi e in esecuzione anche se chiudi i programmi.

Quindi io se fossi in te, visto che hai già G-Data che ha bisogno di parecchie risorse ed è completissimo, rinuncerei o a Spyware Doctor (che per altro è anche scadente come rilevazione spyware/adware) o ad a-squared.

Intanto credo proprio sia cosa buona e giusta disinstallare ogni traccia del Norton dal sistema.
ciao

[ivan92]

ho fatto come mi hai detto ma il computer è ancora lento

[Roberto88]

fai pulizia con CCleaner (anche nella sessione Registro) e deframmenta, magari utilizzando SmartDefrag (con deframmentazione ed ottimizzazione) o MyDefrag
dopo o prima tutto ciò prova anche a fare per sicurezza una scansione con ComboFix

[ivan92]

ok grazie ti farò sapere

[ivan92]

questa è la scansione con combo fix:

ComboFix 09-09-20.01 - Utente 07/10/2009 14.02.32.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2046.1046 [GMT 2:00]
Eseguito da: c:\users\Utente\Desktop\ciao.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((( Files Creati Da 2009-09-07 al 2009-10-07 )))))))))))))))))))))))))))))))))))
.

2009-10-07 12:04 . 2009-10-07 12:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-07 12:04 . 2009-10-07 12:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-07 11:28 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-07 11:28 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-07 11:28 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-07 11:28 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-07 11:26 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-07 11:26 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-05 11:38 . 2009-08-05 20:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-10-02 17:04 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-25 16:44 . 2009-10-05 15:45 -------- d-----w- C:\emu8086
2009-09-09 11:41 . 2009-09-09 11:41 680 ----a-w- c:\users\Utente\AppData\Local\d3d9caps.dat
2009-09-09 09:54 . 2009-09-09 09:54 32200 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2009-09-09 09:29 . 2009-09-09 09:29 -------- d-----w- C:\#GDATA.Trash.Store#
2009-09-09 09:12 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 09:12 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 09:12 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 09:12 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 09:12 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 09:12 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 09:12 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 09:12 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 09:12 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 09:12 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 09:12 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 09:11 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 09:11 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 09:11 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 09:11 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 09:11 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 09:11 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 11:59 . 2009-02-26 15:03 1338865696 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-07 11:57 . 2009-03-25 17:56 -------- d-----w- c:\users\Utente\AppData\Roaming\Skype
2009-10-07 09:57 . 2008-10-29 15:42 89246 ----a-w- c:\programdata\nvModes.dat
2009-10-07 09:57 . 2009-04-12 09:53 -------- d-----w- c:\program files\a-squared Free
2009-10-06 20:05 . 2009-02-26 15:03 15655592 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-06 16:03 . 2008-09-02 08:12 -------- d-----w- c:\programdata\Google Updater
2009-10-06 12:57 . 2008-09-02 13:47 -------- d-----w- c:\program files\Yahoo!
2009-10-05 16:05 . 2007-07-20 10:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-05 15:49 . 2006-11-06 01:52 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-10-05 15:49 . 2006-11-06 01:52 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-10-05 14:56 . 2008-09-02 08:14 -------- d-----w- c:\program files\Spyware Doctor
2009-10-05 11:38 . 2008-09-02 08:19 -------- d-----w- c:\program files\Windows Live
2009-09-27 09:09 . 2009-01-31 13:30 -------- d-----w- c:\users\Utente\AppData\Roaming\FileZilla
2009-09-27 08:41 . 2007-07-20 11:18 -------- d-----w- c:\program files\Google
2009-09-25 17:03 . 2007-07-20 10:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 12:41 . 2008-09-28 18:08 -------- d-----w- c:\users\Utente\AppData\Roaming\Canon
2009-09-09 21:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 21:03 . 2008-09-08 15:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 12:11 . 2009-09-06 18:28 29128 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-09-09 11:58 . 2009-09-06 16:52 -------- d-----w- c:\programdata\G DATA
2009-09-09 09:55 . 2009-09-06 16:55 51656 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2009-09-09 09:54 . 2009-09-06 16:55 50632 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2009-09-09 09:53 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-09 09:53 . 2009-09-06 16:54 40392 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2009-09-09 09:52 . 2009-09-06 16:52 -------- d-----w- c:\program files\Common Files\G DATA
2009-09-09 09:49 . 2009-09-06 16:52 -------- d-----w- c:\program files\G DATA
2009-09-08 11:00 . 2009-07-16 20:07 -------- d-----w- c:\program files\GamersFirst
2009-09-08 08:08 . 2009-02-02 18:15 -------- d-----w- c:\program files\Opera
2009-09-06 16:42 . 2008-09-03 16:52 -------- d-----w- c:\programdata\McAfee
2009-09-02 09:08 . 2009-09-02 09:08 -------- d-----w- c:\program files\CaledosLAB
