www.MegaLab.it

[city hunter]

Salve ho il pc infetto e non riesco a navigare in internet ho fatto una passata con Malwarebytes' Anti-Malware e ha rimosso qualcosa ma non ancora è perfetto vi posto il log di hijackthis.Grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.08.29, on 05/09/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\Programmi\AstoundStereo\aseproc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\XMS7\XMS7.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Programmi\Thunderbird-Tray\TBTray.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\iPod\bin\iPodService.exe
c:\programmi\avira\antivir desktop\avcenter.exe
c:\programmi\avira\antivir desktop\avscan.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Programmi\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Programmi\PHPNukeIT\tbPHPN.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Programmi\PHPNukeIT\tbPHPN.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ASE Audio Processor] C:\Programmi\AstoundStereo\aseproc.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [XMS7 StartUp] C:\Programmi\XMS7\XMS7.exe -min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [GM4IE] C:\Programmi\SocialPlus\gm4ie.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: TB-Tray.lnk = C:\Programmi\Thunderbird-Tray\TBTray.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Conviva LivePass) -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9A9D5C0-146D-48B6-B491-6D183DD56669}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12195 bytes

[stevens]

ciao

nel log c'e' qualche voce da eliminare ma niente di proccupante

cosa ti provoca questo rallentamento potrebbe essere anche un rootkit o chissa' cosa

scarica combofix sul desktop

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione allega il rapporto C:\ComboFix.txt nella tua risposta.

come usare correttamente combofix

[city hunter]

questo il log di combofix

ComboFix 10-09-04.06 - valerio 1 05/09/2010 20.32.50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1022.532 [GMT 2:00]
Eseguito da: c:\documents and settings\valerio 1\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\valerio 1\.COMMgr
c:\documents and settings\valerio 1\Impostazioni locali\Dati applicazioni\Windows Server
c:\documents and settings\valerio 1\Impostazioni locali\Dati applicazioni\Windows Server\admin.txt
c:\documents and settings\valerio 1\Impostazioni locali\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\valerio 1\Impostazioni locali\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\valerio 1\Impostazioni locali\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\valerio 1\Impostazioni locali\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\valerio 1\Impostazioni locali\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\valerio 1\Impostazioni locali\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
c:\documents and settings\valerio 1\Impostazioni locali\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe
c:\documents and settings\valerio 1\Recent\Thumbs.db
C:\LOGA.tmp
c:\programmi\Search Settings
c:\programmi\Search Settings\FF\chrome.manifest
c:\programmi\Search Settings\FF\chrome\content\plugin.js
c:\programmi\Search Settings\FF\chrome\content\plugin.xul
c:\programmi\Search Settings\FF\chrome\content\protection.js
c:\programmi\Search Settings\FF\chrome\content\utils.js
c:\programmi\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\programmi\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\programmi\Search Settings\FF\components\IFBHOSearch.xpt
c:\programmi\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\programmi\Search Settings\FF\components\IFHelperPreferences.xpt
c:\programmi\Search Settings\FF\components\SearchSettingsFF.dll
c:\programmi\Search Settings\FF\install.rdf
c:\programmi\Search Settings\SearchSettings.exe
c:\programmi\Search Settings\SearchSettingsRes409.dll
c:\windows\system32\vbzlib1.dll
D:\AUTORUN.INF

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE


((((((((((((((((((((((((( Files Creati Da 2010-08-05 al 2010-09-05 )))))))))))))))))))))))))))))))))))
.