2009-08-29 19:52 . 2009-08-29 19:52 737280 ----a-w- c:\windows\iun6002.exe
2009-08-29 18:52 . 2008-09-01 09:10 88672 ----a-w- c:\users\Utente\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-29 18:37 . 2009-08-29 18:37 -------- d-----w- c:\program files\nwsp
2009-08-29 00:27 . 2009-09-02 19:42 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 19:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-17 11:44 . 2009-08-17 11:44 -------- d-----w- c:\program files\softendo.com
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 21:52 . 2009-07-29 12:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 12:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 12:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 12:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-16 16:52 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-16 16:52 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-16 16:52 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-16 16:52 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-16 16:52 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-10 11:31 . 2009-07-10 11:31 307056 ----a-w- c:\windows\WLXPGSS.SCR
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"GDFirewallTray"="c:\program files\G Data\TotalCare\Firewall\GDFirewallTray.exe" [2009-04-16 882352]
"G DATA AntiVirus Trayapplication"="c:\program files\G Data\TotalCare\AVKTray\AVKTray.exe" [2009-04-16 921160]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Caledos Wallpaper (startup).lnk - c:\users\Utente\AppData\Roaming\Microsoft\Installer\{04FEBC27-D0C2-408C-818F-232367CBF48E}\_B4DEF8A0EADF742B6C2287.exe [2009-9-2 82726]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Utente^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AutoLyrix.lnk]
path=c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoLyrix.lnk
backup=c:\windows\pss\AutoLyrix.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Utente^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):29,86,09,8a,1d,18,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9BA697B1-915C-4D61-A4FD-4A685A2B695F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{45E9392E-1E22-424B-A50C-E49D9433C510}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{8DECF182-E4F8-4A7F-91A5-872FFFE6A6C4}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{CB53E6C5-95DE-4EBE-81C7-D8022B21E053}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{018A8A45-657B-43C2-BD0F-AA78AB1ED596}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{ADDDF97D-1BB8-43AA-9A19-08C2C1AF7DD5}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{CB8CF604-16C7-47BC-A3B7-794083351E29}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{5A349D5F-7813-49B5-BBB9-F0F23A6E31D5}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{64CBA301-5FDA-4850-A29F-ED26F4FF4964}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BAFB88BA-5BFB-49BD-AE71-793AB59CC9D1}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{66B929BD-8124-44E9-8A5C-3E3752952FA0}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{A24CF1F3-9446-4041-88D0-5E8F23690881}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{D3863EFA-D539-4E33-A727-22399C01D96E}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{23412EA0-E5CC-492B-8B7E-C501076F464A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{EA44934B-1F47-4CC3-9FE1-FCBDCF3E0C50}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{813C92B2-705B-4000-868A-32CF2EB9F219}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6D872ACC-E90F-4DA4-A7CE-CD9466A03960}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{125AEC90-117F-462D-8545-D70D55144697}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{538E6507-533C-4E01-ACCD-B086623C956F}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{470D2922-CA8C-4095-A3F2-CE01712C155C}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{0EC91057-2450-440A-BD2B-95A2FCB4CA3E}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{2D671A28-E617-44EA-B06F-A5E86431F899}"= UDP:5353:Adobe CSI CS4
"{C47D72F7-101C-4927-A035-25029BD58D27}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{01EEF17A-8171-4886-92EB-65AB18F1E069}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{A16C5436-0A59-4B64-BD37-882349D183F0}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E3B184D8-AFE2-4DB9-BBE6-569ED0F175E2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{EFBA52DD-B1EC-41CA-A545-8F06E3434001}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{43250031-C85F-4093-85B6-546CE2E551B2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3621EBA8-CC68-47E6-A58F-644787825ABF}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{7506094A-1A1C-4E56-ACBF-16D553290EF8}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{A27D2B2B-DFE8-4B54-AF7C-103545C6E2FB}"= UDP:c:\program files\PoivY.com\PoivY\PoivY.exe:PoivY
"{39069A11-010F-4612-B237-246CD13DCB21}"= TCP:c:\program files\PoivY.com\PoivY\PoivY.exe:PoivY
"{5D76D96F-AC80-4149-A8A5-16B56CBAAE17}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{4854772B-D26A-4537-BA55-400389429150}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{BD8DA416-183B-4036-83DD-694858253D15}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{DF4742F0-5933-4C93-96A9-C21E19E3AF23}"= UDP:c:\users\Utente\AppData\Local\Temp\7zSA66C.tmp\SymNRT.exe:Norton Removal Tool
"{D84ED32E-576A-4F4F-882F-2FDA70BE7189}"= TCP:c:\users\Utente\AppData\Local\Temp\7zSA66C.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\xchat\\xchat.exe"= c:\program files\xchat\xchat.exe:*:Enabled:XChat IRC Client