2010-09-05 17:41 . 2010-09-05 17:41 -------- d-----w- c:\programmi\Trend Micro
2010-09-05 13:28 . 2010-09-05 13:28 -------- d-----w- c:\documents and settings\valerio 1\Dati applicazioni\Malwarebytes
2010-09-05 13:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-05 13:24 . 2010-09-05 13:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-09-05 13:24 . 2010-09-05 13:25 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-09-05 13:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-05 08:46 . 2010-09-05 08:46 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-05 04:10 . 2010-09-05 17:22 -------- d-----w- c:\documents and settings\valerio 1\Impostazioni locali\Dati applicazioni\ssovlmjaf
2010-09-05 04:10 . 2010-09-05 17:22 -------- d-----w- c:\documents and settings\valerio 1\Dati applicazioni\ssovlmjaf
2010-09-05 04:09 . 2010-09-05 18:26 -------- d-----w- c:\documents and settings\valerio 1\Dati applicazioni\79847EC679A687A2F7F8A547396610DD
2010-09-05 04:00 . 2010-09-05 17:36 -------- d-----w- c:\programmi\Veoh_Web_Player
2010-09-04 13:09 . 2010-09-04 13:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2010-09-04 13:09 . 2010-09-04 13:09 -------- d-----w- c:\programmi\NCH Swift Sound
2010-09-04 13:08 . 2010-09-04 16:20 -------- d-----w- c:\documents and settings\valerio 1\Impostazioni locali\Dati applicazioni\Conduit
2010-09-04 13:08 . 2010-09-04 13:08 -------- d-----w- c:\programmi\Conduit
2010-09-04 13:08 . 2010-09-04 16:20 -------- d-----w- c:\documents and settings\valerio 1\Impostazioni locali\Dati applicazioni\PHPNukeIT
2010-09-04 13:08 . 2010-09-04 13:08 -------- d-----w- c:\programmi\PHPNukeIT
2010-08-25 11:20 . 2010-08-25 11:20 -------- d-----w- c:\programmi\Tunatic
2010-08-14 19:24 . 2010-08-14 19:24 -------- d-----w- c:\programmi\Haali
2010-08-14 19:24 . 2010-08-14 19:24 -------- d-----w- c:\programmi\AviSynth 2.5
2010-08-14 19:24 . 2010-08-14 19:24 -------- d-----w- c:\programmi\File comuni\SourceTec
2010-08-14 19:24 . 2009-08-17 07:54 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-08-14 19:24 . 2010-08-14 19:24 -------- d-----w- c:\programmi\SourceTec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 18:49 . 2009-10-24 01:14 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-09-05 18:49 . 2010-02-28 23:37 -------- d-----w- c:\documents and settings\valerio 1\Dati applicazioni\AstoundStereoExpander
2010-09-05 18:48 . 2010-02-28 23:37 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-09-05 17:34 . 2009-03-28 03:09 -------- d-----w- c:\programmi\Veoh Networks
2010-09-05 08:30 . 2010-09-05 08:45 263034 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1040.dat
2010-08-20 09:56 . 2010-08-20 09:56 52224 ----a-w- c:\documents and settings\valerio 1\Dati applicazioni\Mozilla\Firefox\Profiles\nbkbzb4w.default\extensions\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}\components\FFExternalAlert.dll
2010-08-20 09:56 . 2010-08-20 09:56 101376 ----a-w- c:\documents and settings\valerio 1\Dati applicazioni\Mozilla\Firefox\Profiles\nbkbzb4w.default\extensions\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}\components\RadioWMPCore.dll
2010-08-06 05:52 . 2010-08-06 05:52 58352 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-06 05:48 . 2009-06-28 10:49 -------- d-----w- c:\documents and settings\valerio 1\Dati applicazioni\Apple Computer
2010-08-06 05:42 . 2010-08-03 00:37 -------- d-----w- c:\programmi\AVS4YOU
2010-08-06 02:14 . 2010-08-06 02:12 -------- d-----w- c:\programmi\iTunes
2010-08-06 02:14 . 2010-08-06 02:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-06 02:13 . 2010-08-06 02:13 -------- d-----w- c:\programmi\iPod
2010-08-06 02:12 . 2010-08-06 02:06 -------- d-----w- c:\programmi\File comuni\Apple
2010-08-06 02:12 . 2010-08-06 02:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-08-06 02:11 . 2010-08-06 02:10 -------- d-----w- c:\programmi\QuickTime
2010-08-06 02:09 . 2010-08-06 02:09 -------- d-----w- c:\programmi\Apple Software Update
2010-08-06 02:07 . 2010-08-06 02:06 -------- d-----w- c:\programmi\Bonjour
2010-08-06 01:37 . 2010-08-06 01:37 -------- d-----w- c:\programmi\Convert AVI to MP4
2010-08-03 15:17 . 2001-08-31 15:00 88722 ----a-w- c:\windows\system32\perfc010.dat
2010-08-03 15:17 . 2001-08-31 15:00 500830 ----a-w- c:\windows\system32\perfh010.dat
2010-08-03 14:57 . 2010-08-03 14:54 -------- d-----w- c:\programmi\Avidemux 2.4
2010-08-03 14:56 . 2010-08-03 14:56 -------- d-----w- c:\documents and settings\valerio 1\Dati applicazioni\gtk-2.0
2010-08-03 00:39 . 2010-08-03 00:39 -------- d-----w- c:\documents and settings\valerio 1\Dati applicazioni\AVS4YOU
2010-08-03 00:39 . 2010-08-03 00:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2010-08-03 00:38 . 2009-04-15 12:29 -------- d-----w- c:\programmi\File comuni\AVSMedia
2010-07-25 13:41 . 2010-07-21 06:04 8907281 ----a-w- c:\documents and settings\valerio 1\Dati applicazioni\AstoundStereoExpander\update.exe
2010-07-22 00:03 . 2010-07-22 00:03 -------- d-----w- c:\programmi\DsNET Corp
2010-07-19 01:48 . 2010-06-24 23:12 -------- d-----w- c:\programmi\SocialPlus
2010-07-15 18:03 . 2010-07-15 18:03 295424 ----a-w- c:\windows\system32\bwmedia1.dll
2010-07-15 18:03 . 2010-07-15 18:03 150016 ----a-w- c:\windows\system32\bwmedia.dll
2010-07-15 18:03 . 2010-07-15 18:03 -------- d-----w- c:\programmi\MP3 Wave Converter
2010-07-09 08:42 . 2010-02-15 14:13 69222840 ----a-w- c:\documents and settings\valerio 1\Dati applicazioni\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-15 23:06 . 2010-06-15 21:53 1024 ----a-w- c:\windows\system32\pwdremover.dat
2010-06-15 18:01 . 2010-06-15 18:01 72504 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:31 . 2010-06-14 14:31 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-06-14 14:31 . 2010-06-14 14:31 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-06-14 14:31 . 2010-06-14 14:31 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-14 14:31 . 2010-06-14 14:31 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-06-14 14:31 . 2010-06-14 14:31 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-06-14 14:31 . 2010-06-14 14:31 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-06-14 14:30 . 2010-06-14 14:30 98366952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller.exe
2010-06-14 14:30 . 2009-03-25 04:11 743936 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
.