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [30/06/2009 10.21.20 130936]
R1 gdwfpcd;G DATA WFP CD;c:\windows\System32\drivers\gdwfpcd32.sys [06/09/2009 18.54.09 40392]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\System32\drivers\GRD.sys [06/09/2009 20.28.52 29128]
R1 is-PDJFDdrv;is-PDJFDdrv;c:\windows\System32\drivers\10947585.sys [12/04/2009 20.00.37 148496]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [06/05/2009 18.09.14 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [06/05/2009 18.08.23 41424]
R2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe -k Cognizance [06/09/2008 13.43.48 21504]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [06/09/2008 13.43.48 21504]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [09/04/2009 12.55.44 1044552]
R2 AVKService;G Data Scheduler;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [09/04/2009 12.55.44 388168]
R2 AVKWCtl;Guardiano AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [25/02/2009 3.32.46 1206096]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [02/10/2008 17.42.24 482176]
R3 G Data Backup Service;G Data Backup Service;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [10/03/2009 4.24.50 852040]
R3 GDFwSvc;G Data Personal Firewall;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [10/03/2009 3.31.58 1416216]
R3 GDMnIcpt;GDMnIcpt;c:\windows\System32\drivers\MiniIcpt.sys [06/09/2009 18.55.48 50632]
R3 GDPkIcpt;GDPkIcpt;c:\windows\System32\drivers\PktIcpt.sys [06/09/2009 18.55.22 51656]
R3 GDScan;G Data Scanner;c:\program files\Common Files\G DATA\GDScan\GDScan.exe [10/03/2009 3.47.10 298568]
R3 HookCentre;HookCentre;c:\windows\System32\drivers\HookCentre.sys [09/09/2009 11.54.48 32200]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [27/04/2009 20.39.08 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [27/04/2009 20.39.08 87696]
S2 gupdate1c9a3f1bdcd0f3e;Servizio di Google Update (gupdate1c9a3f1bdcd0f3e);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2009 17.38.20 133104]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [19/04/2009 14.46.36 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [19/04/2009 14.46.36 3072]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [05/10/2009 13.38.42 54632]
S3 fsssvc;Servizio Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 G Data Tuner Service;G Data Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [25/02/2009 4.18.58 907336]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [30/06/2009 10.20.15 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-02 14:05]

2009-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 15:37]

2009-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 15:37]

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603610610-2782796317-2799079916-1000Core.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-18 18:20]

2009-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603610610-2782796317-2799079916-1000UA.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-18 18:20]
.
.
------- Scansione supplementare -------
.
uStart Page = www.google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\danhltyj.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Utente\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\danhltyj.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 14:04
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-603610610-2782796317-2799079916-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,64,30,fe,f1,06,01,11,21,97,24,99,60,47,25,c2,5b,7f,56,3f,a4,
6c,22,25,93,2c,4f,56,13,31,1c,e2,9d,df,6d,13,63,87,68,e4,41,2d,02,ad,7c,e1,\
"rkeysecu"=hex:7d,9a,36,f9,97,f7,5a,18,dd,82,e4,3e,61,55,92,01

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(732)
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(2812)
c:\windows\system32\APSHook.dll
c:\program files\G Data\TotalCare\Shredder\Reisswlf.dll
.
Ora fine scansione: 2009-10-07 14.07.54
ComboFix-quarantined-files.txt 2009-10-07 12:07
ComboFix2.txt 2009-09-23 16:56
ComboFix3.txt 2009-09-21 14:45
ComboFix4.txt 2009-08-31 15:52
ComboFix5.txt 2009-10-07 11:59

Pre-Run: 43.924.365.312 byte disponibili
Post-Run: 43.878.510.592 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
311 --- E O F --- 2009-10-06 17:02

[ivan92]

ho provato a fare una scansione con spywaredoctor visto che è l'unico che fin'ora mi ha trovato qualcosa e ho trovato uno spyware...ho fatto la scansione perche firefox era diventato lento e apriva finestre di pubblicità da solo.

[riise90]

ho fatto la scansione perche firefox era diventato lento...

Purtroppo non c'è niente di strano in questo.

...e apriva finestre di pubblicità da solo.

Mi sembra strano che se c' era qualcosa Combofix non l' abbia eliminato.

[ivan92]

riproverò con combofix

[riise90]

riproverò con combofix

Secondo me non è necessario. Io proverei con malwarebytes.

e apriva finestre di pubblicità da solo.

Ti succede con tutti i siti o con alcuni in particolare?