------- Sigcheck -------

[-] 2009-04-30 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2009-04-30 . 27A5959C94EE173A063CA06BD14F021A . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2009-04-30 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2006-04-20 . B8158E2A6112C0A5CA67BC158FC70218 . 340480 . . [5.1.2600.1831] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB917953_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
2010-06-13 17:10 2734688 ----a-w- c:\programmi\PHPNukeIT\tbPHPN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHPN.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}"= "c:\programmi\PHPNukeIT\tbPHPN.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 110592]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"LogitechVideo[inspector]"="c:\programmi\Acer\OrbiCam\InstallHelper.exe" [2006-07-20 23:15 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"ASE Audio Processor"="c:\programmi\AstoundStereo\aseproc.exe" [2009-06-09 5505024]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 88204]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"XMS7 StartUp"="c:\programmi\XMS7\XMS7.exe" [2008-07-23 103936]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
EPSON Status Monitor 3 Environment Check(3).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2001-6-25 128000]
TB-Tray.lnk - c:\programmi\Thunderbird-Tray\TBTray.exe [2005-11-8 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^valerio 1^Menu Avvio^Programmi^Esecuzione automatica^Collegamento a TBTray.lnk]
path=c:\documents and settings\valerio 1\Menu Avvio\Programmi\Esecuzione automatica\Collegamento a TBTray.lnk
backup=c:\windows\pss\Collegamento a TBTray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 16:41 45056 ----a-w- c:\programmi\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-11-11 19:40 1236992 -c--a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-19 22:39 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\programmi\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-03-25 13:18 68592 -c--a-w- c:\programmi\Google\Quick Search Box\qsb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
2006-07-13 05:30 57344 ----a-w- c:\programmi\Lexmark 1200 Series\lxczbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2006-07-20 23:08 331776 ----a-w- c:\programmi\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-07-20 22:57 237568 ----a-w- c:\programmi\File comuni\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-07-22 18:16 2331936 ----a-w- c:\programmi\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-24 19:17 385928 ----a-w- c:\programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-02-27 16:28 16005120 -c--a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-04-21 12:39 24264488 ----a-r- c:\programmi\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 04:19 148888 -c--a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-25 13:18 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\AstoundStereo\\astoundstereo.exe"=
"c:\\Programmi\\AstoundStereo\\aseproc.exe"=
"c:\\Programmi\\Google\\Google SketchUp 7\\SketchUp.exe"=
"c:\\Programmi\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [16/12/2009 18.38.20 375296]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [29/11/2009 21.41.35 8192]
R3 EuMusDesignVirtualAudioCableWdm_gna;GenAudio AstoundSound (WDM);c:\windows\system32\drivers\vacgnakd.sys [01/04/2009 2.13.40 47488]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [07/06/2007 19.16.28 18944]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [25/03/2009 7.17.09 1097728]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [04/03/2010 19.44.22 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [04/03/2010 19.44.23 8320]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [23/04/2007 17.28.56 10752]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/04/2009 15.48.35 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-09-04 c:\windows\Tasks\expressburnShakeIcon.job
- c:\programmi\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-04 13:09]

2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{4FB96EAC-EA7D-4BD2-BFC1-4FA8E031D916}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
TCP: {A9A9D5C0-146D-48B6-B491-6D183DD56669} = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
FF - ProfilePath - c:\documents and settings\valerio 1\Dati applicazioni\Mozilla\Firefox\Profiles\nbkbzb4w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PHPNukeIT Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT21025 ... hSource=13
FF - component: c:\documents and settings\valerio 1\Dati applicazioni\Mozilla\Firefox\Profiles\nbkbzb4w.default\extensions\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\valerio 1\Dati applicazioni\Mozilla\Firefox\Profiles\nbkbzb4w.default\extensions\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}\components\RadioWMPCore.dll
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\windows\system32\Npindeo.dll
FF - plugin: c:\windows\system32\NPWPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- Associazioni dei file -------
.
.scr=AutoCADLTScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-Driver Updater - (no file)
HKCU-Run-GM4IE - c:\programmi\SocialPlus\gm4ie.exe
MSConfigStartUp-Alcmtr - ALCMTR.EXE
MSConfigStartUp-INPROCOMMWireless - c:\programmi\Atheros\Wireless\Utility\WlanUtil.exe
MSConfigStartUp-Vidalia - c:\programmi\Vidalia Bundle\Vidalia\vidalia.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 20:48
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1645522239-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1220945662-1645522239-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:18,35,62,b2,f8,6b,2e,28,b4,f5,72,7d,ae,cb,bb,52,84,e4,b5,3f,b7,
d8,3c,31,56,f2,79,54,c5,63,75,1c,b6,31,9b,80,9f,63,b6,dd,40,ff,dd,b0,c9,a7,\
"rkeysecu"=hex:bb,c6,0f,26,7f,46,68,cf,a4,ba,a6,88,61,09,64,8e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7528)
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WTClient.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WISPTIS.EXE
c:\windows\AGRSMMSG.exe
c:\programmi\Mozilla Thunderbird\thunderbird.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2010-09-05 20:56:00 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-09-05 18:55

Pre-Run: 1.575.239.680 byte disponibili
Post-Run: 4.042.166.272 byte disponibili

- - End Of File - - 3150B95585085A3AB8549C5AA2B7B0DF

[everi]

controlla il modem adsl usb...magari fa una nuova installazione dei driver

[stevens]

conosci questa cartella?

c:\documents and settings\valerio 1\Dati applicazioni\ssovlmjaf

[Berga95]

Fixa questa voce del log di hjt

Codice: Seleziona tutto

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092